diff options
| author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-12-14 23:04:46 +0100 |
|---|---|---|
| committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2022-12-14 23:04:46 +0100 |
| commit | 7f375b8097e7a44cc5924bf1cee5159593cbe0eb (patch) | |
| tree | cc1be9bcbd64aa4f7f2d6b2cd1c04949b9c8c9a8 /roles/git/tasks | |
| parent | 5262aab814e41005562f44d76e6de8be125199a4 (diff) | |
| download | ansible-memzero-7f375b8097e7a44cc5924bf1cee5159593cbe0eb.tar.gz ansible-memzero-7f375b8097e7a44cc5924bf1cee5159593cbe0eb.zip | |
git: add role to build and start gitolite-cgit
This contains a role to build and start a gitolite-cgit container.
Additionally this installed a firewall rule to open the gitolite sshd
port.
Diffstat (limited to 'roles/git/tasks')
| -rw-r--r-- | roles/git/tasks/main.yml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml new file mode 100644 index 0000000..0557615 --- /dev/null +++ b/roles/git/tasks/main.yml @@ -0,0 +1,40 @@ +--- +- name: Copy container build files + ansible.builtin.copy: + src: gitolite-cgit + dest: "{{ DATA_ROOT }}/git" + owner: "{{ USER }}" + group: "{{ USER }}" + mode: preserve + +- name: Build gitolite cgit image + containers.podman.podman_image: + name: gitolite-cgit + path: "{{ DATA_ROOT }}/git/gitolite-cgit" + force: true + register: cgito_build + +- name: Gitolite cgit + containers.podman.podman_container: + name: cgito + image: gitolite-cgit + network: "{{ NETWORK }}" + ports: + - "2222:22" + env: + SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}" + volumes: + # Use 'Z' to privately relable selinux contexts. + - "{{ DATA_ROOT }}/git/repos:/var/lib/git:Z" + recreate: "{{ cgito_build.changed }}" + notify: Restart nginx + +- name: Open port for gitolite ssh port + ansible.builtin.iptables: + chain: INPUT + protocol: tcp + match: tcp + destination_port: 2222 + jump: ACCEPT + comment: Accept gitolite SSH connections. + become: true |