- name: Install gitweb
  apt: pkg={{ item }}
  with_items:
    - gitweb
    # for git-http-backend
    - fcgiwrap

- name: Configure gitweb
  copy: src=etc/gitweb.conf
        dest=/etc/gitweb.conf
        owner=root group=root
        mode=0644
  notify:
    - Restart gitweb

# See gitweb(1).  To work in Fast CGI mode gitweb checks its filetype.
- name: Symlink 'gitweb.cgi' to 'gitweb.fcgi'
  file: src=gitweb.cgi
        dest=/usr/lib/cgi-bin/gitweb.fcgi
        owner=root group=root
        state=link force=no

- name: Create a user 'gitweb'
  user: name=gitweb system=yes
        home=/var/www
        shell=/usr/sbin/nologin
        password=!
        state=present

- name: Add 'gitweb' & 'www-data' to the group 'gitolite'
  user: name={{ item }} groups=gitolite append=yes
  with_items:
    # for the gitweb interface
    - gitweb
    # for pulls over HTTP/HTTPS
    - www-data

- name: Copy gitweb.{service,socket}
  copy: src=lib/systemd/system/{{ item }}
        dest=/lib/systemd/system/{{ item }}
        owner=root group=root
        mode=0644
  notify:
    - systemctl daemon-reload
  with_items:
    - gitweb.service
    - gitweb.socket

- meta: flush_handlers

- name: Enable gitweb
  service: name=gitweb enabled=yes

- name: Start gitweb
  service: name=gitweb state=started


- name: Generate a private key and a X.509 certificate for Nginx
  command: genkeypair.sh x509
                         --pubkey=/etc/nginx/ssl/git.fripost.org.pem
                         --privkey=/etc/nginx/ssl/git.fripost.org.key
                         --ou=WWW --cn=git.fripost.org --dns=git.fripost.org --dns=gitweb.fripost.org
                         -t rsa -b 4096 -h sha512
  register: r1
  changed_when: r1.rc == 0
  failed_when: r1.rc > 1
  notify:
    - Restart Nginx
  tags:
    - genkey

- name: Copy /etc/nginx/sites-available/{git,gitweb}
  copy: src=etc/nginx/sites-available/{{ item }}
        dest=/etc/nginx/sites-available/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    - git
    - gitweb
  register: r2
  notify:
    - Restart Nginx

- name: Create /etc/nginx/sites-enabled/{git,gitweb}
  file: src=../sites-available/{{ item }}
        dest=/etc/nginx/sites-enabled/{{ item }}
        owner=root group=root
        state=link force=yes
  with_items:
    - git
    - gitweb
  register: r3
  notify:
    - Restart Nginx

- name: Start Nginx
  service: name=nginx state=started
  when: not (r1.changed or r2.changed or r3.changed)

- meta: flush_handlers