kotovalexarian/fedihub-ansible
Archived
1
0
Fork 0
Code Activity

Remove host "git.crypto-libertarian.com"

Browse source
This commit is contained in:
Alex Kotov 2020-10-09 16:53:14 +05:00
parent 5f9a788354
commit b15e232c3d
Signed by: kotovalexarian
GPG key ID: 553C0EBBEB5D5F08
9 changed files with 0 additions and 307 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
files/cgitrc
View file

@ -1,82 +0,0 @@
# cgit config
# see cgitrc(5) for details
about-filter=/usr/lib/cgit/filters/html-converters/md2html
#agefile=info/web/last-modified
#auth-filter=none
#branch-sort=name
#cache-about-ttl=15
#cache-dynamic-ttl=5
#cache-repo-ttl=5
#cache-root=/var/cache/cgit
#cache-root-ttl=5
#cache-scanrc-ttl=15
#cache-size=0
#cache-snapshot-ttl=5
#cache-static-ttl=-1
case-sensitive-sort=0
#clone-prefix=none
clone-url=https://git.crypto-libertarian.com/$CGIT_REPO_URL.git git@git.crypto-libertarian.com:$CGIT_REPO_URL.git
#commit-filter=none
#commit-sort=unset
#css=/cgit.css
#email-filter=none
#embedded=none
enable-blame=1
enable-commit-graph=1
#enable-filter-overrides=none
enable-follow-links=1
#enable-git-config=0
enable-html-serving=1
enable-http-clone=0
enable-index-links=1
#enable-index-owner=1
enable-log-filecount=1
enable-log-linecount=1
enable-remote-branches=1
enable-subject-links=1
#enable-tree-linenumbers=1
#favicon=/favicon.ico
#footer=none
#head-include=none
#header=none
#local-time=0
#logo=/cgit.png
#logo-link=none
#max-atom-items=10
#max-blob-size=0
#max-commit-count=50
#max-message-length=80
#max-repo-count=50
#max-repodesc-length=80
max-stats=year
#mimetype-file=
#module-link=none
#noheader=none
noplainemail=1
#owner-filter=none
readme=:README.md
remove-suffix=1
#renamelimit=-1
#repository-sort=name
#robots=index, nofollow
#root-desc=a fast webinterface for the git dscm
#root-readme=none
#root-title=Git Repository Browser
#scan-hidden-path=0
#section-sort=1
section-from-path=1
side-by-side-diffs=1
snapshots=all
source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
#strict-export=
#summary-branches=10
#summary-log=10
#summary-tags=10
#virtual-root=none
#section=none
#project-list=none
scan-path=/home/git

49
files/git.crypto-libertarian.com.conf
View file

@ -1,49 +0,0 @@
NameVirtualHost *:80
<VirtualHost *:80>
ServerName git.crypto-libertarian.com
Redirect permanent / https://git.crypto-libertarian.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName git.crypto-libertarian.com
RewriteEngine on
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/git.crypto-libertarian.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/git.crypto-libertarian.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/git.crypto-libertarian.com/chain.pem
SetEnv GIT_PROJECT_ROOT /home/git
SetEnv GIT_HTTP_EXPORT_ALL
Alias /cgit.css /usr/share/cgit/cgit.css
Alias /cgit.png /usr/share/cgit/cgit.png
Alias /favicon.ico /usr/share/cgit/favicon.ico
Alias /robots.txt /usr/share/cgit/robots.txt
ScriptAliasMatch \
"(?x)^/(.*/(HEAD | \
info/refs | \
objects/(info/[^/]+ | \
[0-9a-f]{2}/[0-9a-f]{38} | \
pack/pack-[0-9a-f]{40}\.(pack|idx)) | \
git-(upload|receive)-pack))$" \
/usr/lib/git-core/git-http-backend/$1
ScriptAlias / /usr/lib/cgit/cgit.cgi/
<Directory "/usr/lib/git-core/">
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted
</Directory>
<Directory "/usr/lib/cgit/">
AllowOverride None
Options ExecCGI FollowSymlinks
Require all granted
</Directory>
</VirtualHost>

11
files/shells
View file

@ -1,11 +0,0 @@
# /etc/shells: valid login shells
/bin/sh
/bin/bash
/usr/bin/bash
/bin/rbash
/usr/bin/rbash
/bin/dash
/usr/bin/dash
/usr/bin/git-shell
/usr/bin/tmux
/usr/bin/screen

35
host_vars/git.crypto-libertarian.com.yml
View file

@ -1,35 +0,0 @@
---
ansible_become_pass_for:
kotovalexarian: !vault |
$ANSIBLE_VAULT;1.2;AES256;kotovalexarian
66653237663434333835653436376637653961656334336462313366336631643935636133373466
3830663364376231343335396631376133333332313466640a656135363061383136623038613334
37623132343764353561666465353263303266336136393663383366373036626163326637343861
3039303536646536300a313465363631633666653336386433613361333761636133376664393633
37303763616361653265663532316637663430666436366461313064656233313235383766633064
6334613838376431303330393165306533633261646335666234
ansible_become_pass: "{{ ansible_become_pass_for[admin] }}"
common__apache__state: install
common__apache__listen: [80, 443]
common__apache__modules: ['alias', 'cgid', 'env', 'rewrite', 'ssl']
common__certbot__cert_name: 'git.crypto-libertarian.com'
common__certbot__cert_domains:
- 'git.crypto-libertarian.com'
common__certbot__post_hook: 'systemctl is-active apache2.service || systemctl start apache2.service'
common__certbot__pre_hook: 'systemctl is-active apache2.service && systemctl stop apache2.service || true'
common__iptables__drop_by_default: true
common__iptables__v4_filter: |
# Allow incoming HTTP, HTTPS.
-A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Deny other HTTP, HTTPS.
-A INPUT -p tcp -m multiport --dports 80,443 -j REJECT
-A OUTPUT -p tcp -m multiport --sports 80,443 -j REJECT
common__iptables__v6_filter: '{{ common__iptables__v4_filter }}'

1
hosts
View file

@ -1,4 +1,3 @@
git.crypto-libertarian.com
matrix.crypto-libertarian.com matrix.crypto-libertarian.com
postgres.crypto-libertarian.com postgres.crypto-libertarian.com

21
playbooks/backup/git.yml
View file

@ -1,21 +0,0 @@
---
- hosts: git.crypto-libertarian.com
tasks:
- name: Remove archive of "/home/git"
file:
dest: /tmp/git_repos.tar.gz
state: absent
- name: Archive "/home/git"
archive:
path: /home/git
dest: /tmp/git_repos.tar.gz
format: gz
owner: root
group: root
mode: 'u=rw,g=r,o='
- name: Fetch archive of "/home/git"
fetch:
src: /tmp/git_repos.tar.gz
dest: ../../backups

1
playbooks/backup/site.yml
View file

@ -1,3 +1,2 @@
--- ---
- import_playbook: git.yml
- import_playbook: postgres.yml - import_playbook: postgres.yml

106
playbooks/deploy/git.yml
View file

@ -1,106 +0,0 @@
---
- hosts: git.crypto-libertarian.com
module_defaults:
apt:
force_apt_get: true
update_cache: true
cache_valid_time: 86400
roles:
- name: kotovalexarian.common
tags: common
handlers:
- name: Restart Apache
systemd:
name: apache2.service
state: restarted
tasks:
- name: Install system packages
apt:
name:
- cgit
- finger
- git
- python3-markdown
- python3-pygments
- name: Create system group
group:
name: git
- name: Create system user
user:
name: git
group: git
create_home: true
- name: Create directory for SSH configuration
file:
state: directory
path: /home/git/.ssh
owner: git
group: git
mode: 'u=rwx,g=,o='
- name: Create SSH configuration of authorized keys
copy:
src: ../../files/authorized_keys
dest: /home/git/.ssh/authorized_keys
owner: git
group: git
mode: 'u=rw,g=,o='
- name: Disable system info message
copy:
content: ''
dest: /home/git/.hushlogin
owner: root
group: root
mode: 'u=rw,g=r,o=r'
- name: Add git shell
copy:
src: ../../files/shells
dest: /etc/shells
owner: root
group: root
mode: 'u=rw,g=r,o=r'
- name: Detect shell
shell: "/usr/bin/finger git | grep -oP 'Shell: \\K.*'"
register: detect_shell_result
changed_when: false
- name: Use git shell
command: '/usr/bin/chsh git -s /usr/bin/git-shell'
when: detect_shell_result.stdout != '/usr/bin/git-shell'
- name: Disable Apache configuration
command: '/usr/sbin/a2disconf cgit'
register: disable_apache_configuration_result
changed_when: >
disable_apache_configuration_result.stdout is search('Disabling conf')
notify: Restart Apache
- name: Add Apache site
copy:
src: ../../files/git.crypto-libertarian.com.conf
dest: /etc/apache2/sites-available/git.crypto-libertarian.com.conf
owner: root
group: root
mode: 'u=rw,g=r,o=r'
notify: Restart Apache
- name: Enable Apache site
command: '/usr/sbin/a2ensite git.crypto-libertarian.com.conf'
register: enable_apache_site_result
changed_when: >
enable_apache_site_result.stdout is search('Enabling site')
notify: Restart Apache
- name: Install cgit configuration
copy:
src: ../../files/cgitrc
dest: /etc/cgitrc
owner: root
group: root
mode: 'u=rw,g=r,o=r'

1
playbooks/deploy/site.yml
View file

@ -1,4 +1,3 @@
--- ---
- import_playbook: git.yml
- import_playbook: postgres.yml - import_playbook: postgres.yml
- import_playbook: matrix.yml - import_playbook: matrix.yml