From 9d9fe107d0de34602775cbee2ca5208d604e0c5b Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Mon, 21 Sep 2015 18:48:19 +0200 Subject: Replace gitweb with cgit. --- git.yml | 2 +- roles/common-web/tasks/main.yml | 8 -- roles/git/files/etc/cgitrc | 85 +++++++++++++++ roles/git/files/etc/gitweb.conf | 40 ------- roles/git/files/etc/nginx/sites-available/git | 74 ++++++++----- roles/git/files/etc/nginx/sites-available/gitweb | 48 -------- roles/git/files/etc/uwsgi/apps-available/cgit.ini | 6 + .../etc/uwsgi/apps-available/git-http-backend.ini | 4 + roles/git/files/lib/systemd/system/gitweb.service | 15 --- roles/git/files/lib/systemd/system/gitweb.socket | 11 -- .../git/files/usr/lib/cgi-bin/gitweb-wrapper.fcgi | 22 ---- .../usr/lib/cgit/filters/syntax-highlighting2.sh | 121 +++++++++++++++++++++ roles/git/handlers/main.yml | 4 +- roles/git/tasks/cgit.yml | 111 +++++++++++++++++++ roles/git/tasks/gitweb.yml | 104 ------------------ roles/git/tasks/main.yml | 2 +- .../wiki/files/var/lib/ikiwiki/fripost-wiki.setup | 4 +- 17 files changed, 377 insertions(+), 284 deletions(-) create mode 100644 roles/git/files/etc/cgitrc delete mode 100644 roles/git/files/etc/gitweb.conf delete mode 100644 roles/git/files/etc/nginx/sites-available/gitweb create mode 100644 roles/git/files/etc/uwsgi/apps-available/cgit.ini create mode 100644 roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini delete mode 100644 roles/git/files/lib/systemd/system/gitweb.service delete mode 100644 roles/git/files/lib/systemd/system/gitweb.socket delete mode 100755 roles/git/files/usr/lib/cgi-bin/gitweb-wrapper.fcgi create mode 100755 roles/git/files/usr/lib/cgit/filters/syntax-highlighting2.sh create mode 100644 roles/git/tasks/cgit.yml delete mode 100644 roles/git/tasks/gitweb.yml diff --git a/git.yml b/git.yml index 04ecab9..80654d7 100644 --- a/git.yml +++ b/git.yml @@ -1,5 +1,5 @@ --- -- name: Configure gitweb & gitolite +- name: Configure cgit & gitolite hosts: git tags: - git diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml index 1f8655a..d2b2acd 100644 --- a/roles/common-web/tasks/main.yml +++ b/roles/common-web/tasks/main.yml @@ -8,14 +8,6 @@ tags: - logrotate -- name: Delete /etc/nginx/*_params - file: path=/etc/nginx/{{ item }}_params state=absent - with_items: - - fastcgi - - proxy - - scgi - - uwsgi - - name: Delete /etc/nginx/sites-{available,enabled}/default file: path=/etc/nginx/sites-{{ item }}/default state=absent with_items: diff --git a/roles/git/files/etc/cgitrc b/roles/git/files/etc/cgitrc new file mode 100644 index 0000000..b862dc3 --- /dev/null +++ b/roles/git/files/etc/cgitrc @@ -0,0 +1,85 @@ +# +# cgit config +# see cgitrc(5) for details + +# Enable caching of up to 1000 output entries +cache-size=1000 + +# Specify some default clone url prefixes +clone-url=https://$HTTP_HOST/$CGIT_REPO_NAME ssh://$HTTP_HOST/$CGIT_REPO_NAME + +# Specify the css, logo and favicon urls +css=/static/cgit.css +logo=/static/cgit.png +favicon=/static/favicon.ico + +# Show owner on index page +enable-index-owner=1 + +# Disallow dumb http transport git clone +enable-http-clone=0 + +# Show extra links for each repository on the index page +enable-index-links=1 + +# Enable ASCII art commit history graph on the log pages +enable-commit-graph=1 + +# Show number of affected files per commit on the log pages +enable-log-filecount=1 + +# Enable statistics per week, month and quarter +max-stats=quarter + +# Set the title and heading of the repository index page +root-title=Fripost's git repositories + +# Set a subheading for the repository index page +root-desc=Git repositories hosted at fripost.org + +# Enable indexing by web crawlers +robots=index + +# Use root URL for all cgit links +virtual-root=/ + +# Allow download of tar.gz, tar.bz2 and zip-files +#tar.gz tar.bz2 + +## +## List of common mimetypes +## + +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.jpeg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml + +# Highlight source code with python pygments-based highlighter +source-filter=/usr/lib/cgit/filters/syntax-highlighting2.sh + +# Format markdown, restructuredtext, manpages, text files, and html files +# through the right converters +about-filter=/usr/lib/cgit/filters/about-formatting.sh + +# Search for these files in the root of the default branch of repositories +# for coming up with the about page: +readme=:README.html +readme=:readme.html +readme=:README.htm +readme=:readme.htm +readme=:README.txt +readme=:readme.txt +readme=:README +readme=:readme +readme=:INSTALL +readme=:install + +# List of repositories. +enable-git-config=1 +remove-suffix=1 +project-list=/var/lib/gitolite/projects.list +scan-path=/var/lib/gitolite/repositories diff --git a/roles/git/files/etc/gitweb.conf b/roles/git/files/etc/gitweb.conf deleted file mode 100644 index 0d667b7..0000000 --- a/roles/git/files/etc/gitweb.conf +++ /dev/null @@ -1,40 +0,0 @@ -$site_name = "Fripost Git"; - -# path to git projects (.git) -$projectroot = "/var/lib/gitolite/repositories"; - -# directory to use for temp files -$git_temp = "/tmp"; - -# target of the home link on top of all pages -#$home_link = $my_uri || "/"; - -# html text to include at home page -$home_text = ""; - -# file with project list; by default, simply scan the projectroot dir. -$projects_list = "/var/lib/gitolite/projects.list"; - -#$projects_list = $projectroot; -#$export_ok = "git-daemon-export-ok"; - -# stylesheet to use -#push @stylesheets, "static/gitweb.css"; - -# javascript code for gitweb -$javascript = "static/gitweb.js"; - -# logo to use -$logo = "static/git-logo.png"; - -# the 'favicon' -$favicon = "static/git-favicon.png"; - -# git-diff-tree(1) options to use for generated patches -#@diff_opts = ("-M"); -@diff_opts = (); - -# the base url -@git_base_url_list = ( 'git clone ssh://gitolite@git.fripost.org' - , 'git clone https://git.fripost.org' - ) diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git index 9510620..75c1512 100644 --- a/roles/git/files/etc/nginx/sites-available/git +++ b/roles/git/files/etc/nginx/sites-available/git @@ -7,31 +7,38 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } @@ -49,30 +56,37 @@ server { access_log /var/log/nginx/git.access.log; error_log /var/log/nginx/git.error.log info; + location ^~ /static/ { + alias /usr/share/cgit/; + expires 30d; + } + # Bypass the CGI to return static files stored on disk. Try first repo with # a trailing '.git', then without. - location ~* "^/((?U)[^/]+)(?:\.git)?/objects/([0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { + location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" { root /var/lib/gitolite/repositories; try_files /$1.git/objects/$2 /$1/objects/$2 =404; + expires 30d; + # TODO honor git-daemon-export-ok } - # Disallow push over HTTP(S) - location ~* ^/[^/]+/git-receive-pack$ { - return 403; - } + # disallow push over HTTP/HTTPS + location ~* "^/[^/]+/git-receive-pack$" { return 403; } - location ~* ^/[^/]+/(:?HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$ { - fastcgi_param PATH_INFO $uri; - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param GIT_HTTP_EXPORT_ALL 1; - fastcgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location ~* "^/[^/]+/(?:HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" { gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_param GIT_PROJECT_ROOT /var/lib/gitolite/repositories; + uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket; } - # Redirect to gitweb otherwise - location ~ ^/([^/]+/?)?$ { - return 302 $scheme://gitweb.fripost.org/$1; + + # send all other URLs to cgit + location / { + gzip off; + include uwsgi_params; + uwsgi_modifier1 9; + uwsgi_pass unix:/run/uwsgi/app/cgit/socket; } } diff --git a/roles/git/files/etc/nginx/sites-available/gitweb b/roles/git/files/etc/nginx/sites-available/gitweb deleted file mode 100644 index 3814145..0000000 --- a/roles/git/files/etc/nginx/sites-available/gitweb +++ /dev/null @@ -1,48 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name gitweb.fripost.org; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} - - -server { - listen 443; - listen [::]:443; - - server_name gitweb.fripost.org; - - include ssl/config; - ssl_certificate /etc/nginx/ssl/git.fripost.org.pem; - ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key; - - access_log /var/log/nginx/gitweb.access.log; - error_log /var/log/nginx/gitweb.error.log info; - - location ^~ /static/ { - alias /usr/share/gitweb/static/; - } - - try_files $uri @fcgi; - location @fcgi { - root /var/lib/gitolite/repositories; - include fastcgi/params; - fastcgi_pass unix:/run/gitweb.socket; - gzip off; - } -} diff --git a/roles/git/files/etc/uwsgi/apps-available/cgit.ini b/roles/git/files/etc/uwsgi/apps-available/cgit.ini new file mode 100644 index 0000000..2fb5b25 --- /dev/null +++ b/roles/git/files/etc/uwsgi/apps-available/cgit.ini @@ -0,0 +1,6 @@ +[uwsgi] +plugins = cgi +procname-master = uwsgi %(deb-confname) +cgi = /usr/lib/cgit/cgit.cgi +uid = cgit +gid = www-data diff --git a/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini b/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini new file mode 100644 index 0000000..6718237 --- /dev/null +++ b/roles/git/files/etc/uwsgi/apps-available/git-http-backend.ini @@ -0,0 +1,4 @@ +[uwsgi] +plugins = cgi +procname-master = uwsgi %(deb-confname) +cgi = /usr/lib/git-core/git-http-backend diff --git a/roles/git/files/lib/systemd/system/gitweb.service b/roles/git/files/lib/systemd/system/gitweb.service deleted file mode 100644 index 3ba1cc8..0000000 --- a/roles/git/files/lib/systemd/system/gitweb.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Gitweb Service -After=network.target -Requires=gitweb.socket - -[Service] -StandardInput=socket -User=gitweb -Group=gitweb -Environment=SCRIPT_FILENAME=/usr/lib/cgi-bin/gitweb-wrapper.fcgi -ExecStart=/usr/lib/cgi-bin/gitweb-wrapper.fcgi -Restart=on-failure - -[Install] -WantedBy=multi-user.target diff --git a/roles/git/files/lib/systemd/system/gitweb.socket b/roles/git/files/lib/systemd/system/gitweb.socket deleted file mode 100644 index 355b490..0000000 --- a/roles/git/files/lib/systemd/system/gitweb.socket +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Gitweb Listen Socket - -[Socket] -SocketUser=www-data -SocketGroup=www-data -SocketMode=0600 -ListenStream=/run/gitweb.socket - -[Install] -WantedBy=sockets.target diff --git a/roles/git/files/usr/lib/cgi-bin/gitweb-wrapper.fcgi b/roles/git/files/usr/lib/cgi-bin/gitweb-wrapper.fcgi deleted file mode 100755 index a7eea8c..0000000 --- a/roles/git/files/usr/lib/cgi-bin/gitweb-wrapper.fcgi +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/perl -# gitweb.cgi wrapper that fixes the UTF-8 problem with fastcgi - -# Local redefinition of FCGI::Stream::PRINT -use Encode; -use FCGI; - -our $enc = Encode::find_encoding('UTF-8'); -our $org = \&FCGI::Stream::PRINT; -no warnings 'redefine'; - -local *FCGI::Stream::PRINT = sub { - my @OUTPUT = @_; - for (my $i = 1; $i < @_; $i++) { - $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC); - } - @_ = @OUTPUT; - goto $org; -}; - -# Execute original script -do "/usr/lib/cgi-bin/gitweb.cgi"; diff --git a/roles/git/files/usr/lib/cgit/filters/syntax-highlighting2.sh b/roles/git/files/usr/lib/cgit/filters/syntax-highlighting2.sh new file mode 100755 index 0000000..3342bbc --- /dev/null +++ b/roles/git/files/usr/lib/cgit/filters/syntax-highlighting2.sh @@ -0,0 +1,121 @@ +#!/bin/sh +# This script can be used to implement syntax highlighting in the cgit +# tree-view by refering to this file with the source-filter or repo.source- +# filter options in cgitrc. +# +# This script requires a shell supporting the ${var##pattern} syntax. +# It is supported by at least dash and bash, however busybox environments +# might have to use an external call to sed instead. +# +# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax +# highlighting, so you'll probably want something like the following included +# in your css file: +# +# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/ +# +# table.blob .num { color:#2928ff; } +# table.blob .esc { color:#ff00ff; } +# table.blob .str { color:#ff0000; } +# table.blob .dstr { color:#818100; } +# table.blob .slc { color:#838183; font-style:italic; } +# table.blob .com { color:#838183; font-style:italic; } +# table.blob .dir { color:#008200; } +# table.blob .sym { color:#000000; } +# table.blob .kwa { color:#000000; font-weight:bold; } +# table.blob .kwb { color:#830000; } +# table.blob .kwc { color:#000000; font-weight:bold; } +# table.blob .kwd { color:#010181; } +# +# +# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/ +# +# body.hl { background-color:#ffffff; } +# pre.hl { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';} +# .hl.num { color:#2928ff; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#ff0000; } +# .hl.dstr { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.dir { color:#008200; } +# .hl.sym { color:#000000; } +# .hl.line { color:#555555; } +# .hl.mark { background-color:#ffffbb;} +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#830000; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# Style definition file generated by highlight 3.8, http://www.andre-simon.de/ +# +# body.hl { background-color:#e0eaee; } +# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';} +# .hl.num { color:#b07e00; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#bf0303; } +# .hl.pps { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.ppc { color:#008200; } +# .hl.opt { color:#000000; } +# .hl.lin { color:#555555; } +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#0057ae; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# Style definition file generated by highlight 3.13, http://www.andre-simon.de/ +# +# body.hl { background-color:#e0eaee; } +# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;} +# .hl.num { color:#b07e00; } +# .hl.esc { color:#ff00ff; } +# .hl.str { color:#bf0303; } +# .hl.pps { color:#818100; } +# .hl.slc { color:#838183; font-style:italic; } +# .hl.com { color:#838183; font-style:italic; } +# .hl.ppc { color:#008200; } +# .hl.opt { color:#000000; } +# .hl.ipl { color:#0057ae; } +# .hl.lin { color:#555555; } +# .hl.kwa { color:#000000; font-weight:bold; } +# .hl.kwb { color:#0057ae; } +# .hl.kwc { color:#000000; font-weight:bold; } +# .hl.kwd { color:#010181; } +# +# +# The following environment variables can be used to retrieve the configuration +# of the repository for which this script is called: +# CGIT_REPO_URL ( = repo.url setting ) +# CGIT_REPO_NAME ( = repo.name setting ) +# CGIT_REPO_PATH ( = repo.path setting ) +# CGIT_REPO_OWNER ( = repo.owner setting ) +# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting ) +# CGIT_REPO_SECTION ( = section setting ) +# CGIT_REPO_CLONE_URL ( = repo.clone-url setting ) +# + +# store filename and extension in local vars +BASENAME="$1" +EXTENSION="${BASENAME##*.}" + +[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt +[ -z "${EXTENSION}" ] && EXTENSION=txt + +# map Makefile and Makefile.* to .mk +[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk + +# highlight versions 2 and 3 have different commandline options. Specifically, +# the -X option that is used for version 2 is replaced by the -O xhtml option +# for version 3. +# +# Version 2 can be found (for example) on EPEL 5, while version 3 can be +# found (for example) on EPEL 6. +# +# This is for version 2 +#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null + +# This is for version 3 +exec highlight --force --inline-css -f -I -O xhtml -S "$EXTENSION" 2>/dev/null diff --git a/roles/git/handlers/main.yml b/roles/git/handlers/main.yml index e32bd2f..d52c9cc 100644 --- a/roles/git/handlers/main.yml +++ b/roles/git/handlers/main.yml @@ -2,8 +2,8 @@ - name: systemctl daemon-reload command: /bin/systemctl daemon-reload -- name: Restart gitweb - service: name=gitweb state=restarted +- name: Restart uWSGI + service: name=uwsgi state=restarted - name: Restart Nginx service: name=nginx state=restarted diff --git a/roles/git/tasks/cgit.yml b/roles/git/tasks/cgit.yml new file mode 100644 index 0000000..a8be1fc --- /dev/null +++ b/roles/git/tasks/cgit.yml @@ -0,0 +1,111 @@ +- name: Install cgit + apt: pkg={{ item }} + with_items: + - cgit + - highlight + - uwsgi + +- name: Configure cgit + copy: src=etc/cgitrc + dest=/etc/cgitrc + owner=root group=root + mode=0644 + register: r1 + notify: + - Restart uWSGI + +- name: Copy /usr/lib/cgit/filters/syntax-highlighting2.sh + copy: src=usr/lib/cgit/filters/syntax-highlighting2.sh + dest=/usr/lib/cgit/filters/syntax-highlighting2.sh + owner=root group=root + mode=0755 + register: r2 + notify: + - Restart uWSGI + +- name: Create a user 'cgit' + user: name=cgit system=yes + home=/var/www + shell=/usr/sbin/nologin + password=! + state=present + register: r3 + notify: + - Restart uWSGI + +- name: Create /etc/uwsgi/apps-available/{cgit,git-http-backend}.ini + copy: src=etc/uwsgi/apps-available/{{ item }}.ini + dest=/etc/uwsgi/apps-available/{{ item }}.ini + owner=root group=root + mode=0644 + register: r4 + with_items: + - cgit + - git-http-backend + notify: + - Restart uWSGI + +- name: Create /etc/uwsgi/apps-enabled/{cgit,git-http-backend}.ini + file: src=../apps-available/{{ item }}.ini + dest=/etc/uwsgi/apps-enabled/{{ item }}.ini + owner=root group=root + state=link force=yes + register: r5 + with_items: + - cgit + - git-http-backend + notify: + - Restart uWSGI + +- name: Start uWSGI + service: name=nginx state=started + when: not (r1.changed or r2.changed or r3.changed or r4.changed or r5.changed) + +- meta: flush_handlers + +- name: Add 'cgit' & 'www-data' to the group 'gitolite' + user: name={{ item }} groups=gitolite append=yes + with_items: + # for the cgit interface + - cgit + # for pulls over HTTP/HTTPS + - www-data + + +- name: Generate a private key and a X.509 certificate for Nginx + command: genkeypair.sh x509 + --pubkey=/etc/nginx/ssl/git.fripost.org.pem + --privkey=/etc/nginx/ssl/git.fripost.org.key + --ou=WWW --cn=git.fripost.org --dns=git.fripost.org + -t rsa -b 4096 -h sha512 + register: r1 + changed_when: r1.rc == 0 + failed_when: r1.rc > 1 + notify: + - Restart Nginx + tags: + - genkey + +- name: Copy /etc/nginx/sites-available/git + copy: src=etc/nginx/sites-available/git + dest=/etc/nginx/sites-available/git + owner=root group=root + mode=0644 + register: r2 + notify: + - Restart Nginx + +- name: Create /etc/nginx/sites-enabled/git + file: src=../sites-available/git + dest=/etc/nginx/sites-enabled/git + owner=root group=root + state=link force=yes + register: r3 + notify: + - Restart Nginx + +- name: Start Nginx + service: name=nginx state=started + when: not (r1.changed or r2.changed or r3.changed) + +- meta: flush_handlers diff --git a/roles/git/tasks/gitweb.yml b/roles/git/tasks/gitweb.yml deleted file mode 100644 index e0aaa4f..0000000 --- a/roles/git/tasks/gitweb.yml +++ /dev/null @@ -1,104 +0,0 @@ -- name: Install gitweb - apt: pkg={{ item }} - with_items: - - gitweb - - libfcgi-perl - # for git-http-backend - - fcgiwrap - -- name: Configure gitweb - copy: src=etc/gitweb.conf - dest=/etc/gitweb.conf - owner=root group=root - mode=0644 - notify: - - Restart gitweb - -- name: Create a user 'gitweb' - user: name=gitweb system=yes - home=/var/www - shell=/usr/sbin/nologin - password=! - state=present - -- name: Add 'gitweb' & 'www-data' to the group 'gitolite' - user: name={{ item }} groups=gitolite append=yes - with_items: - # for the gitweb interface - - gitweb - # for pulls over HTTP/HTTPS - - www-data - -# XXX workaround encoding issues in FCGI mode -# http://git.661346.n2.nabble.com/Gitweb-running-as-FCGI-does-not-print-its-output-in-UTF-8-td7573415.html -# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720308 -- name: Copy gitweb.cgi wrapper to fix encoding - copy: src=usr/lib/cgi-bin/gitweb-wrapper.fcgi - dest=/usr/lib/cgi-bin/gitweb-wrapper.fcgi - owner=root group=root - mode=0755 - -- name: Copy gitweb.{service,socket} - copy: src=lib/systemd/system/{{ item }} - dest=/lib/systemd/system/{{ item }} - owner=root group=root - mode=0644 - notify: - - systemctl daemon-reload - - Restart gitweb - with_items: - - gitweb.service - - gitweb.socket - -- meta: flush_handlers - -- name: Enable gitweb - service: name=gitweb enabled=yes - -- name: Start gitweb - service: name=gitweb state=started - - -- name: Generate a private key and a X.509 certificate for Nginx - command: genkeypair.sh x509 - --pubkey=/etc/nginx/ssl/git.fripost.org.pem - --privkey=/etc/nginx/ssl/git.fripost.org.key - --ou=WWW --cn=git.fripost.org --dns=git.fripost.org --dns=gitweb.fripost.org - -t rsa -b 4096 -h sha512 - register: r1 - changed_when: r1.rc == 0 - failed_when: r1.rc > 1 - notify: - - Restart Nginx - tags: - - genkey - -- name: Copy /etc/nginx/sites-available/{git,gitweb} - copy: src=etc/nginx/sites-available/{{ item }} - dest=/etc/nginx/sites-available/{{ item }} - owner=root group=root - mode=0644 - with_items: - - git - - gitweb - register: r2 - notify: - - Restart Nginx - -- name: Create /etc/nginx/sites-enabled/{git,gitweb} - file: src=../sites-available/{{ item }} - dest=/etc/nginx/sites-enabled/{{ item }} - owner=root group=root - state=link force=yes - with_items: - - git - - gitweb - register: r3 - notify: - - Restart Nginx - -- name: Start Nginx - service: name=nginx state=started - when: not (r1.changed or r2.changed or r3.changed) - -- meta: flush_handlers diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml index b5422b7..da9f876 100644 --- a/roles/git/tasks/main.yml +++ b/roles/git/tasks/main.yml @@ -1,2 +1,2 @@ - include: gitolite.yml tags=gitolite -- include: gitweb.yml tags=gitweb +- include: cgit.yml tags=cgit diff --git a/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup index 974f7f3..6768629 100644 --- a/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup +++ b/roles/wiki/files/var/lib/ikiwiki/fripost-wiki.setup @@ -135,9 +135,9 @@ git_wrapper: /var/lib/ikiwiki/wiki.fripost.org # unix users whose commits should be checked by the pre-receive hook #untrusted_committers: [] # gitweb url to show file history ([[file]] substituted) -historyurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=history;f=[[file]];hb=HEAD +historyurl: http://git.fripost.org/fripost-wiki/tree/[[file]] # gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted) -diffurl: http://gitweb.fripost.org/?p=fripost-wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]] +diffurl: http://git.fripost.org/fripost-wiki/diff/[[file]]/?id=[[sha1_commit]] # where to pull and push changes (set to empty string to disable) gitorigin_branch: origin # branch that the wiki is stored in -- cgit v1.2.3