use variable for nginx path

rewrite the installation of cgit to use git user.

README.md

@@ -15,16 +15,21 @@ de test.
 
 ## vars
 
-### sites
-
-Contient les différents noms de domains à utiliser.
+* sites : Contient les différents noms de domains à utiliser.
+* cgit : variables pour cgit
 
 ## cgit
 
-Ces fichiers se trouvent dans `roles/installations/` dans les dossiers `tasks`
+Ces fichiers se trouvent dans `roles/cgit/` dans les dossiers `tasks`
 et `templates`.
 
 - cgit.yml : script ansible d'installation
 - config-cgit.conf : template de configuration pour la compilation de cgit. Ici,
                      tout est installé dans le même dossier (/home/git).
 - cgit-nginx : template pour la configuration nginx de cgit
+- cgitrc : la configuration de cgit
+
+### Clé SSH
+
+Pour pouvoir créer l'administrateur du git, il faut mettre sa clé SSH dans le
+dossier `files` et changer la variable qui contient son nom (`admin_key`).

main.yml

@@ -17,18 +17,19 @@
 ################################################################################
 
 ---
-- name: cgit
+- name: site
   hosts: ubuntu
-  become: true
+  become: yes
 
   vars_files: 
     - vars/sites.yml
+    - vars/cgit.yml
+    - vars/principal.yml
   vars:
-    git_user: "git"
-    home_user: "/home/{{ git_user }}"
-    path_tmp_cgit: "{{ home_user }}/tmp"
-    path_cgit: "{{ home_user }}/cgit"
-    path_gitolite: "{{ home_user }}/gitolite"
+    pounce_user: "pounce"
+    pounce_home: "/home/{{ pounce_user }}"
+    pounce_build: "{{ pounce_home }}/pounce_build"
+    litterbox_build: "{{ pounce_home}}/litterbox"
 
   pre_tasks:
     - name: update de la machine
@@ -39,15 +40,18 @@
     - name: installation des paquets nécessaires
       apt:
         name:
+          - acl
           - make
           - gcc
           - nginx
           - certbot
           - git
           - sudo
+          - python3-pip
 
   roles: 
-    - installations
+    - cgit
+    - site
 
   post_tasks:
     - name: démarrage par défaut de nginx

roles/cgit/tasks/main.yml

@@ -0,0 +1,135 @@
+################################################################################
+# installation de cgit et configuration de nginx et gitolite
+# 
+# Copyright (C) 2022 rick G. <rick@gnous.eu>
+# 
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+# 
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this program. If not, see <https://www.gnu.org/licenses/>.
+################################################################################
+
+---
+- name: update de la machine
+  apt:
+    update_cache: true
+    upgrade: yes
+
+- name: installation des paquets nécessaires
+  apt:
+    name:
+      - libzip-dev
+      - libssl-dev
+      - zlib1g-dev
+      - python3-certbot-nginx
+      - fcgiwrap
+      - python3-zipp
+
+- name: installation de pygments
+  ansible.builtin.pip:
+    name: pygments
+
+- name: création utilisateur cgit
+  ansible.builtin.user:
+    name: "{{ git_user }}"
+    shell: "/bin/bash"
+    state: present
+
+- name: mise en place de cgit
+  block:
+    - name: clonage de cgit
+      ansible.builtin.git:
+        dest: "{{ path_tmp_cgit }}"
+        repo: "https://git.zx2c4.com/cgit"
+        single_branch: yes
+
+    - name: configuration de la compilation de cgit
+      template:
+        src: "config-cgit.conf"
+        dest: "{{ path_tmp_cgit }}/cgit.conf"
+        mode: 0644
+
+    - name: compilation de cgit
+      community.general.make:
+        chdir: "{{ path_tmp_cgit }}"
+
+    - name: installation de cgit
+      community.general.make:
+        chdir: "{{ path_tmp_cgit }}"
+        target: install
+
+    - name: configuration de cgit
+      template:
+        src: "cgitrc"
+        dest: "{{ path_cgit }}"
+        mode: 0644
+
+    - name: clonage de gitolite
+      ansible.builtin.git:
+        dest: "{{ path_gitolite }}"
+        repo: "https://github.com/sitaramc/gitolite"
+        single_branch: yes
+
+    - name: création du dossier bin
+      file:
+        path: "{{ home_user }}/bin"
+        state: directory
+
+    - name: installation de gitolite
+      ansible.builtin.command:
+        cmd: "{{ path_gitolite }}/install -to {{ home_user }}/bin"
+
+    - name: upload de la clé SSH de l'admin
+      ansible.builtin.copy:
+        src: "../files/{{ admin_key }}"
+        dest: "/tmp/{{ admin_key }}"
+
+    - name: configuration du premier utilisateur
+      ansible.builtin.command:
+        cmd: "{{ home_user }}/bin/gitolite setup -pk /tmp/{{ admin_key }}"
+
+    - name: configuration des droits du dossier repositories
+      ansible.builtin.file:
+        path: "{{ home_user }}/repositories"
+        mode: 0705
+        state: directory
+        recurse: yes
+
+    - name: configuration des droits de la liste des repositories
+      ansible.builtin.file:
+        path: "{{ home_user }}/projects.list"
+        mode: 0705
+
+    - name: configuration des dépots
+      ansible.builtin.lineinfile:
+        path: "{{ home_user }}/.gitolite.rc"
+        regex: "UMASK"
+        line: "\tUMASK => 0072,"
+  become: yes
+  become_user: git
+
+- name: configuration de Nginx
+  template:
+    src: "cgit-nginx"
+    dest: "{{ ava }}/cgit.conf"
+    mode: 0644
+
+- name: lien symbolique pour le site cgit
+  file:
+    src:  "{{ ava }}/cgit.conf"
+    dest: "{{ ena }}/cgit.conf"
+    state: link
+
+- name: démarrage par défaut de fcgiwrap
+  ansible.builtin.service:
+    name: fcgiwrap
+    enabled: yes
+  notify:
+    - restart fcgiwrap

roles/cgit/templates/cgitrc

@@ -0,0 +1,127 @@
+# Make cgit generate link using absolute URL
+virtual-root=/
+
+# Enable caching of up to 1000 output entriess
+cache-size=1000
+
+# cache time to live 
+cache-dynamic-ttl=5
+cache-repo-ttl=5
+
+# Specify some default clone urls using macro expansion
+clone-url=http://{{ cgit_site }}/$CGIT_REPO_URL git://{{ cgit_site }}/$CGIT_REPO_URL 
+
+# Specify the css url
+css=/cgit.css
+
+# Show owner on index page
+enable-index-owner=1
+
+# Source gitweb.description, gitweb.owner from each project config
+enable-git-config=1
+
+# Allow http transport git clone
+enable-git-clone=1
+
+# Show extra links for each repository on the index page
+enable-index-links=1
+
+# Remove .git suffix from project display
+remove-suffix=1
+
+# Enable ASCII art commit history graph on the log pages
+enable-commit-graph=1
+
+# Show number of affected files per commit on the log pages
+enable-log-filecount=1
+
+# Show number of added/removed lines per commit on the log pages
+enable-log-linecount=1
+
+# Sort branches by date
+branch-sort=age
+
+# Add a cgit favicon
+favicon=/favicon.ico
+
+# Use a custom logo
+logo=/cgit.png
+
+# Enable statistics per week, month and quarter
+max-stats=quarter
+
+# Set the title and heading of the repository index page
+root-title=git de rick
+
+# Set a subheading for the repository index page
+root-desc=Spread the code
+
+# Include some more info about example.com on the index page
+#root-readme=/var/www/git/about.htm
+
+# Allow download of tar.gz, tar.bz2 and zip-files
+snapshots=tar.bz2 zip
+
+##
+## List of common mimetypes
+##
+
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
+
+# Highlight source code with python pygments-based highligher
+source-filter={{ path_cgit }}/filters/syntax-highlighting.py
+
+# Format markdown, restructuredtext, manpages, text files, and html files
+# through the right converters
+about-filter={{ path_cgit }}/filters/about-formatting.sh
+
+##
+## Search for these files in the root of the default branch of repositories
+## for coming up with the about page:
+##
+readme=:README.md
+readme=:readme.md
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.rst
+readme=:readme.rst
+readme=:README.html
+readme=:readme.html
+readme=:README.htm
+readme=:readme.htm
+readme=:README.txt
+readme=:readme.txt
+readme=:README
+readme=:readme
+readme=:INSTALL.md
+readme=:install.md
+readme=:INSTALL.mkd
+readme=:install.mkd
+readme=:INSTALL.rst
+readme=:install.rst
+readme=:INSTALL.html
+readme=:install.html
+readme=:INSTALL.htm
+readme=:install.htm
+readme=:INSTALL.txt
+readme=:install.txt
+readme=:INSTALL
+readme=:install
+
+##
+## List of repositories.
+## PS: Any repositories listed when section is unset will not be
+##     displayed under a section heading
+## PPS: This list could be kept in a different file (e.g. '/etc/cgitrepos')
+##      and included like this:
+##        include=/etc/cgitrepos
+##
+
+project-list={{ home_user }}/projects.list
+scan-path={{ home_user }}/repositories

roles/installations/tasks/cgit.yml

@@ -1,122 +0,0 @@
-################################################################################
-# installation de cgit et configuration de nginx et gitolite
-# 
-# Copyright (C) 2022 rick G. <rick@gnous.eu>
-# 
-# This program is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free Software
-# Foundation, either version 3 of the License, or (at your option) any later
-# version.
-# 
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License along with
-# this program. If not, see <https://www.gnu.org/licenses/>.
-################################################################################
-
----
-- name: update de la machine
-  apt:
-    update_cache: true
-    upgrade: yes
-
-- name: installation des paquets nécessaires
-  apt:
-    name:
-      - libzip-dev
-      - libssl-dev
-      - zlib1g-dev
-      - python3-certbot-nginx
-      - fcgiwrap
-      - python3-zipp
-
-- name: création utilisateur cgit
-  ansible.builtin.user:
-    name: "{{ git_user }}"
-    shell: "/bin/bash"
-    state: present
-      #groups: "www"
-
-- name: clonage de cgit
-  ansible.builtin.git:
-    dest: "{{ path_tmp_cgit }}"
-    repo: "https://git.zx2c4.com/cgit"
-    single_branch: yes
-
-- name: configuration de cgit
-  template:
-    src: "config-cgit.conf"
-    dest: "{{ path_tmp_cgit }}/cgit.conf"
-    mode: 0644
-
-- name: compilation de cgit
-  community.general.make:
-    chdir: "{{ path_tmp_cgit }}"
-
-- name: installation de cgit
-  community.general.make:
-    chdir: "{{ path_tmp_cgit }}"
-    target: install
-
-- name: configuration de Nginx
-  template:
-    src: "cgit-nginx"
-    dest: "/etc/nginx/sites-available/cgit.conf"
-    mode: 0644
-
-- name: lien symbolique pour le site cgit
-  file:
-    src:  /etc/nginx/sites-available/cgit.conf
-    dest: /etc/nginx/sites-enabled/cgit.conf
-    state: link
-
-- name: clonage de gitolite
-  ansible.builtin.git:
-    dest: "{{ path_gitolite }}"
-    repo: "https://github.com/sitaramc/gitolite"
-    single_branch: yes
-
-- name: configuration des droits des dossiers
-  file:
-    path: "{{ item }}"
-    owner: "{{ git_user }}"
-    group: "{{ git_user }}"
-    recurse: yes
-    state: directory
-  loop:
-    - "{{ home_user }}/bin"
-    - "{{ home_user }}/etc"
-    - "{{ path_cgit }}"
-    - "{{ path_gitolite }}"
-
-- name: installation de gitolite
-  command: 
-    cmd: "{{ path_gitolite }}/install -to {{ home_user }}/bin"
-
-- name: création de la liste de projets
-  file:
-    path: "{{ home_user }}/projects.list"
-    mode: 0705
-    state: touch
-    owner: "{{ git_user }}"
-    group: "{{ git_user }}"
-
-- name: configuration des droits du dossier repositories
-  file:
-    path: "{{ home_user }}/repositories"
-    mode: 0705
-    state: directory
-    recurse: yes
-    owner: "{{ git_user }}"
-    group: "{{ git_user }}"
-
-- name: démarrage par défaut de fcgiwrap
-  ansible.builtin.service:
-    name: fcgiwrap
-    enabled: yes
-  notify:
-    - restart fcgiwrap
-
-      # TODO fin de configuration de gitolite (premier utilisateur)

roles/installations/tasks/main.yml

@@ -1,20 +0,0 @@
-################################################################################
-# installation et configuration des services de l'infra
-# 
-# Copyright (C) 2022 rick G. <rick@gnous.eu>
-# 
-# This program is free software: you can redistribute it and/or modify it under
-# the terms of the GNU General Public License as published by the Free Software
-# Foundation, either version 3 of the License, or (at your option) any later
-# version.
-# 
-# This program is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
-# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License along with
-# this program. If not, see <https://www.gnu.org/licenses/>.
-################################################################################
-
----
-- include_tasks: cgit.yml

roles/site/files/install-packages.el

@@ -0,0 +1,7 @@
+(require 'package)
+(add-to-list 'package-archives
+	     '("melpa" . "https://stable.melpa.org/packages/") t)
+(package-initialize)
+(package-initialize)
+(package-refresh-contents)
+(package-install 'htmlize)

roles/site/tasks/main.yml

@@ -0,0 +1,74 @@
+################################################################################
+# installation de cgit et configuration de nginx et gitolite
+# 
+# Copyright (C) 2022 rick G. <rick@gnous.eu>
+# 
+# This program is free software: you can redistribute it and/or modify it under
+# the terms of the GNU General Public License as published by the Free Software
+# Foundation, either version 3 of the License, or (at your option) any later
+# version.
+# 
+# This program is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
+# 
+# You should have received a copy of the GNU General Public License along with
+# this program. If not, see <https://www.gnu.org/licenses/>.
+################################################################################
+
+---
+- name: update de la machine
+  apt:
+    update_cache: true
+    upgrade: yes
+
+- name: installation des paquets nécessaires
+  apt:
+    name:
+      - emacs
+
+- name: installation de htmlize
+  block:
+    - name: copie du script d'installation
+      ansible.builtin.copy:
+        src: "../files/install-packages.el"
+        dest: "/tmp/init.el"
+
+    - name: installation de htmlize
+      ansible.builtin.command:
+        cmd: "emacs -u {{ user }} --script /tmp/init.el"
+  ignore_errors: yes
+
+- name: clonage du site
+  ansible.builtin.git:
+    dest: "{{ path_clone }}"
+    repo: "{{ git }}"
+    single_branch: yes
+
+- name: compilation du site
+  ansible.builtin.command:
+    cmd: "{{ path_clone }}/generate.sh"
+    chdir: "{{ path_clone }}"
+
+- name: génération du lien symbolique
+  file:
+    src: "{{ path_clone }}/www"
+    path: "{{ path_site }}"
+    state: link
+
+- name: configuration de nginx
+  template:
+    src: "site-nginx"
+    dest: "{{ ava }}/gyiwr.conf"
+    mode: 0644
+
+- name: suppression de la configuration par défaut
+  ansible.builtin.file:
+    path: "{{ ena }}/default"
+    state: absent
+
+- name: lien symbolique pour le site
+  file:
+    src: "{{ ava }}/gyiwr.conf"
+    dest: "{{ ena }}/gyiwr.conf"
+    state: link

roles/site/templates/site-nginx

@@ -0,0 +1,13 @@
+server {
+    server_name {{ site }};
+    listen 80;
+    listen [::]:80;
+
+    root {{ path_site }};
+
+    index index.html index.htm index.nginx-debian.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+}

vars/cgit.yml

@@ -0,0 +1,7 @@
+---
+git_user: "git"
+home_user: "/home/{{ git_user }}"
+path_tmp_cgit: "{{ home_user }}/tmp"
+path_cgit: "{{ home_user }}/cgit"
+path_gitolite: "{{ home_user }}/gitolite"
+admin_key: "cgit.pub"

vars/principal.yml

@@ -0,0 +1,4 @@
+---
+path_site: "/var/www/gyiwr"
+git: "https://git.gyiwr.tf/gyiwr"
+path_clone: "/home/ubuntu/gyiwr"

vars/sites.yml

@@ -1,3 +1,7 @@
 ---
 site: ""
 cgit_site: ""
+
+user: "ubuntu"
+ava: "/etc/nginx/sites-available"
+ena: "/etc/nginx/sites-enabled"