git: add role to build and start gitolite-cgit

This contains a role to build and start a gitolite-cgit container.
Additionally this installed a firewall rule to open the gitolite sshd
port.

1 files changed, 43 insertions, 0 deletions

diff --git a/roles/git/files/gitolite-cgit/entrypoint.sh b/roles/git/files/gitolite-cgit/entrypoint.sh
new file mode 100755
index 0000000..905bf97
--- /dev/null
+++ b/roles/git/files/gitolite-cgit/entrypoint.sh
@@ -0,0 +1,43 @@
+#!/bin/sh
+
+# Fixup permissions.
+chown git:git -R /var/lib/git
+# Ensure password is set for git user (required for gitolite).
+echo "git:$(head -c 16 /dev/urandom | base64)" | chpasswd
+
+# -- SETUP: gitolite -----------------------------------------------------------
+
+if [ ! -f /var/lib/git/.gitolite.rc ]; then
+    cp /etc/gitolite.rc /var/lib/git/.gitolite.rc
+    chown git:git /var/lib/git/.gitolite.rc
+fi
+
+if [ ! -f /var/lib/git/.ssh/authorized_keys ]; then
+    if [ -z ${SSH_KEY} ]; then
+        echo "ERROR: Must pass admin key ass SSH_KEY!"
+        exit 1
+    fi
+
+    echo "${SSH_KEY}" > /tmp/admin.pub
+    su - git -c 'gitolite setup --pubkey /tmp/admin.pub'
+    rm -f /tmp/admin.pub
+else
+    su - git -c 'gitolite setup'
+fi
+
+# -- SETUP: sshd ---------------------------------------------------------------
+
+# Generate ssh host keys (nop if keys already exist).
+ssh-keygen -A
+
+# -- SETUP: nginx --------------------------------------------------------------
+
+rm -f /etc/nginx/http.d/default.conf
+
+# -- Launch processes ----------------------------------------------------------
+
+spawn-fcgi -s /run/fcgiwrap.sock -U nginx -- /usr/bin/fcgiwrap
+nginx
+
+# Start sshd non-detached.
+/usr/sbin/sshd -D