From e925453eab7024b5f169bbeef6a281c9952b1d30 Mon Sep 17 00:00:00 2001 From: Luke Hoersten Date: Sun, 5 Apr 2026 15:50:31 -0500 Subject: Add git/aws-s3-backup and git/web (cgit) roles --- git/web/handlers/main.yaml | 9 +++++++++ git/web/tasks/main.yaml | 33 +++++++++++++++++++++++++++++++ git/web/templates/cgit.nginx.conf.j2 | 38 ++++++++++++++++++++++++++++++++++++ git/web/templates/cgitrc.j2 | 18 +++++++++++++++++ 4 files changed, 98 insertions(+) create mode 100644 git/web/handlers/main.yaml create mode 100644 git/web/tasks/main.yaml create mode 100644 git/web/templates/cgit.nginx.conf.j2 create mode 100644 git/web/templates/cgitrc.j2 (limited to 'git/web') diff --git a/git/web/handlers/main.yaml b/git/web/handlers/main.yaml new file mode 100644 index 0000000..ef1d787 --- /dev/null +++ b/git/web/handlers/main.yaml @@ -0,0 +1,9 @@ +--- + +- name: restart fcgiwrap + systemd: name="fcgiwrap.service" enabled="yes" daemon_reload="yes" state="restarted" + become: yes + +- name: restart nginx + systemd: name="nginx.service" state="restarted" + become: yes diff --git a/git/web/tasks/main.yaml b/git/web/tasks/main.yaml new file mode 100644 index 0000000..58a2005 --- /dev/null +++ b/git/web/tasks/main.yaml @@ -0,0 +1,33 @@ +--- + +- name: apt install cgit and fcgiwrap + become: yes + apt: name="{{item}}" + loop: + - "cgit" + - "fcgiwrap" + - "git" + - "python3-pygments" + notify: restart fcgiwrap + +- name: configure cgit + become: yes + template: src="cgitrc.j2" dest="/etc/cgitrc" + notify: restart fcgiwrap + +- name: install cgit nginx site + become: yes + template: src="cgit.nginx.conf.j2" dest="/etc/nginx/sites-available/cgit.conf" + notify: restart nginx + +- name: enable cgit nginx site + become: yes + file: + src: "/etc/nginx/sites-available/cgit.conf" + dest: "/etc/nginx/sites-enabled/cgit.conf" + state: "link" + notify: restart nginx + +- name: ensure fcgiwrap service is started + become: yes + systemd: name="fcgiwrap.service" enabled="yes" state="started" diff --git a/git/web/templates/cgit.nginx.conf.j2 b/git/web/templates/cgit.nginx.conf.j2 new file mode 100644 index 0000000..0ddbe38 --- /dev/null +++ b/git/web/templates/cgit.nginx.conf.j2 @@ -0,0 +1,38 @@ +server { + listen 80; + listen [::]:80; + server_name {{nginx_server_name}}; + return 301 https://{{nginx_server_name}}$request_uri; +} + +server { + listen 443 ssl http2; + server_name {{nginx_server_name}}; + + ssl_certificate {{nginx_ssl_cert}}; + ssl_certificate_key {{nginx_ssl_privkey}}; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; + ssl_stapling on; + ssl_stapling_verify on; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Content-Type-Options "nosniff" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + root /usr/share/cgit; + + try_files $uri @cgit; + + location @cgit { + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:/run/fcgiwrap.socket; + } +} diff --git a/git/web/templates/cgitrc.j2 b/git/web/templates/cgitrc.j2 new file mode 100644 index 0000000..6c1a7ff --- /dev/null +++ b/git/web/templates/cgitrc.j2 @@ -0,0 +1,18 @@ +remove-suffix=1 + +root-title=src.nth.io +root-desc=Git repositories + +difftype=ssdiff + +enable-http-clone=1 +enable-index-links=1 +enable-log-filecount=1 +enable-log-linecount=1 + +source-filter=/usr/lib/cgit/filters/syntax-highlighting.py +about-filter=/usr/lib/cgit/filters/about-formatting.sh + +{% for repo in cgit_repos %} +repo.path={{cgit_repos_dir}}{{repo}}.git +{% endfor %} -- cgit v1.2.3