add git key and default branch configuration

README.md

@@ -5,6 +5,8 @@ Ils ne sont pas beau et je prévois de repasser dessus pour avoir une jolie
 structure de dossier et playbook. Tous les services sont destinés à être
 installé sur une même machine (pour l'instant).
 
+Ils ont été écris afin d'être lancé sur Debian 10.
+
 `ansible-playbook main.yml -i inventaire.ini` pour lancer l'installation.
 
 ## inventaire.ini

main.yml

@@ -23,8 +23,6 @@
 
   vars_files: 
     - vars/sites.yml
-    - vars/cgit.yml
-    - vars/principal.yml
   vars:
     pounce_user: "pounce"
     pounce_home: "/home/{{ pounce_user }}"
@@ -41,17 +39,19 @@
       apt:
         name:
           - acl
-          - make
-          - gcc
-          - nginx
           - certbot
+          - gcc
           - git
-          - sudo
+          - make
+          - nginx
           - python3-pip
+          - sudo
 
   roles: 
+    - libretls
     - cgit
     - site
+    - bubger
 
   post_tasks:
     - name: démarrage par défaut de nginx

roles/bubger/tasks/main.yml

@@ -0,0 +1,67 @@
+################################################################################
+# création des dossiers pour les archives mails
+# 
+# Copyright (C) 2022 rick G. <rick@gnous.eu>
+# 
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+# 
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this program. If not, see <https://www.gnu.org/licenses/>.
+################################################################################
+
+---
+- name: installation des paquets nécessaires
+  apt:
+    name:
+      - rsync
+
+- name: création dossier principal
+  ansible.builtin.file:
+    path: "{{ path }}"
+    state: directory
+
+- name: création des sous dossiers
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ user_default }}"
+    group: "{{ user_default }}"
+  with_items:
+    - "{{ public }}"
+    - "{{ private }}"
+
+- name: création du dossier du site
+  ansible.builtin.file:
+    path: "{{ path_site }}"
+    state: directory
+
+- name: lien symbolique pour le dossier publique
+  ansible.builtin.file:
+    src:  "{{ public }}"
+    dest: "{{ path_site_public }}"
+    state: link
+
+- name: lien symbolique pour le dossier privé
+  ansible.builtin.file:
+    src:  "{{ private }}"
+    dest: "{{ path_site_private }}"
+    state: link
+
+- name: configuration de Nginx
+  template:
+    src: "archives-nginx"
+    dest: "{{ ava }}/archives.conf"
+    mode: 0644
+
+- name: lien symbolique pour Nginx
+  file:
+    src:  "{{ ava }}/archives.conf"
+    dest: "{{ ena }}/archives.conf"
+    state: link

roles/bubger/templates/archives-nginx

@@ -0,0 +1,17 @@
+server {
+    server_name {{ site }};
+    listen 80;
+    listen [::]:80;
+
+    root {{ path_site }};
+
+    index index.html index.htm;
+
+    location /archives {
+        try_files $uri $uri/ =404;
+    }
+
+    location /{{ private_name }} {
+        try_files $uri $uri/ =404;
+    }
+}

roles/bubger/vars/main.yml

@@ -0,0 +1,8 @@
+---
+private_name: ""
+path: "{{ home_user_default }}/bubger"
+path_site: "/var/www/mailing_list"
+path_site_public: "{{ path_site }}/archives"
+path_site_private: "{{ path_site }}/{{ private_name }}"
+public: "{{ path }}/archives"
+private: "{{ path }}/{{ private_name }}"

roles/cgit/tasks/main.yml

@@ -17,11 +17,6 @@
 ################################################################################
 
 ---
-- name: update de la machine
-  apt:
-    update_cache: true
-    upgrade: yes
-
 - name: installation des paquets nécessaires
   apt:
     name:
@@ -30,15 +25,17 @@
       - zlib1g-dev
       - python3-certbot-nginx
       - fcgiwrap
-      - python3-zipp
+        #- python3-zipp
 
 - name: installation de pygments
   ansible.builtin.pip:
-    name: pygments
+    name:
+      - pygments
+      - zipp
 
 - name: création utilisateur cgit
   ansible.builtin.user:
-    name: "{{ git_user }}"
+    name: "{{ user }}"
     shell: "/bin/bash"
     state: present
 
@@ -46,23 +43,23 @@
   block:
     - name: clonage de cgit
       ansible.builtin.git:
-        dest: "{{ path_tmp_cgit }}"
+        dest: "{{ path_tmp_git }}"
-        repo: "https://git.zx2c4.com/cgit"
+        repo: "{{ git }}"
         single_branch: yes
 
     - name: configuration de la compilation de cgit
       template:
         src: "config-cgit.conf"
-        dest: "{{ path_tmp_cgit }}/cgit.conf"
+        dest: "{{ path_tmp_git }}/cgit.conf"
         mode: 0644
 
     - name: compilation de cgit
       community.general.make:
-        chdir: "{{ path_tmp_cgit }}"
+        chdir: "{{ path_tmp_git }}"
 
     - name: installation de cgit
       community.general.make:
-        chdir: "{{ path_tmp_cgit }}"
+        chdir: "{{ path_tmp_git }}"
         target: install
 
     - name: configuration de cgit
@@ -74,7 +71,7 @@
     - name: clonage de gitolite
       ansible.builtin.git:
         dest: "{{ path_gitolite }}"
-        repo: "https://github.com/sitaramc/gitolite"
+        repo: "{{ git_gitolite }}"
         single_branch: yes
 
     - name: création du dossier bin
@@ -112,8 +109,20 @@
         path: "{{ home_user }}/.gitolite.rc"
         regex: "UMASK"
         line: "\tUMASK => 0072,"
+
+    - name: configuration de gitolite avec les clés cgit
+      ansible.builtin.lineinfile:
+        path: "{{ home_user }}/.gitolite.rc"
+        regex: "GIT_CONFIG_KEYS"
+        line: "\tGIT_CONFIG_KEYS => 'cgit\.owner cgit\.section cgit\.hide cgit\.desc',"
+
+    - name: configuration de la branche par défaut de git
+      community.general.git_config:
+        name: init.defaultBranch
+        scope: global
+        value: master
   become: yes
-  become_user: git
+  become_user: "{{ user }}"
 
 - name: configuration de Nginx
   template:

roles/cgit/vars/main.yml

@@ -0,0 +1,9 @@
+---
+git: "https://git.zx2c4.com/cgit"
+git_gitolite: "https://github.com/sitaramc/gitolite"
+user: "git"
+home_user: "/home/{{ user }}"
+path_tmp_git: "{{ home_user }}/tmp"
+path_cgit: "{{ home_user }}/cgit"
+path_gitolite: "{{ home_user }}/gitolite"
+admin_key: "cgit.pub"

roles/libretls/tasks/main.yml

@@ -0,0 +1,58 @@
+################################################################################
+# installation de libretls
+# 
+# Copyright (C) 2022 rick G. <rick@gnous.eu>
+# 
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+# 
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this program. If not, see <https://www.gnu.org/licenses/>.
+################################################################################
+
+---
+- name: installation des paquets nécessaires
+  apt:
+    name:
+      - autoconf
+      - automake
+      - libtool
+      - libssl-dev
+
+- name: clonage de libretls
+  ansible.builtin.git:
+    dest: "{{ path_tmp_git }}"
+    repo: "{{ git }}"
+    single_branch: yes
+
+- name: autoreconf
+  ansible.builtin.command:
+    cmd: "autoreconf -fi"
+    chdir: "{{ path_tmp_git }}"
+
+- name: configure
+  ansible.builtin.command:
+    cmd: "{{ path_tmp_git }}/configure --disable-dependency-tracking"
+    chdir: "{{ path_tmp_git }}"
+
+- name: compilation de libretls
+  community.general.make:
+    chdir: "{{ path_tmp_git }}"
+    target: all
+
+- name: installation de libretls
+  community.general.make:
+    chdir: "{{ path_tmp_git }}"
+    target: install
+
+- name: copie de la bibliothèque de libretls
+  file:
+    src:  "{{ path_local_lib }}"
+    dest: "{{ path_global_lib }}"
+    state: link

roles/libretls/vars/main.yml

@@ -0,0 +1,6 @@
+---
+git: "https://git.causal.agency/libretls/"
+path_tmp_git: "/tmp/libretls"
+lib_name: "libtls.so.25"
+path_local_lib: "/usr/local/lib/{{ lib_name }}"
+path_global_lib: "/usr/lib/{{ lib_name }}"

roles/site/tasks/main.yml

@@ -1,5 +1,5 @@
 ################################################################################
-# installation de cgit et configuration de nginx et gitolite
+# installation de mon site personnel
 # 
 # Copyright (C) 2022 rick G. <rick@gnous.eu>
 # 
@@ -17,11 +17,6 @@
 ################################################################################
 
 ---
-- name: update de la machine
-  apt:
-    update_cache: true
-    upgrade: yes
-
 - name: installation des paquets nécessaires
   apt:
     name:
@@ -36,7 +31,7 @@
 
     - name: installation de htmlize
       ansible.builtin.command:
-        cmd: "emacs -u {{ user }} --script /tmp/init.el"
+        cmd: "emacs -u {{ user_default }} --script /tmp/init.el"
   ignore_errors: yes
 
 - name: clonage du site

vars/cgit.yml

@@ -1,7 +0,0 @@
----
-git_user: "git"
-home_user: "/home/{{ git_user }}"
-path_tmp_cgit: "{{ home_user }}/tmp"
-path_cgit: "{{ home_user }}/cgit"
-path_gitolite: "{{ home_user }}/gitolite"
-admin_key: "cgit.pub"

vars/sites.yml

@@ -2,6 +2,7 @@
 site: ""
 cgit_site: ""
 
-user: "ubuntu"
+user_default: "ubuntu"
+home_user_default: "/home/{{ user_default }}"
 ava: "/etc/nginx/sites-available"
 ena: "/etc/nginx/sites-enabled"