1 files changed, 97 insertions, 0 deletions

diff --git a/playbooks/git.yaml b/playbooks/git.yaml
new file mode 100644
index 0000000..d166c4a
--- /dev/null
+++ b/playbooks/git.yaml
@@ -0,0 +1,97 @@
+- name: Git browser
+  hosts: hollyhock
+  become: true
+  vars:
+    git_namespace: "{{ git_repo_root }}/sorantics"
+  tasks:
+    - name: Install dependencies
+      ansible.builtin.apt:
+        name:
+          - cgit
+          - fcgiwrap
+          - git
+        state: present
+        update_cache: true
+
+    - name: Enable fcgiwrap socket
+      ansible.builtin.systemd:
+        name: fcgiwrap.socket
+        state: started
+        enabled: true
+
+    - name: Create git repository directory
+      ansible.builtin.file:
+        path: "{{ git_repo_root }}"
+        state: directory
+        owner: "{{ git_user }}"
+        group: "{{ git_group }}"
+        mode: "0755"
+
+    - name: Create Sorantics git namespace
+      ansible.builtin.file:
+        path: "{{ git_namespace }}"
+        state: directory
+        owner: "{{ git_user }}"
+        group: "{{ git_group }}"
+        mode: "0755"
+
+    - name: Create infra repository # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: git init --bare infra.git
+        chdir: "{{ git_namespace }}"
+        creates: "{{ git_namespace }}/infra.git/HEAD"
+      become: true
+      become_user: "{{ git_user }}"
+
+    - name: Setup bare infra repository
+      ansible.builtin.file:
+        path: "{{ git_namespace }}/infra.git"
+        state: directory
+        owner: "{{ git_user }}"
+        group: "{{ git_group }}"
+        recurse: true
+
+    - name: Describe infra repository
+      ansible.builtin.copy:
+        content: "Remote infrastructure.\n"
+        dest: "{{ git_namespace }}/infra.git/description"
+        owner: "{{ git_user }}"
+        group: "{{ git_group }}"
+        mode: "0644"
+
+    - name: Configure cgit
+      ansible.builtin.template:
+        src: cgitrc.j2
+        dest: /etc/cgitrc
+        mode: "0644"
+
+    - name: Copy nginx config
+      ansible.builtin.template:
+        src: nginx/git.conf.j2
+        dest: /etc/nginx/sites-available/git
+        mode: "0644"
+      notify: Test and restart nginx
+
+    - name: Disable http and https nginx sites
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - /etc/nginx/sites-enabled/git-http
+        - /etc/nginx/sites-enabled/git-https
+      notify:
+        - Test and restart nginx
+
+    - name: Enable nginx config
+      ansible.builtin.file:
+        src: /etc/nginx/sites-available/git
+        dest: /etc/nginx/sites-enabled/git
+        state: link
+        owner: "{{ nginx_user }}"
+        group: "{{ nginx_group }}"
+      notify:
+        - Test and restart nginx
+
+  handlers:
+    - name: Test and restart nginx
+      ansible.builtin.include_tasks: tasks/test_and_restart_nginx.yaml