From b15e232c3d852dbf16a01336588f91fa83bfdd51 Mon Sep 17 00:00:00 2001 From: Alex Kotov Date: Fri, 9 Oct 2020 16:53:14 +0500 Subject: [PATCH] Remove host "git.crypto-libertarian.com" --- files/cgitrc | 82 ------------------ files/git.crypto-libertarian.com.conf | 49 ----------- files/shells | 11 --- host_vars/git.crypto-libertarian.com.yml | 35 -------- hosts | 1 - playbooks/backup/git.yml | 21 ----- playbooks/backup/site.yml | 1 - playbooks/deploy/git.yml | 106 ----------------------- playbooks/deploy/site.yml | 1 - 9 files changed, 307 deletions(-) delete mode 100644 files/cgitrc delete mode 100644 files/git.crypto-libertarian.com.conf delete mode 100644 files/shells delete mode 100644 host_vars/git.crypto-libertarian.com.yml delete mode 100644 playbooks/backup/git.yml delete mode 100644 playbooks/deploy/git.yml diff --git a/files/cgitrc b/files/cgitrc deleted file mode 100644 index c3d231e..0000000 --- a/files/cgitrc +++ /dev/null @@ -1,82 +0,0 @@ -# cgit config -# see cgitrc(5) for details - -about-filter=/usr/lib/cgit/filters/html-converters/md2html -#agefile=info/web/last-modified -#auth-filter=none -#branch-sort=name -#cache-about-ttl=15 -#cache-dynamic-ttl=5 -#cache-repo-ttl=5 -#cache-root=/var/cache/cgit -#cache-root-ttl=5 -#cache-scanrc-ttl=15 -#cache-size=0 -#cache-snapshot-ttl=5 -#cache-static-ttl=-1 -case-sensitive-sort=0 -#clone-prefix=none -clone-url=https://git.crypto-libertarian.com/$CGIT_REPO_URL.git git@git.crypto-libertarian.com:$CGIT_REPO_URL.git -#commit-filter=none -#commit-sort=unset -#css=/cgit.css -#email-filter=none -#embedded=none -enable-blame=1 -enable-commit-graph=1 -#enable-filter-overrides=none -enable-follow-links=1 -#enable-git-config=0 -enable-html-serving=1 -enable-http-clone=0 -enable-index-links=1 -#enable-index-owner=1 -enable-log-filecount=1 -enable-log-linecount=1 -enable-remote-branches=1 -enable-subject-links=1 -#enable-tree-linenumbers=1 -#favicon=/favicon.ico -#footer=none -#head-include=none -#header=none -#local-time=0 -#logo=/cgit.png -#logo-link=none -#max-atom-items=10 -#max-blob-size=0 -#max-commit-count=50 -#max-message-length=80 -#max-repo-count=50 -#max-repodesc-length=80 -max-stats=year -#mimetype-file= -#module-link=none -#noheader=none -noplainemail=1 -#owner-filter=none -readme=:README.md -remove-suffix=1 -#renamelimit=-1 -#repository-sort=name -#robots=index, nofollow -#root-desc=a fast webinterface for the git dscm -#root-readme=none -#root-title=Git Repository Browser -#scan-hidden-path=0 -#section-sort=1 -section-from-path=1 -side-by-side-diffs=1 -snapshots=all -source-filter=/usr/lib/cgit/filters/syntax-highlighting.py -#strict-export= -#summary-branches=10 -#summary-log=10 -#summary-tags=10 -#virtual-root=none - -#section=none - -#project-list=none - -scan-path=/home/git diff --git a/files/git.crypto-libertarian.com.conf b/files/git.crypto-libertarian.com.conf deleted file mode 100644 index 91c5f89..0000000 --- a/files/git.crypto-libertarian.com.conf +++ /dev/null @@ -1,49 +0,0 @@ -NameVirtualHost *:80 - - - ServerName git.crypto-libertarian.com - - Redirect permanent / https://git.crypto-libertarian.com/ - - - - ServerName git.crypto-libertarian.com - - RewriteEngine on - SSLEngine on - - SSLCertificateFile /etc/letsencrypt/live/git.crypto-libertarian.com/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/git.crypto-libertarian.com/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/git.crypto-libertarian.com/chain.pem - - SetEnv GIT_PROJECT_ROOT /home/git - SetEnv GIT_HTTP_EXPORT_ALL - - Alias /cgit.css /usr/share/cgit/cgit.css - Alias /cgit.png /usr/share/cgit/cgit.png - Alias /favicon.ico /usr/share/cgit/favicon.ico - Alias /robots.txt /usr/share/cgit/robots.txt - - ScriptAliasMatch \ - "(?x)^/(.*/(HEAD | \ - info/refs | \ - objects/(info/[^/]+ | \ - [0-9a-f]{2}/[0-9a-f]{38} | \ - pack/pack-[0-9a-f]{40}\.(pack|idx)) | \ - git-(upload|receive)-pack))$" \ - /usr/lib/git-core/git-http-backend/$1 - - ScriptAlias / /usr/lib/cgit/cgit.cgi/ - - - AllowOverride None - Options ExecCGI FollowSymlinks - Require all granted - - - - AllowOverride None - Options ExecCGI FollowSymlinks - Require all granted - - diff --git a/files/shells b/files/shells deleted file mode 100644 index fc01c91..0000000 --- a/files/shells +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/shells: valid login shells -/bin/sh -/bin/bash -/usr/bin/bash -/bin/rbash -/usr/bin/rbash -/bin/dash -/usr/bin/dash -/usr/bin/git-shell -/usr/bin/tmux -/usr/bin/screen diff --git a/host_vars/git.crypto-libertarian.com.yml b/host_vars/git.crypto-libertarian.com.yml deleted file mode 100644 index edb43fb..0000000 --- a/host_vars/git.crypto-libertarian.com.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- -ansible_become_pass_for: - kotovalexarian: !vault | - $ANSIBLE_VAULT;1.2;AES256;kotovalexarian - 66653237663434333835653436376637653961656334336462313366336631643935636133373466 - 3830663364376231343335396631376133333332313466640a656135363061383136623038613334 - 37623132343764353561666465353263303266336136393663383366373036626163326637343861 - 3039303536646536300a313465363631633666653336386433613361333761636133376664393633 - 37303763616361653265663532316637663430666436366461313064656233313235383766633064 - 6334613838376431303330393165306533633261646335666234 - -ansible_become_pass: "{{ ansible_become_pass_for[admin] }}" - -common__apache__state: install -common__apache__listen: [80, 443] -common__apache__modules: ['alias', 'cgid', 'env', 'rewrite', 'ssl'] - -common__certbot__cert_name: 'git.crypto-libertarian.com' -common__certbot__cert_domains: - - 'git.crypto-libertarian.com' -common__certbot__post_hook: 'systemctl is-active apache2.service || systemctl start apache2.service' -common__certbot__pre_hook: 'systemctl is-active apache2.service && systemctl stop apache2.service || true' - -common__iptables__drop_by_default: true - -common__iptables__v4_filter: | - # Allow incoming HTTP, HTTPS. - -A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT - -A OUTPUT -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT - - # Deny other HTTP, HTTPS. - -A INPUT -p tcp -m multiport --dports 80,443 -j REJECT - -A OUTPUT -p tcp -m multiport --sports 80,443 -j REJECT - -common__iptables__v6_filter: '{{ common__iptables__v4_filter }}' diff --git a/hosts b/hosts index bac7397..90b57c9 100644 --- a/hosts +++ b/hosts @@ -1,4 +1,3 @@ -git.crypto-libertarian.com matrix.crypto-libertarian.com postgres.crypto-libertarian.com diff --git a/playbooks/backup/git.yml b/playbooks/backup/git.yml deleted file mode 100644 index f9daf3b..0000000 --- a/playbooks/backup/git.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- hosts: git.crypto-libertarian.com - tasks: - - name: Remove archive of "/home/git" - file: - dest: /tmp/git_repos.tar.gz - state: absent - - - name: Archive "/home/git" - archive: - path: /home/git - dest: /tmp/git_repos.tar.gz - format: gz - owner: root - group: root - mode: 'u=rw,g=r,o=' - - - name: Fetch archive of "/home/git" - fetch: - src: /tmp/git_repos.tar.gz - dest: ../../backups diff --git a/playbooks/backup/site.yml b/playbooks/backup/site.yml index 324b44c..6cf5283 100644 --- a/playbooks/backup/site.yml +++ b/playbooks/backup/site.yml @@ -1,3 +1,2 @@ --- -- import_playbook: git.yml - import_playbook: postgres.yml diff --git a/playbooks/deploy/git.yml b/playbooks/deploy/git.yml deleted file mode 100644 index f0f590f..0000000 --- a/playbooks/deploy/git.yml +++ /dev/null @@ -1,106 +0,0 @@ ---- -- hosts: git.crypto-libertarian.com - module_defaults: - apt: - force_apt_get: true - update_cache: true - cache_valid_time: 86400 - roles: - - name: kotovalexarian.common - tags: common - handlers: - - name: Restart Apache - systemd: - name: apache2.service - state: restarted - tasks: - - name: Install system packages - apt: - name: - - cgit - - finger - - git - - python3-markdown - - python3-pygments - - - name: Create system group - group: - name: git - - - name: Create system user - user: - name: git - group: git - create_home: true - - - name: Create directory for SSH configuration - file: - state: directory - path: /home/git/.ssh - owner: git - group: git - mode: 'u=rwx,g=,o=' - - - name: Create SSH configuration of authorized keys - copy: - src: ../../files/authorized_keys - dest: /home/git/.ssh/authorized_keys - owner: git - group: git - mode: 'u=rw,g=,o=' - - - name: Disable system info message - copy: - content: '' - dest: /home/git/.hushlogin - owner: root - group: root - mode: 'u=rw,g=r,o=r' - - - name: Add git shell - copy: - src: ../../files/shells - dest: /etc/shells - owner: root - group: root - mode: 'u=rw,g=r,o=r' - - - name: Detect shell - shell: "/usr/bin/finger git | grep -oP 'Shell: \\K.*'" - register: detect_shell_result - changed_when: false - - - name: Use git shell - command: '/usr/bin/chsh git -s /usr/bin/git-shell' - when: detect_shell_result.stdout != '/usr/bin/git-shell' - - - name: Disable Apache configuration - command: '/usr/sbin/a2disconf cgit' - register: disable_apache_configuration_result - changed_when: > - disable_apache_configuration_result.stdout is search('Disabling conf') - notify: Restart Apache - - - name: Add Apache site - copy: - src: ../../files/git.crypto-libertarian.com.conf - dest: /etc/apache2/sites-available/git.crypto-libertarian.com.conf - owner: root - group: root - mode: 'u=rw,g=r,o=r' - notify: Restart Apache - - - name: Enable Apache site - command: '/usr/sbin/a2ensite git.crypto-libertarian.com.conf' - register: enable_apache_site_result - changed_when: > - enable_apache_site_result.stdout is search('Enabling site') - notify: Restart Apache - - - name: Install cgit configuration - copy: - src: ../../files/cgitrc - dest: /etc/cgitrc - owner: root - group: root - mode: 'u=rw,g=r,o=r' diff --git a/playbooks/deploy/site.yml b/playbooks/deploy/site.yml index e354b76..3be66e1 100644 --- a/playbooks/deploy/site.yml +++ b/playbooks/deploy/site.yml @@ -1,4 +1,3 @@ --- -- import_playbook: git.yml - import_playbook: postgres.yml - import_playbook: matrix.yml