diff --git a/forge/gitrepo/addrepo.sh b/forge/gitrepo/addrepo.sh new file mode 100755 index 0000000..2b701ee --- /dev/null +++ b/forge/gitrepo/addrepo.sh @@ -0,0 +1 @@ +ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml diff --git a/forge/gitrepo/ansible.cfg b/forge/gitrepo/ansible.cfg new file mode 100644 index 0000000..b291086 --- /dev/null +++ b/forge/gitrepo/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = hosts + diff --git a/forge/gitrepo/hosts b/forge/gitrepo/hosts new file mode 100644 index 0000000..f602966 --- /dev/null +++ b/forge/gitrepo/hosts @@ -0,0 +1 @@ +gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3" diff --git a/forge/gitrepo/playbook.yml b/forge/gitrepo/playbook.yml new file mode 100644 index 0000000..f1bf7c0 --- /dev/null +++ b/forge/gitrepo/playbook.yml @@ -0,0 +1,25 @@ +- hosts: gitserver + vars: + domain: "forge.myforge.fr" + git_repos: /home/git + git_user: git + vars_prompt: + - name: repo_name + prompt: "What is the name of the new repository's you need to create?" + private: false + + tasks: + - name: make a bare repo named "{{ repo_name }}" + ansible.builtin.shell: "git init --bare --shared {{ repo_name }}.git" + args: + chdir: "{{ git_repos }}" + creates: "{{ repo_name }}.git" + become_user: "{{ git_user }}" + + - name: Change repo's group and permissions + ansible.builtin.file: + path: "{{ git_repos }}/{{ repo_name }}.git" + state: directory + group: git + mode: '0770' + recurse: yes diff --git a/forge/gitrepo/readme.rst b/forge/gitrepo/readme.rst new file mode 100644 index 0000000..5c0188b --- /dev/null +++ b/forge/gitrepo/readme.rst @@ -0,0 +1,30 @@ +Defder.fr git repository server +================================= + +Description +----------- + +The repo is just a bare git shared over ssh. + +Usage +------- + +`git clone` + +If you need to clone a repo:: + + git clone git@myforge.fr:{{repo_name}}.git + +New repo +----------- + +If you need to make a new repository, + +1. Install ansible (`apt install ansible-core` on ubuntu, or simply `pip install ansible`). + +.. attention:: Ansible does not work on a windows system. + +2. Launch the `run_playbook.sh` script:: + + gitrepo (main =) $ ./run_playbook.sh + What is the new repository's name?: myrepo diff --git a/forge/gitserver/ansible.cfg b/forge/gitserver/ansible.cfg new file mode 100755 index 0000000..b291086 --- /dev/null +++ b/forge/gitserver/ansible.cfg @@ -0,0 +1,4 @@ +[defaults] +host_key_checking = false +inventory = hosts + diff --git a/forge/gitserver/gitrepo.yml b/forge/gitserver/gitrepo.yml new file mode 100755 index 0000000..82d3a54 --- /dev/null +++ b/forge/gitserver/gitrepo.yml @@ -0,0 +1,7 @@ +- hosts: gitserver + become: true + become_method: sudo + + roles: + - common + - git diff --git a/forge/gitserver/hosts b/forge/gitserver/hosts new file mode 100755 index 0000000..7d4b0fb --- /dev/null +++ b/forge/gitserver/hosts @@ -0,0 +1 @@ +gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3" diff --git a/forge/gitserver/install.sh b/forge/gitserver/install.sh new file mode 100755 index 0000000..1c7c12e --- /dev/null +++ b/forge/gitserver/install.sh @@ -0,0 +1,2 @@ +#ansible-playbook gitrepo.yml +ansible-playbook --private-key mykey.key gitrepo.yml diff --git a/forge/gitserver/readme.rst b/forge/gitserver/readme.rst new file mode 100755 index 0000000..2439f2f --- /dev/null +++ b/forge/gitserver/readme.rst @@ -0,0 +1,13 @@ +git ssh repo +================== + +Clone a repository +----------------------- + +To clone a repo, do:: + + git clone git@myaddress.site:myproject.git + +this is a shorthand for:: + + git clone ssh://git@myaddress/home/git/myproject.git diff --git a/forge/gitserver/roles/common/meta/.galaxy_install_info b/forge/gitserver/roles/common/meta/.galaxy_install_info new file mode 100644 index 0000000..58d4a32 --- /dev/null +++ b/forge/gitserver/roles/common/meta/.galaxy_install_info @@ -0,0 +1,2 @@ +install_date: "dim. 02 f\xE9vr. 2025 11:21:06" +version: 1.0.0 diff --git a/forge/gitserver/roles/common/meta/main.yml b/forge/gitserver/roles/common/meta/main.yml new file mode 100644 index 0000000..a29b711 --- /dev/null +++ b/forge/gitserver/roles/common/meta/main.yml @@ -0,0 +1,12 @@ +--- +galaxy_info: + author: Gwen + description: Ansible role to update, upgrade and add somme paquets + company: defder + license: MIT + platforms: + - name: Ubuntu + galaxy_tags: + - apt +dependencies: [] + diff --git a/forge/gitserver/roles/common/tasks/main.yml b/forge/gitserver/roles/common/tasks/main.yml new file mode 100755 index 0000000..9ae3520 --- /dev/null +++ b/forge/gitserver/roles/common/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: Update & upgrade system + apt: + update_cache: yes + upgrade: dist + tags: + - update + +- name: Install required packages + apt: + name: + - htop + - vim + - locales + - python-is-python3 + - python3-pip + - wget + - zip + - bzip2 + - vim-common + - screen + - curl + - git + - unzip + state: present + diff --git a/forge/gitserver/roles/git/files/gwen.pub b/forge/gitserver/roles/git/files/gwen.pub new file mode 100644 index 0000000..f35b549 --- /dev/null +++ b/forge/gitserver/roles/git/files/gwen.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen diff --git a/forge/gitserver/roles/git/files/selcuk.pub b/forge/gitserver/roles/git/files/selcuk.pub new file mode 100644 index 0000000..5710b10 --- /dev/null +++ b/forge/gitserver/roles/git/files/selcuk.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com diff --git a/forge/gitserver/roles/git/tasks/main.yml b/forge/gitserver/roles/git/tasks/main.yml new file mode 100644 index 0000000..73fd977 --- /dev/null +++ b/forge/gitserver/roles/git/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Ensure that the git group exists + ansible.builtin.group: + name: "{{ git_group }}" + state: present + +- name: add git user + ansible.builtin.user: + name: "{{ git_user }}" + home: "{{ git_homedir }}" + create_home: yes + shell: "/bin/bash" + groups: "{{ git_group }}" + append: true + state: present + +#- name: add authorized_key to user +# ansible.posix.authorized_key: +# user: git +# state: present +# key: "{{ lookup('file', 'files/XXX.pub') }}" + +- name: Add authorized_key for users + ansible.posix.authorized_key: + user: "{{ item.user }}" + state: present + key: "{{ lookup('file', 'files/' + item.key) }}" + loop: "{{ users }}" + +#- name: create repositories directory +# ansible.builtin.file: +# path: "{{ git_repos }}" +# owner: "{{ git_user }}" +# group: "{{ git_group }}" +# state: directory +# mode: u=rwx,g=rwx,o=r + diff --git a/forge/gitserver/roles/git/vars/main.yml b/forge/gitserver/roles/git/vars/main.yml new file mode 100644 index 0000000..dd6edb1 --- /dev/null +++ b/forge/gitserver/roles/git/vars/main.yml @@ -0,0 +1,10 @@ +git_user: git +git_homedir: /home/git +git_group: git +git_repos: /home/git +users: + - user: "git" + key: "gwen.pub" + - user: "git" + key: "selcuk.pub" + diff --git a/forge/gitserver/todo.txt b/forge/gitserver/todo.txt new file mode 100644 index 0000000..494e78a --- /dev/null +++ b/forge/gitserver/todo.txt @@ -0,0 +1,7 @@ +TODO +======== + +- mettre la ssh-key dans un inventory en yaml et pas dans la ligne de commande +- sécurisation du serveur (interdire ssh root, creer un compte admin de ssh, + ufw, port ssh 2222, ...) +