forge

5 months ago · c6f68a5d3f
parent c3c3907b5b
commit c6f68a5d3f
18 changed files with 184 additions and 0 deletions
--- a/forge/gitrepo/addrepo.sh
+++ b/forge/gitrepo/addrepo.sh
@ -0,0 +1 @@
 ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml
--- a/forge/gitrepo/ansible.cfg
+++ b/forge/gitrepo/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = hosts
--- a/forge/gitrepo/hosts
+++ b/forge/gitrepo/hosts
@ -0,0 +1 @@
 gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3"
--- a/forge/gitrepo/playbook.yml
+++ b/forge/gitrepo/playbook.yml
@ -0,0 +1,25 @@
 - hosts: gitserver
  vars:
    domain: "forge.myforge.fr"
    git_repos: /home/git
    git_user: git
  vars_prompt:
    - name: repo_name
      prompt: "What is the name of the new repository's you need to create?"
      private: false
  tasks:
    - name: make a bare repo named "{{ repo_name }}"
      ansible.builtin.shell: "git init --bare --shared {{ repo_name }}.git"
      args:
        chdir: "{{ git_repos }}"
        creates: "{{ repo_name }}.git"
      become_user: "{{ git_user }}"
    - name: Change repo's group and permissions
      ansible.builtin.file:
        path: "{{ git_repos }}/{{ repo_name }}.git"
        state: directory
        group: git
        mode: '0770'
        recurse: yes
--- a/forge/gitrepo/readme.rst
+++ b/forge/gitrepo/readme.rst
@ -0,0 +1,30 @@
 Defder.fr git repository server
 =================================
 Description
 -----------
 The repo is just a bare git shared over ssh.
 Usage
 -------
 `git clone`
 If you need to clone a repo::
    git clone git@myforge.fr:{{repo_name}}.git
 New repo
 -----------
 If you need to make a new repository,
 1. Install ansible (`apt install ansible-core` on ubuntu, or simply `pip install ansible`).
 .. attention:: Ansible does not work on a windows system.
 2. Launch the `run_playbook.sh` script::
    gitrepo (main =) $ ./run_playbook.sh
    What is the new repository's name?: myrepo
--- a/forge/gitserver/ansible.cfg
+++ b/forge/gitserver/ansible.cfg
@ -0,0 +1,4 @@
 [defaults]
 host_key_checking = false
 inventory = hosts
--- a/forge/gitserver/gitrepo.yml
+++ b/forge/gitserver/gitrepo.yml
@ -0,0 +1,7 @@
 - hosts: gitserver
  become: true
  become_method: sudo
  roles:
    - common
    - git
--- a/forge/gitserver/hosts
+++ b/forge/gitserver/hosts
@ -0,0 +1 @@
 gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3"
--- a/forge/gitserver/install.sh
+++ b/forge/gitserver/install.sh
@ -0,0 +1,2 @@
 #ansible-playbook gitrepo.yml
 ansible-playbook --private-key mykey.key gitrepo.yml
--- a/forge/gitserver/readme.rst
+++ b/forge/gitserver/readme.rst
@ -0,0 +1,13 @@
 git ssh repo
 ==================
 Clone a repository
 -----------------------
 To clone a repo, do::
    git clone git@myaddress.site:myproject.git
 this is a shorthand for::
    git clone ssh://git@myaddress/home/git/myproject.git
--- a/forge/gitserver/roles/common/meta/.galaxy_install_info
+++ b/forge/gitserver/roles/common/meta/.galaxy_install_info
@ -0,0 +1,2 @@
 install_date: "dim. 02 f\xE9vr. 2025 11:21:06"
 version: 1.0.0
--- a/forge/gitserver/roles/common/meta/main.yml
+++ b/forge/gitserver/roles/common/meta/main.yml
@ -0,0 +1,12 @@
 ---
 galaxy_info:
  author: Gwen
  description: Ansible role to update, upgrade and add somme paquets
  company: defder
  license: MIT
  platforms:
    - name: Ubuntu
  galaxy_tags:
    - apt
 dependencies: []
--- a/forge/gitserver/roles/common/tasks/main.yml
+++ b/forge/gitserver/roles/common/tasks/main.yml
@ -0,0 +1,26 @@
 ---
 - name: Update & upgrade system
  apt:
    update_cache: yes
    upgrade: dist
  tags:
    - update
 - name: Install required packages
  apt:
    name:
      - htop
      - vim
      - locales
      - python-is-python3
      - python3-pip
      - wget
      - zip
      - bzip2
      - vim-common
      - screen
      - curl
      - git
      - unzip
    state: present
--- a/forge/gitserver/roles/git/files/gwen.pub
+++ b/forge/gitserver/roles/git/files/gwen.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen
--- a/forge/gitserver/roles/git/files/selcuk.pub
+++ b/forge/gitserver/roles/git/files/selcuk.pub
@ -0,0 +1 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com
--- a/forge/gitserver/roles/git/tasks/main.yml
+++ b/forge/gitserver/roles/git/tasks/main.yml
@ -0,0 +1,37 @@
 ---
 - name: Ensure that the git group exists
  ansible.builtin.group:
    name: "{{ git_group }}"
    state: present
 - name: add git user
  ansible.builtin.user:
    name: "{{ git_user }}"
    home: "{{ git_homedir }}"
    create_home: yes
    shell: "/bin/bash"
    groups: "{{ git_group }}"
    append: true
    state: present
 #- name: add authorized_key to user
 #  ansible.posix.authorized_key:
 #    user: git
 #    state: present
 #    key: "{{ lookup('file', 'files/XXX.pub') }}"
 - name: Add authorized_key for users
  ansible.posix.authorized_key:
    user: "{{ item.user }}"
    state: present
    key: "{{ lookup('file', 'files/' + item.key) }}"
  loop: "{{ users }}"
 #- name: create repositories directory
 #  ansible.builtin.file:
 #    path: "{{ git_repos }}"
 #    owner: "{{ git_user }}"
 #    group: "{{ git_group }}"
 #    state: directory
 #    mode: u=rwx,g=rwx,o=r
--- a/forge/gitserver/roles/git/vars/main.yml
+++ b/forge/gitserver/roles/git/vars/main.yml
@ -0,0 +1,10 @@
 git_user: git
 git_homedir: /home/git
 git_group: git
 git_repos: /home/git
 users:
  - user: "git"
    key: "gwen.pub"
  - user: "git"
    key: "selcuk.pub"
--- a/forge/gitserver/todo.txt
+++ b/forge/gitserver/todo.txt
@ -0,0 +1,7 @@
 TODO
 ========
 - mettre la ssh-key dans un inventory en yaml et pas dans la ligne de commande
 - sécurisation du serveur (interdire ssh root, creer un compte admin de ssh, 
  ufw, port ssh 2222, ...)
		`@ -0,0 +1 @@`
							`ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml`
		`@ -0,0 +1 @@`
							`gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3"`
		`@ -0,0 +1 @@`
							`gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3"`
		`@ -0,0 +1,2 @@`
							`#ansible-playbook gitrepo.yml`
							`ansible-playbook --private-key mykey.key gitrepo.yml`
		`@ -0,0 +1,2 @@`
							`install_date: "dim. 02 f\xE9vr. 2025 11:21:06"`
							`version: 1.0.0`
		`@ -0,0 +1 @@`
							`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen`
		`@ -0,0 +1 @@`
							ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com