specifying an empty whitelist (i.e., no directories listed on the
command line).
-The ~git daemon~ is run as an unprivileged system user: ~gitdaemon~.
-Thus it has access to anything world readable. However ~git~ must be
-willing to forgive the fact that ~gitdaemon~ does not /own/ any of the
-repositories it is serving. To accomplish this, ~gitdaemon~ gets a
-home directory, =/var/www/git/daemon/=, in which is installed a
-configuration just like that installed by ~git config --global --add
-safe.directory \*~.
+The ~git daemon~ is run as an unprivileged system user: ~gitd~. Thus
+it has access to anything world readable. However ~git~ must be
+willing to forgive the fact that ~gitd~ does not /own/ any of the
+repositories it is serving. To accomplish this, ~gitd~ gets a home
+directory, =/home/gitd/=, in which is installed a =.gitconfig= created
+by a ~git config --global --add safe.directory \*~ command.
The code below is included in both Front and Core configurations,
-which should be nearly identical for testing purposes. Rather than
+which should be (nearly) identical for testing purposes. Rather than
factor out small roles like ~abbey-git-server~, Emacs Org Mode's Noweb
support does the duplication, by multiple references to code blocks
-like ~git-tasks~ and ~git-handlers~.
+like ~gitd-tasks~ and ~gitd-handlers~.
#+CAPTION: [[file:roles_t/abbey-front/tasks/main.yml][=roles_t/abbey-front/tasks/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-front/tasks/main.yml :noweb no-export
-<<git-tasks>>
+<<gitd-tasks>>
#+END_SRC
-#+NAME: git-tasks
-#+CAPTION: ~git-tasks~
+#+NAME: gitd-tasks
+#+CAPTION: ~gitd-tasks~
#+BEGIN_SRC conf
- name: Install git.
become: yes
group: staff
mode: u=rwx,g=srwx,o=rx
-- name: Create user gitdaemon.
+- name: Create user gitd.
become: yes
user:
- name: gitdaemon
- group: gitdaemon
- system: true
+ name: gitd
password: "!"
- home: /var/www/git/daemon
+ home: /home/gitd
shell: /usr/bin/git-shell
-- name: Create /var/www/git/daemon/.
- become: yes
- file:
- path: /var/www/git/daemon
- state: directory
- user: gitdaemon
- group: gitdaemon
- mode: u=rwx,g=rx,o=rx
-
-- name: Create /var/www/git/daemon/.gitconfig.
+- name: Create /home/gitd/.gitconfig.
become: yes
copy:
content: |
[safe]
directory = *
- dest: /var/www/git/daemon/.gitconfig
- user: gitdaemon
- group: gitdaemon
+ dest: /home/gitd/.gitconfig
+ owner: gitd
+ group: gitd
mode: u=rw,g=r,o=r
- name: Configure git-daemon.
StandardError=journal
SyslogIdentifier=git-daemon
- User=gitdaemon
- Group=gitdaemon
+ User=gitd
+ Group=gitd
[Install]
WantedBy=multi-user.target
#+CAPTION: [[file:roles_t/abbey-front/handlers/main.yml][=roles_t/abbey-front/handlers/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-front/handlers/main.yml :noweb no-export
-<<git-handlers>>
+<<gitd-handlers>>
#+END_SRC
-#+NAME: git-handlers
-#+CAPTION: ~git-handlers~
+#+NAME: gitd-handlers
+#+CAPTION: ~gitd-handlers~
#+BEGIN_SRC conf
- name: Reload systemd.
** Configure Git Daemon on Core
These tasks are identical to those executed on Front, for similar Git
-services on Front and Core. See [[Configure Git Daemon on Front]] for
-more information.
+services on Front and Core. This allows changes to be tested on Core
+before they are pushed to Front. See [[Configure Git Daemon on Front]]
+for more information.
#+CAPTION: [[file:roles_t/abbey-core/tasks/main.yml][=roles_t/abbey-core/tasks/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-core/tasks/main.yml :noweb no-export
-<<git-tasks>>
+<<gitd-tasks>>
#+END_SRC
#+CAPTION: [[file:roles_t/abbey-core/handlers/main.yml][=roles_t/abbey-core/handlers/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-core/handlers/main.yml :noweb no-export
-<<git-handlers>>
+<<gitd-handlers>>
#+END_SRC
** Configure Gitweb on Core
-The tasks that configure Apache to run Gitweb on Core should be
-(nearly) identical to those on Front, so that the Gitweb service on
-Core provides a preview of the service on Front. See [[*Configure Gitweb on Front][Configure Gitweb
-on Front]] for more information.
+These tasks are identical to those executed on Front, for similar
+Gitweb services on Front and Core. This allows changes to be tested
+on Core before they are pushed to Front. See [[*Configure Gitweb on Front][Configure Gitweb on
+Front]] for more information.
#+CAPTION: [[file:roles_t/abbey-core/tasks/main.yml][=roles_t/abbey-core/tasks/main.yml=]]
#+BEGIN_SRC conf :tangle roles_t/abbey-core/tasks/main.yml :noweb no-export
projects / Network.git / commitdiff