6 files changed, 75 insertions, 0 deletions
diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2
new file mode 100644
index 0000000..bfca774
--- /dev/null
+++ b/roles/cgit/templates/cgitrc.j2
@@ -0,0 +1,8 @@
+css=/static/git.css
+logo=/static/logo.png
+virtual-root=/
+root-title=sublab.org repo hosting
+root-desc=harbouring chaos
+enable-index-owner=0
+clone-prefix=git://{{ git_server_name }} git+ssh://git@{{ git_server_name }}
+source-filter=/etc/cgit.source.filter
diff --git a/roles/cgit/templates/repocreate-plain.conf.j2 b/roles/cgit/templates/repocreate-plain.conf.j2
new file mode 100644
index 0000000..e3fbc35
--- /dev/null
+++ b/roles/cgit/templates/repocreate-plain.conf.j2
@@ -0,0 +1 @@
+RedirectMatch permanent ^/(create(/?|/.*))$     https://{{ git_server_name }}/$1
diff --git a/roles/cgit/templates/repocreate-ssl.conf.j2 b/roles/cgit/templates/repocreate-ssl.conf.j2
new file mode 100644
index 0000000..c9014be
--- /dev/null
+++ b/roles/cgit/templates/repocreate-ssl.conf.j2
@@ -0,0 +1,18 @@
+#Alias /create /var/www/git.sublab.org/htdocs/create
+#ProxyPass /create/api http://127.0.0.1:8023/
+#
+#<Location /create>
+#        Options -Indexes -ExecCGI
+#        Allow from *
+#
+#        AuthType basic
+#        AuthBasicProvider ldap
+#        AuthName "LDAP Login"
+#        AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org"
+#        AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}"
+#        AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org"
+#        # AuthzLDAPAuthoritative on
+#        # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org
+#        Require valid-user
+#</Location>
+#LDAPTrustedMode TLS
diff --git a/roles/cgit/templates/server.conf.j2 b/roles/cgit/templates/server.conf.j2
new file mode 100644
index 0000000..bd9de27
--- /dev/null
+++ b/roles/cgit/templates/server.conf.j2
@@ -0,0 +1,19 @@
+ServerAdmin nobody-wolpertinger@nowhere.ws
+ServerName {{ git_server_name }}
+
+# Serve static cgit files directly
+Alias /static /var/www/{{ git_server_name }}/static
+Alias /robots.txt /var/www/{{ git_server_name }}/robots.txt
+<Directory /var/www/{{ git_server_name }}>
+	AllowOverride None
+	Options FollowSymlinks
+	Require all granted
+</Directory>
+
+# Dispatch other requests to CGI
+ScriptAlias / "/usr/lib/cgit/cgit.cgi/"
+<Directory /usr/lib/cgit>
+	AllowOverride None
+	Options ExecCGI FollowSymlinks
+	Require all granted
+</Directory>
diff --git a/roles/cgit/templates/ssl.conf.j2 b/roles/cgit/templates/ssl.conf.j2
new file mode 100644
index 0000000..c6b8fe3
--- /dev/null
+++ b/roles/cgit/templates/ssl.conf.j2
@@ -0,0 +1,20 @@
+SSLEngine		On
+
+SSLCertificateChainFile	/etc/apache2/sites/{{ git_server_name }}/ssl/chain.pem
+SSLCertificateFile	/etc/apache2/sites/{{ git_server_name }}/ssl/cert.pem
+SSLCertificateKeyFile	/etc/apache2/sites/{{ git_server_name }}/ssl/key.pem
+
+SSLEngine On
+SSLHonorCipherOrder on
+SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2
+SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+SSLCompression off
+
+#Header always set Strict-Transport-Security "max-age=15984000"
+
+SSLOptions		StdEnvVars
+
+BrowserMatch "MSIE [2-6]" \
+	nokeepalive ssl-unclean-shutdown \
+	downgrade-1.0 force-response-1.0
+BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
diff --git a/roles/cgit/templates/vhost.conf.j2 b/roles/cgit/templates/vhost.conf.j2
new file mode 100644
index 0000000..b3e2149
--- /dev/null
+++ b/roles/cgit/templates/vhost.conf.j2
@@ -0,0 +1,9 @@
+<VirtualHost *:80>
+    Include sites/{{ git_server_name }}/repocreate-plain.conf
+    Include sites/{{ git_server_name }}/server.conf
+</VirtualHost>
+<VirtualHost *:443>
+    Include sites/{{ git_server_name }}/ssl.conf
+    Include sites/{{ git_server_name }}/repocreate-ssl.conf
+    Include sites/{{ git_server_name }}/server.conf
+</VirtualHost>