From 1eb35a1e69d9a9f3f43340b9ea46d95bb2c1a0e8 Mon Sep 17 00:00:00 2001 From: Christian Franke Date: Fri, 28 Aug 2015 15:38:36 +0200 Subject: Add cgit role - git webfrontend --- roles/cgit/templates/cgitrc.j2 | 8 ++++++++ roles/cgit/templates/repocreate-plain.conf.j2 | 1 + roles/cgit/templates/repocreate-ssl.conf.j2 | 18 ++++++++++++++++++ roles/cgit/templates/server.conf.j2 | 19 +++++++++++++++++++ roles/cgit/templates/ssl.conf.j2 | 20 ++++++++++++++++++++ roles/cgit/templates/vhost.conf.j2 | 9 +++++++++ 6 files changed, 75 insertions(+) create mode 100644 roles/cgit/templates/cgitrc.j2 create mode 100644 roles/cgit/templates/repocreate-plain.conf.j2 create mode 100644 roles/cgit/templates/repocreate-ssl.conf.j2 create mode 100644 roles/cgit/templates/server.conf.j2 create mode 100644 roles/cgit/templates/ssl.conf.j2 create mode 100644 roles/cgit/templates/vhost.conf.j2 (limited to 'roles/cgit/templates') diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2 new file mode 100644 index 0000000..bfca774 --- /dev/null +++ b/roles/cgit/templates/cgitrc.j2 @@ -0,0 +1,8 @@ +css=/static/git.css +logo=/static/logo.png +virtual-root=/ +root-title=sublab.org repo hosting +root-desc=harbouring chaos +enable-index-owner=0 +clone-prefix=git://{{ git_server_name }} git+ssh://git@{{ git_server_name }} +source-filter=/etc/cgit.source.filter diff --git a/roles/cgit/templates/repocreate-plain.conf.j2 b/roles/cgit/templates/repocreate-plain.conf.j2 new file mode 100644 index 0000000..e3fbc35 --- /dev/null +++ b/roles/cgit/templates/repocreate-plain.conf.j2 @@ -0,0 +1 @@ +RedirectMatch permanent ^/(create(/?|/.*))$ https://{{ git_server_name }}/$1 diff --git a/roles/cgit/templates/repocreate-ssl.conf.j2 b/roles/cgit/templates/repocreate-ssl.conf.j2 new file mode 100644 index 0000000..c9014be --- /dev/null +++ b/roles/cgit/templates/repocreate-ssl.conf.j2 @@ -0,0 +1,18 @@ +#Alias /create /var/www/git.sublab.org/htdocs/create +#ProxyPass /create/api http://127.0.0.1:8023/ +# +# +# Options -Indexes -ExecCGI +# Allow from * +# +# AuthType basic +# AuthBasicProvider ldap +# AuthName "LDAP Login" +# AuthLDAPBindDN "cn=apache-{{ ansible_nodename }},ou=service,dc=sublab,dc=org" +# AuthLDAPBindPassword "{{ ldap_credentials["apache-" + ansible_nodename] }}" +# AuthLDAPURL "{{ ldap_url }}/ou=people,dc=sublab,dc=org" +# # AuthzLDAPAuthoritative on +# # Require ldap-group cn=members,ou=groups,dc=sublab,dc=org +# Require valid-user +# +#LDAPTrustedMode TLS diff --git a/roles/cgit/templates/server.conf.j2 b/roles/cgit/templates/server.conf.j2 new file mode 100644 index 0000000..bd9de27 --- /dev/null +++ b/roles/cgit/templates/server.conf.j2 @@ -0,0 +1,19 @@ +ServerAdmin nobody-wolpertinger@nowhere.ws +ServerName {{ git_server_name }} + +# Serve static cgit files directly +Alias /static /var/www/{{ git_server_name }}/static +Alias /robots.txt /var/www/{{ git_server_name }}/robots.txt + + AllowOverride None + Options FollowSymlinks + Require all granted + + +# Dispatch other requests to CGI +ScriptAlias / "/usr/lib/cgit/cgit.cgi/" + + AllowOverride None + Options ExecCGI FollowSymlinks + Require all granted + diff --git a/roles/cgit/templates/ssl.conf.j2 b/roles/cgit/templates/ssl.conf.j2 new file mode 100644 index 0000000..c6b8fe3 --- /dev/null +++ b/roles/cgit/templates/ssl.conf.j2 @@ -0,0 +1,20 @@ +SSLEngine On + +SSLCertificateChainFile /etc/apache2/sites/{{ git_server_name }}/ssl/chain.pem +SSLCertificateFile /etc/apache2/sites/{{ git_server_name }}/ssl/cert.pem +SSLCertificateKeyFile /etc/apache2/sites/{{ git_server_name }}/ssl/key.pem + +SSLEngine On +SSLHonorCipherOrder on +SSLProtocol +TLSv1.2 +TLSv1.1 +TLSv1 -SSLv3 -SSLv2 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK +SSLCompression off + +#Header always set Strict-Transport-Security "max-age=15984000" + +SSLOptions StdEnvVars + +BrowserMatch "MSIE [2-6]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 +BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown diff --git a/roles/cgit/templates/vhost.conf.j2 b/roles/cgit/templates/vhost.conf.j2 new file mode 100644 index 0000000..b3e2149 --- /dev/null +++ b/roles/cgit/templates/vhost.conf.j2 @@ -0,0 +1,9 @@ + + Include sites/{{ git_server_name }}/repocreate-plain.conf + Include sites/{{ git_server_name }}/server.conf + + + Include sites/{{ git_server_name }}/ssl.conf + Include sites/{{ git_server_name }}/repocreate-ssl.conf + Include sites/{{ git_server_name }}/server.conf + -- cgit v1.2.1