From f38450f9f2037244300082f3e4211b790ac87058 Mon Sep 17 00:00:00 2001 From: Christian Franke Date: Mon, 26 Oct 2015 20:38:25 +0100 Subject: Assorted changes - add hooks between webserver and gitserver: git->website and wiki->git work now, git->wiki is still missing, https://ikiwiki.info/tips/Hosting_Ikiwiki_and_master_git_repository_on_different_machines/ should contain the right info for that - actually configure repo_service - replace LDAP auth with dummy password auth for now --- roles/git_server_rpc/tasks/main.yaml | 31 ++++++++++++++++++++++ .../templates/git_server_rpc.sudoers | 1 + 2 files changed, 32 insertions(+) create mode 100644 roles/git_server_rpc/tasks/main.yaml create mode 100644 roles/git_server_rpc/templates/git_server_rpc.sudoers (limited to 'roles/git_server_rpc') diff --git a/roles/git_server_rpc/tasks/main.yaml b/roles/git_server_rpc/tasks/main.yaml new file mode 100644 index 0000000..a69e9e3 --- /dev/null +++ b/roles/git_server_rpc/tasks/main.yaml @@ -0,0 +1,31 @@ +--- +- name: Create git_server_rpc user + user: name=git_server_rpc + home=/home/git_server_rpc + +- name: Create git_server_rpc ssh dir + file: path=/home/git_server_rpc/.ssh + owner=git_server_rpc + group=git_server_rpc + mode=0700 + state=directory + +- name: Make sure sudo is installed + apt: name=sudo state=present update_cache=yes + +- name: Configure git_server_rpc sudo rights + template: dest=/etc/sudoers.d/git_server_rpc + mode=0440 + src=git_server_rpc.sudoers + +- name: Read git user ssh-key + slurp: src=/var/lib/gitolite/.ssh/id_rsa.pub + register: git_server_key + delegate_to: "{{groups['gitservers'][0]}}" + +- name: Put pubkey from gitserver to authorized_keys + copy: dest=/home/git_server_rpc/.ssh/authorized_keys + content="{{git_server_key.content|b64decode}}" + owner=git_server_rpc + group=git_server_rpc + mode=0644 diff --git a/roles/git_server_rpc/templates/git_server_rpc.sudoers b/roles/git_server_rpc/templates/git_server_rpc.sudoers new file mode 100644 index 0000000..bd84908 --- /dev/null +++ b/roles/git_server_rpc/templates/git_server_rpc.sudoers @@ -0,0 +1 @@ +git_server_rpc ALL=(ALL) NOPASSWD: /var/www/{{sublab_web_server_name}}/website-rebuild.sh -- cgit v1.2.1