From 7f375b8097e7a44cc5924bf1cee5159593cbe0eb Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Wed, 14 Dec 2022 23:04:46 +0100
Subject: git: add role to build and start gitolite-cgit

This contains a role to build and start a gitolite-cgit container.
Additionally this installed a firewall rule to open the gitolite sshd
port.
---
 roles/git/tasks/main.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 roles/git/tasks/main.yml

(limited to 'roles/git/tasks/main.yml')

diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
new file mode 100644
index 0000000..0557615
--- /dev/null
+++ b/roles/git/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: Copy container build files
+  ansible.builtin.copy:
+    src: gitolite-cgit
+    dest: "{{ DATA_ROOT }}/git"
+    owner: "{{ USER }}"
+    group: "{{ USER }}"
+    mode: preserve
+
+- name: Build gitolite cgit image
+  containers.podman.podman_image:
+    name: gitolite-cgit
+    path: "{{ DATA_ROOT }}/git/gitolite-cgit"
+    force: true
+  register: cgito_build
+
+- name: Gitolite cgit
+  containers.podman.podman_container:
+    name: cgito
+    image: gitolite-cgit
+    network: "{{ NETWORK }}"
+    ports:
+      - "2222:22"
+    env:
+      SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}"
+    volumes:
+      # Use 'Z' to privately relable selinux contexts.
+      - "{{ DATA_ROOT }}/git/repos:/var/lib/git:Z"
+    recreate: "{{ cgito_build.changed }}"
+  notify: Restart nginx
+
+- name: Open port for gitolite ssh port
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    match: tcp
+    destination_port: 2222
+    jump: ACCEPT
+    comment: Accept gitolite SSH connections.
+  become: true
-- 
cgit v1.2.3