Bläddra i källkod

Merge pull request #192 from larryfox/cgit

Add git hosting
Luke Cyca 10 år sedan
förälder
incheckning
8a271d748d

+ 3
- 0
README.textile Visa fil

@@ -49,6 +49,7 @@ What do you get if you point this thing at a VPS? All kinds of good stuff!
49 49
 * SSH configuration preventing root login and insecure password authentication
50 50
 * "RFC6238":http://tools.ietf.org/html/rfc6238 two-factor authentication compatible with "Google Authenticator":http://en.wikipedia.org/wiki/Google_Authenticator and various hardware tokens
51 51
 * Nightly backups to "Tarsnap":https://www.tarsnap.com/.
52
+* Git hosting via "cgit":http://git.zx2c4.com/cgit/about/ and "gitolite":https://github.com/sitaramc/gitolite.
52 53
 * A bunch of nice-to-have tools like "mosh":http://mosh.mit.edu and "htop":http://htop.sourceforge.net that make life with a server a little easier.
53 54
 
54 55
 No setup is perfect, but the general idea is to provide a bunch of useful services while being reasonably secure and low-maintenance. Set it up, SSH in every couple weeks, but mostly forget about it.
@@ -146,6 +147,8 @@ bc. # znc --makepass
146 147
 
147 148
 Take the string beginning with @sha256#@ and insert it as the value for @irc_password_hash@.
148 149
 
150
+For git hosting, copy your public key into place. @cp ~/.ssh/id_rsa.pub roles/git/files/gitolite.pub@ or similar.
151
+
149 152
 h3. 5. Run the Ansible Playbooks
150 153
 
151 154
 First, make sure you've "got Ansible installed":http://docs.ansible.com/intro_installation.html#getting-ansible.

+ 176
- 0
roles/git/files/home_git_.gitolite.rc Visa fil

@@ -0,0 +1,176 @@
1
+# configuration variables for gitolite
2
+
3
+# This file is in perl syntax.  But you do NOT need to know perl to edit it --
4
+# just mind the commas, use single quotes unless you know what you're doing,
5
+# and make sure the brackets and braces stay matched up!
6
+
7
+# (Tip: perl allows a comma after the last item in a list also!)
8
+
9
+# HELP for commands can be had by running the command with "-h".
10
+
11
+# HELP for all the other FEATURES can be found in the documentation (look for
12
+# "list of non-core programs shipped with gitolite" in the master index) or
13
+# directly in the corresponding source file.
14
+
15
+%RC = (
16
+
17
+    # ------------------------------------------------------------------
18
+
19
+    # default umask gives you perms of '0700'; see the rc file docs for
20
+    # how/why you might change this
21
+    UMASK                           =>  0027,
22
+
23
+    # look for "git-config" in the documentation
24
+    GIT_CONFIG_KEYS                 =>  'gitweb\.(owner|description|category)',
25
+
26
+    # comment out if you don't need all the extra detail in the logfile
27
+    LOG_EXTRA                       =>  1,
28
+
29
+    # roles.  add more roles (like MANAGER, TESTER, ...) here.
30
+    #   WARNING: if you make changes to this hash, you MUST run 'gitolite
31
+    #   compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
32
+    ROLES => {
33
+        READERS                     =>  1,
34
+        WRITERS                     =>  1,
35
+    },
36
+
37
+    # ------------------------------------------------------------------
38
+
39
+    # rc variables used by various features
40
+
41
+    # the 'info' command prints this as additional info, if it is set
42
+        # SITE_INFO                 =>  'Please see http://blahblah/gitolite for more help',
43
+
44
+    # the 'desc' command uses this
45
+        # WRITER_CAN_UPDATE_DESC    =>  1,
46
+
47
+    # the CpuTime feature uses these
48
+        # display user, system, and elapsed times to user after each git operation
49
+        # DISPLAY_CPU_TIME          =>  1,
50
+        # display a warning if total CPU times (u, s, cu, cs) crosses this limit
51
+        # CPU_TIME_WARN_LIMIT       =>  0.1,
52
+
53
+    # the Mirroring feature needs this
54
+        # HOSTNAME                  =>  "foo",
55
+
56
+    # if you enabled 'Shell', you need this
57
+        # SHELL_USERS_LIST          =>  "$ENV{HOME}/.gitolite.shell-users",
58
+
59
+    # ------------------------------------------------------------------
60
+
61
+    # suggested locations for site-local gitolite code (see cust.html)
62
+
63
+        # this one is managed directly on the server
64
+        # LOCAL_CODE                =>  "$ENV{HOME}/local",
65
+
66
+        # or you can use this, which lets you put everything in a subdirectory
67
+        # called "local" in your gitolite-admin repo.  For a SECURITY WARNING
68
+        # on this, see http://gitolite.com/gitolite/cust.html#pushcode
69
+        # LOCAL_CODE                =>  "$rc{GL_ADMIN_BASE}/local",
70
+
71
+    # ------------------------------------------------------------------
72
+
73
+    # List of commands and features to enable
74
+
75
+    ENABLE => [
76
+
77
+        # COMMANDS
78
+
79
+            # These are the commands enabled by default
80
+            'help',
81
+            'desc',
82
+            'info',
83
+            'perms',
84
+            'writable',
85
+
86
+            # Uncomment or add new commands here.
87
+            # 'create',
88
+            # 'fork',
89
+            # 'mirror',
90
+            # 'sskm',
91
+            # 'D',
92
+
93
+        # These FEATURES are enabled by default.
94
+
95
+            # essential (unless you're using smart-http mode)
96
+            'ssh-authkeys',
97
+
98
+            # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
99
+            'git-config',
100
+
101
+            # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
102
+            'daemon',
103
+
104
+            # creates projects.list file; if you don't use gitweb, comment this out
105
+            'gitweb',
106
+
107
+        # These FEATURES are disabled by default; uncomment to enable.  If you
108
+        # need to add new ones, ask on the mailing list :-)
109
+
110
+        # user-visible behaviour
111
+
112
+            # prevent wild repos auto-create on fetch/clone
113
+            # 'no-create-on-read',
114
+            # no auto-create at all (don't forget to enable the 'create' command!)
115
+            # 'no-auto-create',
116
+
117
+            # access a repo by another (possibly legacy) name
118
+            # 'Alias',
119
+
120
+            # give some users direct shell access
121
+            # 'Shell',
122
+
123
+            # set default roles from lines like 'option default.roles-1 = ...', etc.
124
+            # 'set-default-roles',
125
+
126
+        # system admin stuff
127
+
128
+            # enable mirroring (don't forget to set the HOSTNAME too!)
129
+            # 'Mirroring',
130
+
131
+            # allow people to submit pub files with more than one key in them
132
+            # 'ssh-authkeys-split',
133
+
134
+            # selective read control hack
135
+            # 'partial-copy',
136
+
137
+            # manage local, gitolite-controlled, copies of read-only upstream repos
138
+            # 'upstream',
139
+
140
+            # updates 'description' file instead of 'gitweb.description' config item
141
+            # 'cgit',
142
+
143
+            # allow repo-specific hooks to be added
144
+            # 'repo-specific-hooks',
145
+
146
+        # performance, logging, monitoring...
147
+
148
+            # be nice
149
+            # 'renice 10',
150
+
151
+            # log CPU times (user, system, cumulative user, cumulative system)
152
+            # 'CpuTime',
153
+
154
+        # syntactic_sugar for gitolite.conf and included files
155
+
156
+            # allow backslash-escaped continuation lines in gitolite.conf
157
+            # 'continuation-lines',
158
+
159
+            # create implicit user groups from directory names in keydir/
160
+            # 'keysubdirs-as-groups',
161
+
162
+            # allow simple line-oriented macros
163
+            # 'macros',
164
+
165
+    ],
166
+
167
+);
168
+
169
+# ------------------------------------------------------------------------------
170
+# per perl rules, this should be the last line in such a file:
171
+1;
172
+
173
+# Local variables:
174
+# mode: perl
175
+# End:
176
+# vim: set syn=perl:

+ 47
- 0
roles/git/tasks/cgit.yml Visa fil

@@ -0,0 +1,47 @@
1
+
2
+- name: Install cgit dependencies
3
+  apt: pkg={{ item }} state=installed
4
+  with_items:
5
+    - groff
6
+    - python-pip
7
+
8
+- name: Install cgit pip dependencies
9
+  pip: name={{ item }}
10
+  with_items:
11
+    - pygments
12
+    - docutils
13
+
14
+- name: Download cgit release
15
+  get_url: url=http://git.zx2c4.com/cgit/snapshot/cgit-{{ cgit_version }}.tar.xz
16
+           dest=/root/cgit-{{ cgit_version }}.tar.xz
17
+
18
+- name: Decompress cgit source
19
+  command: tar xvfJ /root/cgit-{{ cgit_version }}.tar.xz
20
+           chdir=/root
21
+           creates=/root/cgit-{{ cgit_version }}/configure
22
+
23
+- name: Build and install cgit
24
+  shell: make get-git ; make ; make install
25
+         executable=/bin/bash
26
+         chdir=/root/cgit-{{ cgit_version }}
27
+         creates=/var/www/htdocs/cgit/cgit.cgi
28
+
29
+- name: Copy cgitrc
30
+  template: src=etc_cgitrc.j2 dest=/etc/cgitrc
31
+            group=www-data
32
+            owner=www-data
33
+
34
+- name: Configure the Apache HTTP server for cgit
35
+  template: src=etc_apache2_sites-available_cgit.j2
36
+            dest=/etc/apache2/sites-available/cgit
37
+            group=www-data
38
+            owner=www-data
39
+  notify: restart apache
40
+
41
+- name: Enable Apache rewrite module
42
+  command: a2enmod rewrite creates=/etc/apache2/mods-enabled/rewrite.load
43
+  notify: restart apache
44
+
45
+- name:  Enable cgit site
46
+  command: a2ensite cgit creates=/etc/apache2/sites-enabled/cgit
47
+  notify: restart apache

+ 43
- 0
roles/git/tasks/gitolite.yml Visa fil

@@ -0,0 +1,43 @@
1
+- name: Create gitolite group
2
+  group: name=git state=present
3
+
4
+- name: Create gitolite user
5
+  user: name=git state=present home=/home/git system=yes group=git
6
+
7
+- name: Add www-data to the git group
8
+  user: name=www-data groups=git append=yes
9
+
10
+- name: Download gitolite release
11
+  git: repo=git://github.com/sitaramc/gitolite
12
+       dest=/home/git/gitolite
13
+       version=v{{ gitolite_version }}
14
+
15
+- name: Give git user file permissions
16
+  file: path=/home/git/gitolite
17
+        state=directory
18
+        recurse=yes
19
+        owner=git
20
+        group=git
21
+
22
+- name: Install gitolite
23
+  command: ./gitolite/install -ln /usr/local/bin
24
+           chdir=/home/git
25
+           creates=/usr/local/bin/gitolite
26
+
27
+- name: Copy .gitolite.rc file
28
+  copy: src=home_git_.gitolite.rc
29
+        dest=/home/git/.gitolite.rc
30
+        group=git
31
+        owner=git
32
+        mode=0644
33
+
34
+- name: Copy SSH public key to server
35
+  copy: src=gitolite.pub
36
+        dest=/home/git/{{ main_user_name }}.pub
37
+        group=git
38
+        owner=git
39
+        mode=0644
40
+
41
+- name: Setup gitolite
42
+  command: su - git -c 'gitolite setup -pk {{ main_user_name }}.pub'
43
+           chdir=/home/git

+ 2
- 0
roles/git/tasks/main.yml Visa fil

@@ -0,0 +1,2 @@
1
+- include: gitolite.yml tags=gitolite
2
+- include: cgit.yml tags=cgit

+ 36
- 0
roles/git/templates/etc_apache2_sites-available_cgit.j2 Visa fil

@@ -0,0 +1,36 @@
1
+<VirtualHost *:80>
2
+    ServerName {{ cgit_domain }}
3
+
4
+    Redirect permanent / https://{{ cgit_domain }}/
5
+</VirtualHost>
6
+
7
+<VirtualHost *:443>
8
+    ServerName {{ cgit_domain }}
9
+
10
+    SSLEngine on
11
+    SSLProtocol ALL -SSLv2
12
+    SSLHonorCipherOrder On
13
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
14
+    SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
15
+    SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
16
+    SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
17
+    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
18
+
19
+    DocumentRoot /var/www/htdocs/cgit/
20
+
21
+    <Directory "/var/www/htdocs/cgit/">
22
+        AllowOverride None
23
+        Options +ExecCGI
24
+        Order allow,deny
25
+        Allow from all
26
+    </Directory>
27
+
28
+    Alias /cgit.png         /var/www/htdocs/cgit/cgit.png
29
+    Alias /cgit.css         /var/www/htdocs/cgit/cgit.css
30
+    Alias /favicon.ico      /var/www/htdocs/cgit/favicon.ico
31
+    Alias /robots.txt       /var/www/htdocs/cgit/robots.txt
32
+    ScriptAlias /           /var/www/htdocs/cgit/cgit.cgi/
33
+
34
+    CustomLog /var/log/apache2/cgit_access.log combined
35
+    ErrorLog /var/log/apache2/cgit_error.log
36
+</VirtualHost>

+ 137
- 0
roles/git/templates/etc_cgitrc.j2 Visa fil

@@ -0,0 +1,137 @@
1
+# Enable caching of up to 1000 output entries
2
+cache-size=1000
3
+
4
+
5
+# Specify some default clone urls using macro expansion
6
+clone-url=git@{{ domain }}:$CGIT_REPO_URL
7
+
8
+
9
+# Specify the css url
10
+# css=/css/cgit.css
11
+
12
+
13
+# Show owner on index page
14
+enable-index-owner=1
15
+
16
+
17
+# Allow http transport git clone
18
+enable-http-clone=0
19
+
20
+
21
+# Show extra links for each repository on the index page
22
+enable-index-links=1
23
+
24
+
25
+# Enable ASCII art commit history graph on the log pages
26
+enable-commit-graph=1
27
+
28
+
29
+# Show number of affected files per commit on the log pages
30
+enable-log-filecount=1
31
+
32
+
33
+# Show number of added/removed lines per commit on the log pages
34
+enable-log-linecount=1
35
+
36
+
37
+# Sort branches by date
38
+branch-sort=age
39
+
40
+
41
+# Add a cgit favicon
42
+# favicon=/favicon.ico
43
+
44
+
45
+# Use a custom logo
46
+# logo=/img/mylogo.png
47
+
48
+
49
+# Enable statistics per week, month and quarter
50
+max-stats=quarter
51
+
52
+
53
+# Set the title and heading of the repository index page
54
+root-title={{ domain }} git repository
55
+
56
+
57
+# Set a subheading for the repository index page
58
+# root-desc=tracking the foobar development
59
+
60
+
61
+# Include some more info about example.com on the index page
62
+# root-readme=/var/www/htdocs/about.html
63
+
64
+
65
+# Allow download of tar.gz, tar.bz2 and zip-files
66
+snapshots=tar.gz tar.bz2 zip
67
+
68
+
69
+##
70
+## List of common mimetypes
71
+##
72
+
73
+mimetype.gif=image/gif
74
+mimetype.html=text/html
75
+mimetype.jpg=image/jpeg
76
+mimetype.jpeg=image/jpeg
77
+mimetype.pdf=application/pdf
78
+mimetype.png=image/png
79
+mimetype.svg=image/svg+xml
80
+
81
+
82
+# Highlight source code with python pygments-based highlighter
83
+source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py
84
+
85
+# Format markdown, restructuredtext, manpages, text files, and html files
86
+# through the right converters
87
+about-filter=/usr/local/lib/cgit/filters/about-formatting.sh
88
+
89
+##
90
+## Search for these files in the root of the default branch of repositories
91
+## for coming up with the about page:
92
+##
93
+readme=:README.md
94
+readme=:readme.md
95
+readme=:README.mkd
96
+readme=:readme.mkd
97
+readme=:README.rst
98
+readme=:readme.rst
99
+readme=:README.html
100
+readme=:readme.html
101
+readme=:README.htm
102
+readme=:readme.htm
103
+readme=:README.txt
104
+readme=:readme.txt
105
+readme=:README
106
+readme=:readme
107
+readme=:INSTALL.md
108
+readme=:install.md
109
+readme=:INSTALL.mkd
110
+readme=:install.mkd
111
+readme=:INSTALL.rst
112
+readme=:install.rst
113
+readme=:INSTALL.html
114
+readme=:install.html
115
+readme=:INSTALL.htm
116
+readme=:install.htm
117
+readme=:INSTALL.txt
118
+readme=:install.txt
119
+readme=:INSTALL
120
+readme=:install
121
+
122
+
123
+# Allow cgit to use git config to set	any repo specific settings
124
+enable-git-config=1
125
+
126
+
127
+# Removes .git suffix for the url and name
128
+remove-suffix=1
129
+
130
+
131
+# A list of subdirectories inside of scan-path
132
+# that should loaded as git repositories
133
+project-list=/home/git/projects.list
134
+
135
+
136
+# A path which will be scanned for repositories
137
+scan-path=/home/git/repositories

+ 1
- 0
site.yml Visa fil

@@ -21,3 +21,4 @@
21 21
     - vpn
22 22
     - tarsnap
23 23
     - news
24
+    - git

+ 14
- 0
tests.py Visa fil

@@ -122,6 +122,20 @@ class WebTests(unittest.TestCase):
122 122
             r.content
123 123
         )
124 124
 
125
+    def test_cgit_http(self):
126
+        """CGit web interface is displaying home page"""
127
+        r = requests.get('http://git.' + TEST_SERVER, verify=False)
128
+
129
+        # We should be redirected to https
130
+        self.assertEquals(r.history[0].status_code, 301)
131
+        self.assertEquals(r.url, 'https://git.' + TEST_SERVER + '/')
132
+
133
+        # 200 - We should be at the repository page
134
+        self.assertEquals(r.status_code, 200)
135
+        self.assertIn(
136
+            'git repository',
137
+            r.content
138
+        )
125 139
 
126 140
 class IRCTests(unittest.TestCase):
127 141
     def test_irc_auth(self):

+ 5
- 0
vars/defaults.yml Visa fil

@@ -100,3 +100,8 @@ selfoss_domain: "news.{{ domain }}"
100 100
 selfoss_db_username: selfoss
101 101
 # selfoss_db_password: (required)
102 102
 selfoss_db_database: selfoss
103
+
104
+# git
105
+cgit_version: 0.10.1
106
+cgit_domain: "git.{{ domain }}"
107
+gitolite_version: 3.5.3.1

Laddar…
Avbryt
Spara