- name: Install gitweb
  apt: pkg={{ item }}
  with_items:
    - gitweb
    - libfcgi-perl
    # for git-http-backend
    - fcgiwrap

- name: Configure gitweb
  copy: src=etc/gitweb.conf
        dest=/etc/gitweb.conf
        owner=root group=root
        mode=0644
  notify:
    - Restart gitweb

- name: Create a user 'gitweb'
  user: name=gitweb system=yes
        home=/var/www
        shell=/usr/sbin/nologin
        password=!
        state=present

- name: Add 'gitweb' & 'www-data' to the group 'gitolite'
  user: name={{ item }} groups=gitolite append=yes
  with_items:
    # for the gitweb interface
    - gitweb
    # for pulls over HTTP/HTTPS
    - www-data

# XXX workaround encoding issues in FCGI mode
# http://git.661346.n2.nabble.com/Gitweb-running-as-FCGI-does-not-print-its-output-in-UTF-8-td7573415.html
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720308
- name: Copy gitweb.cgi wrapper to fix encoding
  copy: src=usr/lib/cgi-bin/gitweb-wrapper.fcgi
        dest=/usr/lib/cgi-bin/gitweb-wrapper.fcgi
        owner=root group=root
        mode=0755

- name: Copy gitweb.{service,socket}
  copy: src=lib/systemd/system/{{ item }}
        dest=/lib/systemd/system/{{ item }}
        owner=root group=root
        mode=0644
  notify:
    - systemctl daemon-reload
    - Restart gitweb
  with_items:
    - gitweb.service
    - gitweb.socket

- meta: flush_handlers

- name: Enable gitweb
  service: name=gitweb enabled=yes

- name: Start gitweb
  service: name=gitweb state=started


- name: Generate a private key and a X.509 certificate for Nginx
  command: genkeypair.sh x509
                         --pubkey=/etc/nginx/ssl/git.fripost.org.pem
                         --privkey=/etc/nginx/ssl/git.fripost.org.key
                         --ou=WWW --cn=git.fripost.org --dns=git.fripost.org --dns=gitweb.fripost.org
                         -t rsa -b 4096 -h sha512
  register: r1
  changed_when: r1.rc == 0
  failed_when: r1.rc > 1
  notify:
    - Restart Nginx
  tags:
    - genkey

- name: Copy /etc/nginx/sites-available/{git,gitweb}
  copy: src=etc/nginx/sites-available/{{ item }}
        dest=/etc/nginx/sites-available/{{ item }}
        owner=root group=root
        mode=0644
  with_items:
    - git
    - gitweb
  register: r2
  notify:
    - Restart Nginx

- name: Create /etc/nginx/sites-enabled/{git,gitweb}
  file: src=../sites-available/{{ item }}
        dest=/etc/nginx/sites-enabled/{{ item }}
        owner=root group=root
        state=link force=yes
  with_items:
    - git
    - gitweb
  register: r3
  notify:
    - Restart Nginx

- name: Start Nginx
  service: name=nginx state=started
  when: not (r1.changed or r2.changed or r3.changed)

- meta: flush_handlers