CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 10 Pull requests 9 Wiki Activity Actions

Vendor Galaxy Roles and Collections
Some checks failed
/ Ansible Lint (push) Failing after 5m45s
Details
/ Ansible Lint (pull_request) Failing after 4m59s
Details

Browse source
This commit is contained in:
Stefan Bethke 2026-02-06 22:07:16 +01:00
commit 2aed20393f
3553 changed files with 387444 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
ansible_collections/debops/debops/roles/gitusers/COPYRIGHT Normal file
View file

@ -0,0 +1,19 @@
debops.gitusers - Manage git-based deployment accounts
Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
Copyright (C) 2015-2019 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only
This Ansible role is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.

158
ansible_collections/debops/debops/roles/gitusers/defaults/main.yml Normal file
View file

@ -0,0 +1,158 @@
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# .. Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# .. Copyright (C) 2015-2019 DebOps <https://debops.org/>
# .. SPDX-License-Identifier: GPL-3.0-only
# .. _gitusers__ref_defaults:
# debops.gitusers default variables
# =================================
# .. contents:: Sections
# :local:
#
# .. include:: ../../../../includes/global.rst
# --- An example account entry, everything except 'name' is optional
# List of all recognized values, default value listed first
#
# - name: 'username' # mandatory, default group if not defined
# state: 'present,absent'
# group: 'name' # default group
# groups: [] # list of groups to set
# append: yes/no # add to, or set groups
# gid: ''
# uid: ''
# comment: 'GECOS entry'
# systemuser: False/True # create system user
# systemgroup: False/True # create system group
#
# domain: '{{ ansible_domain }}' # for git users
#
# # Create ~/.forward file (set to False to remove ~/.forward)
# forward: [ 'user@domain', 'account' ]
#
# # Add or disable ssh authorized keys (set to False to remove ~/.ssh/authorized_keys
# sshkeys: [ 'list', 'of', 'keys' ]
#
# # List of permissions for a particular user account
# permissions: [ 'deploy' ]
# --- Lists of different accounts to create/manage ---
# .. envvar:: gitusers_list [[[
#
# "Global" users
gitusers_list: []
# ]]]
# .. envvar:: gitusers_group_list [[[
#
# "Host group" users
gitusers_group_list: []
# ]]]
# .. envvar:: gitusers_host_list [[[
#
# "Host" users
gitusers_host_list: []
# ]]]
# --- Global defaults ---
# .. envvar:: gitusers_name_suffix [[[
#
# Add a suffix to an account name, for example '-git'
gitusers_name_suffix: ""
# ]]]
# .. envvar:: gitusers_default_shell [[[
#
# Shell enforced on all git-shell accounts
gitusers_default_shell: '/usr/bin/git-shell'
# ]]]
# .. envvar:: gitusers_default_groups_list [[[
#
# List of groups git-shell users belong to (git-shell requires SSH access)
gitusers_default_groups_list: [ 'sshusers' ]
# ]]]
# .. envvar:: gitusers_default_groups_append [[[
#
# Should default groups be added to, or replace current user groups? Set to
# 'no' to enforce your preferred list of groups
gitusers_default_groups_append: 'yes'
# ]]]
# .. envvar:: gitusers_default_home_prefix [[[
#
# Directory where git-shell user home will be created
gitusers_default_home_prefix: '{{ (ansible_local.fhs.data | d("/srv"))
+ "/gitusers" }}'
# ]]]
# .. envvar:: gitusers_default_home_mode [[[
#
# Unix permissions enforced on users home directories
gitusers_default_home_mode: '0750'
# ]]]
# .. envvar:: gitusers_git_scripts [[[
#
# Main location of gitusers scripts
gitusers_git_scripts: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/gitusers" }}'
# ]]]
# .. envvar:: gitusers_default_www_prefix [[[
#
# Path to directory where websites are stored
gitusers_default_www_prefix: '{{ ansible_local.nginx.www if (ansible_local is defined and ansible_local.nginx is defined and ansible_local.nginx.www is defined) else "/srv/www" }}'
# ]]]
# .. envvar:: gitusers_default_www_group [[[
#
# System group which should be allowed access to website directory
gitusers_default_www_group: '{{ ansible_local.nginx.user if (ansible_local is defined and ansible_local.nginx is defined and ansible_local.nginx.user is defined) else "www-data" }}'
# ]]]
# .. envvar:: gitusers_default_domain [[[
#
# What domain should git users use for publishing websites
gitusers_default_domain: '{{ ansible_domain }}'
# ]]]
# .. envvar:: gitusers_default_user_domain [[[
#
# Domain used for userdir repositories
gitusers_default_user_domain: '{{ ansible_fqdn }}'
# ]]]
# .. envvar:: gitusers_default_permissions [[[
#
# List of default permissions for users that don't have specific
# 'item.permissions' key set. Known permissions:
# - ``deploy``: allow execution of custom ./deploy script in repository
gitusers_default_permissions: []
# ]]]
# .. envvar:: gitusers_default_hook_list [[[
#
# Default set of git hooks installed in a new repository
gitusers_default_hook_list: 'jekyll'
# ]]]
# .. envvar:: gitusers_default_hooks [[[
#
# A map of git hooks that can be installed in a repository by users via 'init'
# command
gitusers_default_hooks:
'jekyll': [ 'post-receive.d/00_checkout', 'post-checkout.d/00_submodule', 'post-checkout.d/jekyll' ]
'deploy': [ 'post-receive.d/00_checkout', 'post-checkout.d/00_submodule', 'post-checkout.d/deploy' ]
# ]]]

17
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/functions.sh Normal file
View file

@ -0,0 +1,17 @@
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Helper function which checks if a given element is in array
in_array () {
local array="$1[@]"
local seeking=$2
local in=1
for element in "${!array}"; do
if [[ $element == $seeking ]]; then
in=0
break
fi
done
return $in
}

51
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/bare Executable file
View file

@ -0,0 +1,51 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Convert <repository> to bare repository (no work directory)
EOF
exit 1
fi
# Sanitize repository name
repository="${1//[^a-zA-Z0-9\.\/\_-]/}"
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
if [ -d "${project}" ] ; then
cd "${HOME}/${project}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi
set +e
worktree="$(git config --get core.worktree)"
denybranch="$(git config --get receive.denyCurrentBranch)"
set -e
if [ -n "${worktree}" ] ; then
if [ -d "${worktree}" ] ; then
rm -rf "${worktree}"
echo "Work directory of ${repository} deleted"
fi
git config --unset-all core.worktree
fi
git config deploy.bare true
git config core.bare true
if [ -n "${denybranch}" ] ; then
git config --unset-all receive.denyCurrentBranch
fi
echo "Repository ${repository} is now bare"

73
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/checkout Executable file
View file

@ -0,0 +1,73 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
checkout_command="hooks/post-receive.d/00_checkout"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository> [branch]
Check out <repository> to current work tree from master branch or [branch]
If [branch] is specified, set it as default branch
After checkout, run post-checkout hooks
EOF
exit 1
fi
# Sanitize repository name
repository="${1//[^a-zA-Z0-9\.\/\_-]/}"
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
# Sanitize branch name
branch="${2//[^a-zA-Z0-9\.\_-]/}"
if [ -d "${project}" ] ; then
cd "${HOME}/${project}"
set +e
currentworktree="$(git config deploy.worktree)"
currentbranch="$(git config deploy.branch)"
currentbare="$(git config deploy.bare)"
set -e
if [ -z "${currentbranch}" ] ; then
echo "Error: No branches present" && exit 1
fi
if [ -n "${branch}" ] ; then
if git show-ref --verify --quiet "refs/heads/${branch}" ; then
git config deploy.branch "${branch}"
git config deploy.ref "refs/heads/${branch}"
echo "Branch '${branch}' set as default"
else
echo "Error: Branch '${branch}' not found" && exit 1
fi
else
branch="${currentbranch}"
fi
if [ -z "${currentworktree}" ] ; then
echo "Error: No work directory specified" && exit 1
fi
currentrev="$(git rev-parse "refs/heads/${currentbranch}")"
newrev="$(git rev-parse "refs/heads/${branch}")"
if [ -x "${checkout_command}" ] ; then
if [ -n "${currentbare}" ] && [ "${currentbare}" = "true" ] ; then
echo "Converting repository from bare to normal"
fi
git config deploy.bare false
echo "${currentrev} ${newrev} refs/heads/${branch}" | ${checkout_command}
fi
else
echo "Error: No repository named ${repository}" && exit 1
fi

55
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/clean Executable file
View file

@ -0,0 +1,55 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
# Directory where public contents are stored
gitusers_data="$(git config --global --get gitusers.data)"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Delete everything in the public directory of <repository>
EOF
exit 1
fi
# Sanitize repository name
repository="${1//[^a-zA-Z0-9\.\/\_-]/}"
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
if [ -d "${project}" ] ; then
cd "${HOME}/${project}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi
set +e
public="$(git config --get deploy.public)"
snapshot="$(git config --get deploy.snapshot)"
set -e
if [ -z "${snapshot}" ] && [ -n "${public}" ] ; then
if [ "${public##"$gitusers_data"}" != "${public}" ] ; then
if [ -d "${public}" ] ; then
rm -rf "${public}"
echo "Public directory '${public}' cleaned"
else
echo "Error: Public directory '${public}' does not exist" && exit 1
fi
else
echo "Error: Public directory '${public}' is outside of allowed path" && exit 1
fi
elif [ -n "${snapshot}" ] ; then
echo "Error: ${repository} is a snapshot repository, aborting" && exit 1
else
echo "Public directory is not configured"
fi

53
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/drop Executable file
View file

@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Delete <repository>
EOF
exit 1
fi
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
if [ -d "${project}" ] ; then
cd "${HOME}/${project}"
set +e
worktree=$(git config --get deploy.worktree)
public=$(git config --get deploy.public)
snapshot=$(git config --get deploy.snapshot)
set -e
cd "${HOME}"
if [ -z "${snapshot}" ] && [ -n "${public}" ] && [ -d "${public}" ] ; then
echo "Removing public directory ${public}"
rm -rf "${public}"
fi
if [ -n "${worktree}" ] && [ -d "${worktree}" ] ; then
if [ -n "${snapshot}" ] ; then
echo "Removing snapshot link in ${worktree}"
test -f "${public}/.git" && rm -f "${worktree}/.git"
else
echo "Removing work directory ${worktree}"
rm -rf "${worktree}"
fi
fi
echo "Removing repository ${HOME}/${project}"
rm -rf "${HOME:?}/${project:?}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi

25
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/help Executable file
View file

@ -0,0 +1,25 @@
#!/bin/sh
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
if tty -s ; then
if [ -r "${HOME}/.motd" ] ; then
cat "${HOME}/.motd"
fi
echo "Run '<command>' for help, or 'exit' to leave. Available commands:"
else
echo "Run '<command>' for help. Available commands:"
fi
cd "$(dirname "$0")" || exit
for cmd in * ; do
case "$cmd" in
help) ;;
*) [ -f "$cmd" ] && [ -x "$cmd" ] && echo "$cmd" ;;
esac
done

64
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/info Executable file
View file

@ -0,0 +1,64 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
userdomain="$(git config --global --get gitusers.userdir.domain)"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Shows status of a given repository
EOF
exit 1
fi
if [ -n "${1}" ] ; then
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
else
echo "Error: No repository specified" && exit 1
fi
if [ -d "${HOME}/${project}" ] ; then
cd "${HOME}/${project}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi
set +e
currentworktree="$(git config deploy.worktree)"
currentpublic="$(git config deploy.public)"
currentbranch="$(git config deploy.branch)"
currentdomain="$(git config deploy.domain)"
currentuserdir="$(git config --bool deploy.userdir)"
localbranches="$(git branch | awk -F ' +' '$2 !~ /detached/ {print $2}' | xargs)"
set -e
echo "Repository directory: $(pwd)"
if [ -n "${currentworktree}" ] ; then
echo "Work directory: ${currentworktree}"
fi
if [ -n "${currentpublic}" ] ; then
echo "Public directory: ${currentpublic}"
fi
if [ -n "${currentbranch}" ] ; then
echo "Default branch: ${currentbranch}"
fi
if [ -n "${localbranches}" ] ; then
echo "Local branches: ${localbranches}"
fi
if [ -n "${currentdomain}" ] ; then
echo "Domain URL: http://${currentdomain}/"
elif [ -n "${currentuserdir}" ] ; then
echo "Userdir URL: http://${userdomain}/~${USER}/"
fi

98
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/init Executable file
View file

@ -0,0 +1,98 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
system_functions="$(git config --global --get gitusers.system.functions)"
# shellcheck disable=SC1090
test -x "${system_functions}" && source "${system_functions}"
# Directory with available hooks
system_git_hooks="$(git config --global --get gitusers.init.hooks)"
# What hook types are known and allowed
read -r -a allowed_hooks <<< "$(git config --global --get gitusers.hooks)"
# Name of default repository type to use if it's not specified by user
read -r -a default_repository_type <<< "$(git config --global --get gitusers.init.type)"
# Default directory where repositories are checked out
checkout_path="$(git config --global --get gitusers.init.path)"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository> [type]
Create new repository with optional [type] as default
Available types: ${allowed_hooks[@]}
EOF
exit 1
fi
# ---- Prepare environment ----
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
# Sanitize repository type
if [ -n "${2}" ] ; then
repository_type="${2//[^a-zA-Z0-9]/}"
else
repository_type="${default_repository_type[*]}"
fi
if [ -n "${repository_type}" ] && ! in_array allowed_hooks "${repository_type}" ; then
echo "Error: Unknown repository type" && exit 1
fi
# List of hooks installed by default
read -r -a default_hooks <<< "$(git config --global --get "gitusers.hookmap.${repository_type}")"
# Define a worktree outside of the home directory
worktree="${checkout_path}/${repository}.checkout"
# ---- Create and initialize the project ----
mkdir -p "${HOME}/${project}"
cd "${HOME}/${project}"
if ! [ -r "config" ] ; then
git init --bare
git config deploy.bare "false"
git config deploy.worktree "${worktree}"
git config deploy.type "${repository_type}"
fi
# ---- Reset default hooks ----
if [ -n "${default_hooks[*]}" ] ; then
for hook in "${default_hooks[@]}" ; do
hook_dir="$(dirname "${hook}")"
test -d "hooks/${hook_dir}" && rm -rf "hooks/${hook_dir}"
done
fi
# ---- Configure default hooks ----
if [ -n "${default_hooks[*]}" ] ; then
for hook in "${default_hooks[@]}" ; do
hook_dir=$(dirname "${hook}")
hook_type="${hook_dir//\.d$/}"
echo "Installing ${hook_type} hook: $(basename "${hook}")"
test -d "hooks/${hook_dir}" || mkdir -p "hooks/${hook_dir}"
test -x "${system_git_hooks}/${hook}" && ln -sf "${system_git_hooks}/${hook}" "hooks/${hook_dir}/$(basename "${hook}")"
test -L "hooks/hook-chain" || ln -sf "${system_git_hooks}/hook-chain" "hooks/hook-chain"
test -L "hooks/${hook_type}" || ln -sf "hook-chain" "hooks/${hook_type}"
done
fi

16
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/list Executable file
View file

@ -0,0 +1,16 @@
#!/bin/sh
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
# shellcheck disable=SC2016
print_if_repo='
if $(git --git-dir="$1" rev-parse) ; then
printf "%s\n" "${1#./}" | sed -e "s/\.git$//i"
fi
'
find . -type d -name "*.git" -exec sh -c "$print_if_repo" -- \{\} \; -prune 2>/dev/null | sort

100
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/publish Executable file
View file

@ -0,0 +1,100 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
parentdomain="$(git config --global --get gitusers.publish.domain)"
userdomain="$(git config --global --get gitusers.userdir.domain)"
publish_path="$(git config --global --get gitusers.publish.path)"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository> <domain>
Publish repository on a given <domain>
EOF
exit 1
fi
if [ -n "${1}" ] ; then
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
else
echo "Error: No repository specified" && exit 1
fi
if [ -d "${HOME}/${project}" ] ; then
cd "${HOME}/${project}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi
set +e
currentworktree=$(git config deploy.worktree)
currentpublic=$(git config deploy.public)
currentbranch=$(git config deploy.branch)
currentdomain=$(git config deploy.domain)
currentuserdir=$(git config --bool deploy.userdir)
set -e
if [ -n "${2}" ] ; then
if [ -z "${2//[^a-zA-Z0-9]/}" ] || [ -n "${2//[^\/]/}" ]; then
echo "Error: illegal domain: '${2}'" && exit 1
fi
# Sanitize domain name
domain="${2//[^a-zA-Z0-9\.\-]/}"
if [[ ${domain} != *.* ]] ; then
domain="${domain}.${parentdomain}"
fi
else
if [ -n "${currentpublic}" ] ; then
cat <<-EOF
Work directory: ${currentworktree}
Public directory: ${currentpublic}
Current branch: ${currentbranch}
EOF
if [ -n "${currentuserdir}" ] ; then
cat <<-EOF
Userdir URL: http://${userdomain}/~${USER}/
EOF
else
cat <<-EOF
Domain URL: http://${currentdomain}/
EOF
fi
exit 1
else
if [[ ${repository} == */* ]] ; then
repository=$(echo "${repository}" | sed -e 's!^\([^/]*\)/\(.*\)$!\2/\1!' -e 's/\//./g')
fi
domain="${repository}.${parentdomain}"
fi
fi
public="${publish_path}/${domain}/public"
if [ -n "${domain}" ] ; then
git config deploy.public "${public}"
git config deploy.domain "${domain}"
set +e
git config --unset-all deploy.userdir
set -e
cat <<-EOF
Work directory: ${currentworktree}
Public directory: ${public}
Active branch: ${currentbranch}
Domain URL: http://${domain}/
EOF
fi

52
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/rename Executable file
View file

@ -0,0 +1,52 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository> <newrepository>
Change name of <repository> to <newrepository>
EOF
exit 1
fi
if [ -n "${1}" ] ; then
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
else
echo "Error: No repository name given" && exit 1
fi
if [ -n "${2}" ] ; then
# Sanitize new repository name
newrepository=${2//[^a-zA-Z0-9\.\/\_-]/}
newproject=$(echo "${newrepository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
else
echo "Error: No new repository name given" && exit 1
fi
if [ -d "${project}" ] ; then
if [[ ${newrepository} == */* ]] ; then
mkdir -p "$(dirname "${HOME}/${newrepository}")"
fi
if [ -d "${newproject}" ] ; then
echo "Error: Repository ${newrepository} already exists" && exit 1
else
mv "${HOME}/${project}" "${HOME}/${newproject}"
echo "Repository ${repository} renamed to ${newrepository}"
exit 0
fi
else
echo "Error: Repository ${repository} not found" && exit 1
fi

78
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/snapshot Executable file
View file

@ -0,0 +1,78 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
# Directory with available post-receive hooks
git_hooks="$(git config --global --get gitusers.init.hooks)"
# List of post-receive hooks installed by default
default_hooks=( post-receive.d/00_checkout )
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Create a snapshot from the public dir of given repository
EOF
exit 1
fi
# ---- Prepare environment ----
# Sanitize repository name
repository=${1//[^a-zA-Z0-9\.\/\_-]/}
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
if [ ! -d "${project}" ] ; then
echo "Project '${project}' not found" && exit 1
fi
cd "${HOME}/${project}"
set +e
branch=$(git config --get deploy.branch)
public=$(git config --get deploy.public)
set -e
snapshot="${HOME}/$(dirname "${project}")/$(basename "${project}" .git).snapshot.git"
if [ -z "${public}" ] ; then
echo "Error: Public directory is not configured" && exit 1
fi
if [ ! -d "${public}" ] ; then
echo "Error: Public directory does not exist" && exit 1
fi
cd "${public}" || exit 1
git init --separate-git-dir="${snapshot}"
git config deploy.bare false
git config deploy.worktree "${public}"
git config deploy.public "${public}"
git config deploy.branch master
git config deploy.snapshot true
git add .
git commit -m "Snapshot of '${USER}@$(hostname --fqdn):${public} [${branch}]'"
cd "${snapshot}" || exit 1
if [ -n "${default_hooks[*]}" ] ; then
for hook in "${default_hooks[@]}" ; do
hook_dir=$(dirname "${hook}")
hook_type="${hook_dir//\.d$/}"
echo "Installing ${hook_type} hook: $(basename "${hook}")"
test -d "hooks/${hook_dir}" || mkdir -p "hooks/${hook_dir}"
test -x "${git_hooks}/${hook}" && ln -sf "${git_hooks}/${hook}" "hooks/${hook_dir}/$(basename "${hook}")"
test -L "hooks/hook-chain" || ln -sf "${git_hooks}/hook-chain" "hooks/hook-chain"
test -L "hooks/${hook_type}" || ln -sf "hook-chain" "hooks/${hook_type}"
done
fi

17
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/sshkey Executable file
View file

@ -0,0 +1,17 @@
#!/bin/sh
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
sshkey="${HOME}/.ssh/id_rsa.pub"
if [ ! -r "${sshkey}" ] ; then
ssh-keygen -f "${HOME}/.ssh/id_rsa" -q -t rsa -N ""
fi
cat "${sshkey}"

59
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/git-shell-commands/userdir Executable file
View file

@ -0,0 +1,59 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
domain="$(git config --global --get gitusers.userdir.domain)"
userdir_path="$(git config --global --get gitusers.userdir.path)"
# If no project name is given, display help
if [ $# -eq 0 ] ; then
cat <<-EOF
Usage: $(basename "${0}") <repository>
Publish <repository> as http://${domain}/~${USER}/
EOF
exit 1
fi
if [ -n "${1}" ] ; then
# Sanitize repository name
repository="${1//[^a-zA-Z0-9\.\/\_-]/}"
project=$(echo "${repository}" | sed -e 's/^\///i' -e 's/\.\././g' -e 's/^\.//i' -e 's/\.git$\|$/.git/i')
else
echo "Error: No repository specified" && exit 1
fi
if [ -d "${HOME}/${project}" ] ; then
cd "${HOME}/${project}"
else
echo "Error: Repository ${repository} not found" && exit 1
fi
set +e
currentworktree=$(git config deploy.worktree)
currentbranch=$(git config deploy.branch)
set -e
public="${userdir_path}/public"
[ -d "${public}" ] || mkdir -p "${public}"
git config deploy.public "${public}"
git config --bool deploy.userdir true
set +e
git config --unset-all deploy.domain
set -e
cat <<-EOF
Work directory: ${currentworktree}
Public directory: ${public}
Active branch: ${currentbranch}
Userdir URL: http://${domain}/~${USER}/
EOF

28
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/hooks/hook-chain Executable file
View file

@ -0,0 +1,28 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# This file is managed by Ansible, all changes will be lost
set -e
data=$(cat)
params="${*}"
exitcodes=()
hooktype=$(basename "$0")
GIT_DIR="$(git rev-parse --git-dir)"
if [ -e "${GIT_DIR}/hooks/${hooktype}.d" ] ; then
for hook in "${GIT_DIR}"/hooks/"${hooktype}".d/* ; do
test -x "${hook}" || continue
echo "${data}" | "${hook}" "${params}"
exitcodes+=($?)
done
for i in "${exitcodes[@]}"; do
[ "$i" == 0 ] || exit "$i"
done
fi

17
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/hooks/post-checkout.d/00_submodule Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Update submodules
set -e
worktree="$(git config --get deploy.worktree)"
test -d "${worktree}" || mkdir -p "${worktree}"
cd "${worktree}" || exit 1
git submodule sync && git submodule update --init --force --recursive

73
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/hooks/post-checkout.d/deploy Executable file
View file

@ -0,0 +1,73 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Run deployment script
oldrev="${1}"
newrev="${2}"
system_functions="$(git config --global --get gitusers.system.functions)"
# shellcheck disable=SC1090
test -x "${system_functions}" && source "${system_functions}"
read -r -a permissions <<< "$(git config --global --get gitusers.permissions)"
worktree="$(git config --get deploy.worktree)"
public="$(git config --get deploy.public)"
setup="$(git config --get deploy.setup)"
test -d "${worktree}" || mkdir -p "${worktree}"
cd "${worktree}" || exit 1
if [ -n "${public}" ] ; then
export DEPLOY_PUBLIC="${public}"
fi
logfile="log/deploy.log"
restartfile="tmp/restart.txt"
if [ -n "${permissions[*]}" ] && in_array permissions deploy ; then
if [ -z "${setup}" ]; then
# this is the first push; this branch was just created
mkdir -p log tmp
chmod 0775 log tmp
touch $logfile $restartfile
chmod 0664 $logfile $restartfile
# execute the one-time setup hook
if [ -x deploy/setup ] ; then
echo "DEPLOY_PUBLIC=\"${DEPLOY_PUBLIC}\""
deploy/setup "${oldrev}" "${newrev}" 2>&1 | tee -a "${logfile}"
fi
git config deploy.setup true
else
mkdir -p log tmp
chmod 0775 log tmp
touch $logfile $restartfile
chmod 0664 $logfile $restartfile
# log timestamp
echo "==== $(date) ====" >> "${logfile}"
# execute the main deploy hook
if [ -x deploy/after_push ] ; then
echo "DEPLOY_PUBLIC=\"${DEPLOY_PUBLIC}\""
deploy/after_push "${oldrev}" "${newrev}" 2>&1 | tee -a "${logfile}"
fi
fi
else
if test -x "${worktree}/deploy/setup" ; then
echo "No permission to run deploy script"
fi
fi

22
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/hooks/post-checkout.d/jekyll Executable file
View file

@ -0,0 +1,22 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Build Jekyll website
set -e
worktree=$(git config --get deploy.worktree)
public=$(git config --get deploy.public)
test -d "${worktree}" || mkdir -p "${worktree}"
cd "${worktree}" || exit 1
if [ -n "${public}" ] ; then
if type jekyll > /dev/null ; then
jekyll build --destination "${public}"
fi
fi

61
ansible_collections/debops/debops/roles/gitusers/files/var/lib/gitusers/hooks/post-receive.d/00_checkout Executable file
View file

@ -0,0 +1,61 @@
#!/usr/bin/env bash
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Check out git branch to work directory
unset GIT_INDEX_FILE
real_bare="$(git config --get core.bare)"
bare="$(git config --get deploy.bare)"
worktree="$(git config deploy.worktree)"
branch="$(git config deploy.branch)"
set -e
GIT_DIR="$(pwd)"
GIT_WORK_TREE="${worktree}"
export GIT_DIR
export GIT_WORK_TREE
if [ -n "${bare}" ] && [ "${bare}" = "false" ] ; then
test -d "${worktree}" || mkdir -p "${worktree}"
if [ -r "${worktree}/.git" ] ; then
cd "${worktree}" || exit 1
if ! git diff --quiet ; then
echo "Error: Found tracked changes in work directory, aborting" && exit 1
fi
if git ls-files --others --exclude-standard | grep >/dev/null . ; then
echo "Error: Found untracked files in work directory, aborting" && exit 1
fi
cd - > /dev/null
fi
# shellcheck disable=SC2034
while read -r oldrev newrev ref ; do
if [ -z "${branch}" ] ; then
branch="${ref##refs/heads/}"
git symbolic-ref HEAD "${ref}"
git config deploy.branch "${branch}"
git config deploy.ref "${ref}"
fi
if [[ ${ref} =~ .*/${branch}$ ]] ; then
echo "gitdir: ${GIT_DIR}" > "${worktree}/.git"
git config deploy.bare false
git config core.bare false
git config core.worktree "${worktree}"
git config receive.denyCurrentBranch ignore
if [ "${real_bare}" = "${bare}" ] ; then
git checkout -f "${branch}"
else
git checkout -f
fi
fi
done
fi

30
ansible_collections/debops/debops/roles/gitusers/meta/main.yml Normal file
View file

@ -0,0 +1,30 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2022 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Ensure that custom Ansible plugins and modules included in the main DebOps
# collection are available to roles in other collections.
collections: [ 'debops.debops' ]
dependencies: []
galaxy_info:
author: 'Maciej Delmanowski'
description: 'Manage user accounts based around git-shell'
company: 'DebOps'
license: 'GPL-3.0-only'
min_ansible_version: '1.7.0'
platforms:
- name: 'Ubuntu'
versions: [ 'all' ]
- name: 'Debian'
versions: [ 'all' ]
galaxy_tags:
- system
- git

29
ansible_collections/debops/debops/roles/gitusers/tasks/forward.yml Normal file
View file

@ -0,0 +1,29 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#- name: Configure ~/.forward for users
# ansible.builtin.template:
# src: 'srv/gitusers/forward.j2'
# dest: '{{ item.home | default(gitusers_default_home_prefix + "/" + item.name + gitusers_name_suffix) }}/.forward'
# owner: '{{ item.name + gitusers_name_suffix }}'
# group: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
# mode: '0644'
# loop: '{{ q("flattened", gitusers_list
# + gitusers_group_list
# + gitusers_host_list) }}'
# when: ((item.name is defined and item.name) and
# (item.state is undefined or (item.state is defined and item.state != 'absent')) and
# (item.forward is defined and item.forward))
#
#- name: Remove ~/.forward from user account when disabled
# ansible.builtin.file:
# dest: '{{ item.home | default(gitusers_default_home_prefix + "/" + item.name + gitusers_name_suffix) }}/.forward'
# state: 'absent'
# loop: '{{ q("flattened", gitusers_list
# + gitusers_group_list
# + gitusers_host_list) }}'
# when: ((item.name is defined and item.name) and
# (item.state is undefined or (item.state is defined and item.state != 'absent')) and
# (item.forward is defined and item.forward == False))

76
ansible_collections/debops/debops/roles/gitusers/tasks/git-shell.yml Normal file
View file

@ -0,0 +1,76 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Create gitusers scripts path
ansible.builtin.file:
path: '{{ gitusers_git_scripts }}'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
- name: Install gitusers scripts
ansible.builtin.copy:
src: 'var/lib/gitusers/'
dest: '{{ gitusers_git_scripts }}'
owner: 'root'
group: 'root'
mode: '0755'
- name: Prepare gituser environment
ansible.builtin.template:
src: 'srv/gitusers/{{ item.1 }}.j2'
dest: '{{ item.0.home | default(gitusers_default_home_prefix + "/"
+ item.0.name + gitusers_name_suffix) }}/.{{ item.1 }}'
owner: 'root'
group: 'root'
mode: '0644'
with_nested:
- '{{ gitusers_list + gitusers_group_list + gitusers_host_list }}'
- [ 'forward', 'gitconfig', 'motd' ]
when: ((item.0.name is defined and item.0.name) and
(item.0.state is undefined or (item.0.state is defined and item.0.state != 'absent')))
- name: Create base directory for user websites
ansible.builtin.file:
path: '{{ gitusers_default_www_prefix }}/{{ item.group | default(item.name + gitusers_name_suffix) }}'
state: 'directory'
owner: 'root'
group: '{{ gitusers_default_www_group }}'
mode: '0711'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(item.state is undefined or (item.state is defined and item.state != 'absent')))
- name: Create root directory for user websites
ansible.builtin.file:
path: '{{ gitusers_default_www_prefix }}/{{ item.0.group | default(item.0.name
+ gitusers_name_suffix) }}/{{ item.1 }}'
state: 'directory'
owner: 'root'
group: '{{ item.0.group | default(item.0.name + gitusers_name_suffix) }}'
mode: '02775'
with_nested:
- '{{ gitusers_list + gitusers_group_list + gitusers_host_list }}'
- [ 'checkouts', 'sites', 'userdir' ]
when: ((item.0.name is defined and item.0.name) and
(item.0.state is undefined or (item.0.state is defined and item.0.state != 'absent')))
- name: Symlink git-shell-commands to user directories
ansible.builtin.file:
path: '{{ item.home | default(gitusers_default_home_prefix + "/"
+ item.name + gitusers_name_suffix) + "/git-shell-commands" }}'
src: '{{ gitusers_git_scripts + "/git-shell-commands/" }}'
state: 'link'
owner: 'root'
group: 'root'
mode: '0755'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(item.state is undefined or (item.state is defined and item.state != 'absent')))

71
ansible_collections/debops/debops/roles/gitusers/tasks/gitusers.yml Normal file
View file

@ -0,0 +1,71 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Manage user accounts without UIDs
ansible.builtin.user:
name: '{{ item.name + gitusers_name_suffix }}'
state: '{{ item.state | default("present") }}'
group: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
comment: '{{ item.comment | default("") }}'
system: '{{ item.systemuser | default("no") }}'
shell: '{{ item.shell | default(gitusers_default_shell) }}'
home: '{{ item.home | default(gitusers_default_home_prefix + "/" + item.name + gitusers_name_suffix) }}'
createhome: 'no'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and (item.uid is undefined or (item.uid is defined and not item.uid)))
- name: Manage user accounts with UIDs
ansible.builtin.user:
name: '{{ item.name + gitusers_name_suffix }}'
uid: '{{ item.uid }}'
state: '{{ item.state | default("present") }}'
group: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
comment: '{{ item.comment | default("") }}'
system: '{{ item.systemuser | default("no") }}'
shell: '{{ item.shell | default(gitusers_default_shell) }}'
home: '{{ item.home | default(gitusers_default_home_prefix + "/" + item.name + gitusers_name_suffix) }}'
createhome: 'no'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and (item.uid is defined and item.uid))
- name: Manage user default groups
ansible.builtin.user:
name: '{{ item.name + gitusers_name_suffix }}'
state: '{{ item.state | default("present") }}'
groups: '{{ gitusers_default_groups_list | join(",") }}'
append: '{{ gitusers_default_groups_append }}'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(gitusers_default_groups_list is defined and gitusers_default_groups_list))
- name: Manage user custom groups
ansible.builtin.user:
name: '{{ item.name + gitusers_name_suffix }}'
state: '{{ item.state | default("present") }}'
groups: '{{ item.groups | join(",") }}'
append: '{{ item.append | default("yes") }}'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and (item.groups is defined and item.groups))
- name: Enforce home directories permissions
ansible.builtin.file:
state: 'directory'
path: '{{ item.home | default(gitusers_default_home_prefix + "/" + item.name + gitusers_name_suffix) }}'
owner: '{{ item.name + gitusers_name_suffix }}'
group: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
mode: '{{ gitusers_default_home_mode }}'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(item.state is undefined or (item.state is defined and item.state != 'absent')))

13
ansible_collections/debops/debops/roles/gitusers/tasks/groups_absent.yml Normal file
View file

@ -0,0 +1,13 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Remove user groups if requested
ansible.builtin.group:
name: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
state: 'absent'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: (item.name is defined and (item.state is defined and item.state == 'absent'))

28
ansible_collections/debops/debops/roles/gitusers/tasks/groups_present.yml Normal file
View file

@ -0,0 +1,28 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Create user groups without GIDs
ansible.builtin.group:
name: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
system: '{{ item.systemgroup | default("no") }}'
state: 'present'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: (((item.name is defined and item.name) and
(item.gid is undefined or (item.gid is defined and not item.gid))) and
(item.state is undefined or (item.state is defined and item.state != 'absent')))
- name: Create user groups with GIDs
ansible.builtin.group:
name: '{{ item.group | default(item.name + gitusers_name_suffix) }}'
system: '{{ item.systemgroup | default("no") }}'
gid: '{{ item.gid }}'
state: 'present'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and (item.gid is defined and item.gid) and
(item.state is undefined or (item.state is defined and item.state != 'absent')))

30
ansible_collections/debops/debops/roles/gitusers/tasks/main.yml Normal file
View file

@ -0,0 +1,30 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Create directory for gituser homes
ansible.builtin.file:
path: '{{ gitusers_default_home_prefix }}'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0751'
- name: Configure groups
ansible.builtin.include_tasks: groups_present.yml
- name: Configure users
ansible.builtin.include_tasks: gitusers.yml
- name: Configure git-shell
ansible.builtin.include_tasks: git-shell.yml
#- name: Configure mail forwarding
# ansible.builtin.include_tasks: forward.yml
- name: Configure sshkeys
ansible.builtin.include_tasks: sshkeys.yml
- name: Remove groups if requested
ansible.builtin.include_tasks: groups_absent.yml

28
ansible_collections/debops/debops/roles/gitusers/tasks/sshkeys.yml Normal file
View file

@ -0,0 +1,28 @@
---
# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Configure authorized SSH keys for users
ansible.posix.authorized_key:
key: '{{ "\n".join(item.sshkeys) | string }}'
state: 'present'
user: '{{ item.name + gitusers_name_suffix }}'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(item.state is undefined or (item.state is defined and item.state != 'absent')) and
(item.sshkeys is defined and item.sshkeys))
- name: Remove ~/.ssh/authorized_keys from user account if disabled
ansible.builtin.file:
dest: '{{ item.home | default(gitusers_default_home_prefix + "/"
+ item.name + gitusers_name_suffix) }}/.ssh/authorized_keys'
state: 'absent'
loop: '{{ q("flattened", gitusers_list
+ gitusers_group_list
+ gitusers_host_list) }}'
when: ((item.name is defined and item.name) and
(item.state is undefined or (item.state is defined and item.state != 'absent')) and
(item.sshkeys is defined and not item.sshkeys | bool))

6
ansible_collections/debops/debops/roles/gitusers/templates/srv/gitusers/forward.j2 Normal file
View file

@ -0,0 +1,6 @@
{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% if item.0.forward is defined and item.0.forward %}
{{ ", ".join(item.0.forward) }}{% endif %}

42
ansible_collections/debops/debops/roles/gitusers/templates/srv/gitusers/gitconfig.j2 Normal file
View file

@ -0,0 +1,42 @@
{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% set item = item.0 %}
# This file is managed remotely, all changes will be lost
[user]
name = {{ item.comment | default(item.name | capitalize) }}
email = {{ item.name + "@" + ansible_fqdn }}
[gitusers]
home = {{ gitusers_default_home_prefix + "/" + item.name }}
data = {{ gitusers_default_www_prefix + "/" + item.group | default(item.name + gitusers_name_suffix) }}
hooks = {{ gitusers_default_hooks.keys() | join(" ") }}
permissions = {{ item.permissions | default(gitusers_default_permissions) | join(" ") }}
[gitusers "hookmap"]
{% for hooktype, hooklist in gitusers_default_hooks.items() %}
{{ "%-14s = %s" | format(hooktype, hooklist | join(" ")) }}
{% endfor %}
[gitusers "permission"]
deploy = {{ item.deploy | default('false') | lower }}
userdir = {{ item.userdir | default('true') | lower }}
[gitusers "system"]
functions = {{ gitusers_git_scripts + "/functions.sh" }}
hooks = {{ gitusers_git_scripts + "/hooks" }}
[gitusers "init"]
path = {{ gitusers_default_www_prefix + "/" + item.group | default(item.name + gitusers_name_suffix) + "/checkouts" }}
hooks = {{ gitusers_git_scripts + "/hooks" }}
type = {{ item.type | default(gitusers_default_hook_list) }}
[gitusers "publish"]
path = {{ gitusers_default_www_prefix + "/" + item.group | default(item.name + gitusers_name_suffix) + "/sites" }}
domain = {{ item.domain | default(gitusers_default_domain) }}
[gitusers "userdir"]
path = {{ gitusers_default_www_prefix + "/" + item.group | default(item.name + gitusers_name_suffix) + "/userdir" }}
domain = {{ gitusers_default_user_domain }}

6
ansible_collections/debops/debops/roles/gitusers/templates/srv/gitusers/motd.j2 Normal file
View file

@ -0,0 +1,6 @@
{# Copyright (C) 2014-2019 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2015-2019 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
{% if item.0.motd is defined and item.0.motd %}
{{ item.0.motd }}{% endif %}