** Configure Git Daemon on Front
-The abbey publishes member Git repositories with ~git-daemon~. If
+The abbey publishes member Git repositories with ~git daemon~. If
Dick (a member of A Small Institute) builds a Foo project Git
repository in =~/foo/=, he can publish it to the campus by
symbolically linking its =.git/= into =~/Public/Git/= on Core. If the
: rsync -av --del small.institute.org:Public/foo/ ~/Public/foo/
-With SystemD and the ~git-daemon-sysvinit~ package installed, SystemD
-supervises a ~git-daemon~ service unit launched with
-~/etc/init.d/git-daemon~. The old SysV ~init~ script gets its
-configuration from the customary =/etc/default/git-daemon= file. The
-script then constructs the appropriate ~git-daemon~ command. The
-~git-daemon(1)~ manual page explains the command options in detail.
-As explained in =/usr/share/doc/git-daemon-sysvinit/README.Debian=,
-the service must be enabled by setting ~GIT_DAEMON_ENABLE~ to ~true~.
-The base path is also changed to agree with =gitweb.cgi=.
-
-User repositories are enabled by adding a ~user-path~ option /and/
-disabling the default whitelist. To specify an empty whitelist, the
-default (a list of one directory: =/var/lib/git=) must be avoided by
-setting ~GIT_DAEMON_DIRECTORY~ to a blank (not empty) string.
+The ~git daemon~ is run by SystemD per the =git-daemon.service= file.
+The ~git-daemon(1)~ manual page explains the options in detail. The
+~--base-path~ option should agree with ~$projectroot~ in the
+=/etc/gitweb.conf= file installed [[apache-gitweb-tasks][here]].
+
+User repositories are enabled by adding a ~--user-path~ option /and/
+specifying an empty whitelist (i.e., no directories listed on the
+command line).
+
+The ~git daemon~ is run as an unprivileged system user: ~gitdaemon~.
+Thus it has access to anything world readable. However ~git~ must be
+willing to forgive the fact that ~gitdaemon~ does not /own/ any of the
+repositories it is serving. To accomplish this, ~gitdaemon~ gets a
+home directory, =/var/www/git/daemon/=, in which is installed a
+configuration just like that installed by ~git config --global --add
+safe.directory \*~.
The code below is included in both Front and Core configurations,
which should be nearly identical for testing purposes. Rather than
#+NAME: git-tasks
#+CAPTION: ~git-tasks~
#+BEGIN_SRC conf
-- name: Install git daemon.
+- name: Install git.
become: yes
- apt: pkg=git-daemon-sysvinit
-
-- name: Configure git daemon.
- become: yes
- lineinfile:
- path: /etc/default/git-daemon
- regexp: "{{ item.patt }}"
- line: "{{ item.line }}"
- loop:
- - patt: '^GIT_DAEMON_ENABLE *='
- line: 'GIT_DAEMON_ENABLE=true'
- - patt: '^GIT_DAEMON_OPTIONS *='
- line: 'GIT_DAEMON_OPTIONS="--user-path=Public/Git"'
- - patt: '^GIT_DAEMON_BASE_PATH *='
- line: 'GIT_DAEMON_BASE_PATH="/var/www/git"'
- - patt: '^GIT_DAEMON_DIRECTORY *='
- line: 'GIT_DAEMON_DIRECTORY=" "'
- notify: Restart git daemon.
+ apt: pkg=git
- name: Create /var/www/git/.
become: yes
state: directory
group: staff
mode: u=rwx,g=srwx,o=rx
+
+- name: Create user gitdaemon.
+ become: yes
+ user:
+ name: gitdaemon
+ group: gitdaemon
+ system: true
+ password: "!"
+ home: /var/www/git/daemon
+ shell: /usr/bin/git-shell
+
+- name: Create /var/www/git/daemon/.
+ become: yes
+ file:
+ path: /var/www/git/daemon
+ state: directory
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rwx,g=rx,o=rx
+
+- name: Create /var/www/git/daemon/.gitconfig.
+ become: yes
+ copy:
+ content: |
+ [safe]
+ directory = *
+ dest: /var/www/git/daemon/.gitconfig
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rw,g=r,o=r
+
+- name: Configure git-daemon.
+ become: yes
+ copy:
+ content: |
+ [Unit]
+ Description=Git Daemon
+ After=network.target
+
+ [Service]
+ ExecStart=/usr/bin/git daemon \
+ --reuseaddr --verbose \
+ --user-path=Public/Git \
+ --base-path=/var/www/git
+
+ Restart=always
+ RestartSec=5
+
+ StandardOutput=journal
+ StandardError=journal
+ SyslogIdentifier=git-daemon
+
+ User=gitdaemon
+ Group=gitdaemon
+
+ [Install]
+ WantedBy=multi-user.target
+ dest: /etc/systemd/system/git-daemon.service
+ notify:
+ - Reload systemd.
+ - Restart git-daemon.
+
+- name: Enable git-daemon.
+ become: yes
+ systemd:
+ service: git-daemon
+ enabled: yes
#+END_SRC
#+CAPTION: [[file:roles_t/abbey-front/handlers/main.yml][=roles_t/abbey-front/handlers/main.yml=]]
#+CAPTION: ~git-handlers~
#+BEGIN_SRC conf
-- name: Restart git daemon.
+- name: Restart git-daemon.
become: yes
- command: systemctl restart git-daemon
+ systemd:
+ service: git-daemon
+ state: restarted
tags: actualizer
#+END_SRC
user's public Git repositories via the ~GITWEB_PROJECTROOT~
environment variable. It makes ~http://www/~dick/git~ run
Gitweb with the project root =~dick/Public/Git/=, the same directory
-the ~git-daemon~ makes available. The first ~RewriteRule~ directs
+the ~git daemon~ makes available. The first ~RewriteRule~ directs
URLs with no user name to the default. Thus ~http://www/git~
lists the repositories found in =/var/www/git/=.
marker: "# {mark} ABBEY MANAGED BLOCK"
notify: New aliases.
-- name: Install git daemon.
+- name: Install git.
become: yes
- apt: pkg=git-daemon-sysvinit
-
-- name: Configure git daemon.
- become: yes
- lineinfile:
- path: /etc/default/git-daemon
- regexp: "{{ item.patt }}"
- line: "{{ item.line }}"
- loop:
- - patt: '^GIT_DAEMON_ENABLE *='
- line: 'GIT_DAEMON_ENABLE=true'
- - patt: '^GIT_DAEMON_OPTIONS *='
- line: 'GIT_DAEMON_OPTIONS="--user-path=Public/Git"'
- - patt: '^GIT_DAEMON_BASE_PATH *='
- line: 'GIT_DAEMON_BASE_PATH="/var/www/git"'
- - patt: '^GIT_DAEMON_DIRECTORY *='
- line: 'GIT_DAEMON_DIRECTORY=" "'
- notify: Restart git daemon.
+ apt: pkg=git
- name: Create /var/www/git/.
become: yes
group: staff
mode: u=rwx,g=srwx,o=rx
+- name: Create user gitdaemon.
+ become: yes
+ user:
+ name: gitdaemon
+ group: gitdaemon
+ system: true
+ password: "!"
+ home: /var/www/git/daemon
+ shell: /usr/bin/git-shell
+
+- name: Create /var/www/git/daemon/.
+ become: yes
+ file:
+ path: /var/www/git/daemon
+ state: directory
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rwx,g=rx,o=rx
+
+- name: Create /var/www/git/daemon/.gitconfig.
+ become: yes
+ copy:
+ content: |
+ [safe]
+ directory = *
+ dest: /var/www/git/daemon/.gitconfig
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rw,g=r,o=r
+
+- name: Configure git-daemon.
+ become: yes
+ copy:
+ content: |
+ [Unit]
+ Description=Git Daemon
+ After=network.target
+
+ [Service]
+ ExecStart=/usr/bin/git daemon \
+ --reuseaddr --verbose \
+ --user-path=Public/Git \
+ --base-path=/var/www/git
+
+ Restart=always
+ RestartSec=5
+
+ StandardOutput=journal
+ StandardError=journal
+ SyslogIdentifier=git-daemon
+
+ User=gitdaemon
+ Group=gitdaemon
+
+ [Install]
+ WantedBy=multi-user.target
+ dest: /etc/systemd/system/git-daemon.service
+ notify:
+ - Reload systemd.
+ - Restart git-daemon.
+
+- name: Enable git-daemon.
+ become: yes
+ systemd:
+ service: git-daemon
+ enabled: yes
+
- name: Enable Apache2 rewrite module for Gitweb.
become: yes
apache2_module: name=rewrite
marker: "# {mark} ABBEY MANAGED BLOCK"
notify: New aliases.
-- name: Install git daemon.
+- name: Install git.
become: yes
- apt: pkg=git-daemon-sysvinit
-
-- name: Configure git daemon.
- become: yes
- lineinfile:
- path: /etc/default/git-daemon
- regexp: "{{ item.patt }}"
- line: "{{ item.line }}"
- loop:
- - patt: '^GIT_DAEMON_ENABLE *='
- line: 'GIT_DAEMON_ENABLE=true'
- - patt: '^GIT_DAEMON_OPTIONS *='
- line: 'GIT_DAEMON_OPTIONS="--user-path=Public/Git"'
- - patt: '^GIT_DAEMON_BASE_PATH *='
- line: 'GIT_DAEMON_BASE_PATH="/var/www/git"'
- - patt: '^GIT_DAEMON_DIRECTORY *='
- line: 'GIT_DAEMON_DIRECTORY=" "'
- notify: Restart git daemon.
+ apt: pkg=git
- name: Create /var/www/git/.
become: yes
group: staff
mode: u=rwx,g=srwx,o=rx
+- name: Create user gitdaemon.
+ become: yes
+ user:
+ name: gitdaemon
+ group: gitdaemon
+ system: true
+ password: "!"
+ home: /var/www/git/daemon
+ shell: /usr/bin/git-shell
+
+- name: Create /var/www/git/daemon/.
+ become: yes
+ file:
+ path: /var/www/git/daemon
+ state: directory
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rwx,g=rx,o=rx
+
+- name: Create /var/www/git/daemon/.gitconfig.
+ become: yes
+ copy:
+ content: |
+ [safe]
+ directory = *
+ dest: /var/www/git/daemon/.gitconfig
+ user: gitdaemon
+ group: gitdaemon
+ mode: u=rw,g=r,o=r
+
+- name: Configure git-daemon.
+ become: yes
+ copy:
+ content: |
+ [Unit]
+ Description=Git Daemon
+ After=network.target
+
+ [Service]
+ ExecStart=/usr/bin/git daemon \
+ --reuseaddr --verbose \
+ --user-path=Public/Git \
+ --base-path=/var/www/git
+
+ Restart=always
+ RestartSec=5
+
+ StandardOutput=journal
+ StandardError=journal
+ SyslogIdentifier=git-daemon
+
+ User=gitdaemon
+ Group=gitdaemon
+
+ [Install]
+ WantedBy=multi-user.target
+ dest: /etc/systemd/system/git-daemon.service
+ notify:
+ - Reload systemd.
+ - Restart git-daemon.
+
+- name: Enable git-daemon.
+ become: yes
+ systemd:
+ service: git-daemon
+ enabled: yes
+
- name: Enable Apache2 rewrite module for Gitweb.
become: yes
apache2_module: name=rewrite
projects / Network.git / commitdiff