forge

5 months ago · c6f68a5d3f
parent c3c3907b5b
commit c6f68a5d3f
18 changed files with 184 additions and 0 deletions
--- a/forge/gitrepo/addrepo.sh
+++ b/forge/gitrepo/addrepo.sh
@ -0,0 +1 @@
+ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml
--- a/forge/gitrepo/ansible.cfg
+++ b/forge/gitrepo/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = hosts
+
--- a/forge/gitrepo/hosts
+++ b/forge/gitrepo/hosts
@ -0,0 +1 @@
+gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3"
--- a/forge/gitrepo/playbook.yml
+++ b/forge/gitrepo/playbook.yml
@ -0,0 +1,25 @@
+- hosts: gitserver
+  vars:
+    domain: "forge.myforge.fr"
+    git_repos: /home/git
+    git_user: git
+  vars_prompt:
+    - name: repo_name
+      prompt: "What is the name of the new repository's you need to create?"
+      private: false
+
+  tasks:
+    - name: make a bare repo named "{{ repo_name }}"
+      ansible.builtin.shell: "git init --bare --shared {{ repo_name }}.git"
+      args:
+        chdir: "{{ git_repos }}"
+        creates: "{{ repo_name }}.git"
+      become_user: "{{ git_user }}"
+
+    - name: Change repo's group and permissions
+      ansible.builtin.file:
+        path: "{{ git_repos }}/{{ repo_name }}.git"
+        state: directory
+        group: git
+        mode: '0770'
+        recurse: yes
--- a/forge/gitrepo/readme.rst
+++ b/forge/gitrepo/readme.rst
@ -0,0 +1,30 @@
+Defder.fr git repository server
+=================================
+
+Description
+-----------
+
+The repo is just a bare git shared over ssh.
+
+Usage
+-------
+
+`git clone`
+
+If you need to clone a repo::
+
+    git clone git@myforge.fr:{{repo_name}}.git
+
+New repo
+-----------
+
+If you need to make a new repository,
+
+1. Install ansible (`apt install ansible-core` on ubuntu, or simply `pip install ansible`).
+
+.. attention:: Ansible does not work on a windows system.
+
+2. Launch the `run_playbook.sh` script::
+
+    gitrepo (main =) $ ./run_playbook.sh
+    What is the new repository's name?: myrepo
--- a/forge/gitserver/ansible.cfg
+++ b/forge/gitserver/ansible.cfg
@ -0,0 +1,4 @@
+[defaults]
+host_key_checking = false
+inventory = hosts
+
--- a/forge/gitserver/gitrepo.yml
+++ b/forge/gitserver/gitrepo.yml
@ -0,0 +1,7 @@
+- hosts: gitserver
+  become: true
+  become_method: sudo
+
+  roles:
+    - common
+    - git
--- a/forge/gitserver/hosts
+++ b/forge/gitserver/hosts
@ -0,0 +1 @@
+gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3"
--- a/forge/gitserver/install.sh
+++ b/forge/gitserver/install.sh
@ -0,0 +1,2 @@
+#ansible-playbook gitrepo.yml
+ansible-playbook --private-key mykey.key gitrepo.yml
--- a/forge/gitserver/readme.rst
+++ b/forge/gitserver/readme.rst
@ -0,0 +1,13 @@
+git ssh repo
+==================
+
+Clone a repository
+-----------------------
+
+To clone a repo, do::
+
+    git clone git@myaddress.site:myproject.git
+
+this is a shorthand for::
+
+    git clone ssh://git@myaddress/home/git/myproject.git
--- a/forge/gitserver/roles/common/meta/.galaxy_install_info
+++ b/forge/gitserver/roles/common/meta/.galaxy_install_info
@ -0,0 +1,2 @@
+install_date: "dim. 02 f\xE9vr. 2025 11:21:06"
+version: 1.0.0
--- a/forge/gitserver/roles/common/meta/main.yml
+++ b/forge/gitserver/roles/common/meta/main.yml
@ -0,0 +1,12 @@
+---
+galaxy_info:
+  author: Gwen
+  description: Ansible role to update, upgrade and add somme paquets
+  company: defder
+  license: MIT
+  platforms:
+    - name: Ubuntu
+  galaxy_tags:
+    - apt
+dependencies: []
+
--- a/forge/gitserver/roles/common/tasks/main.yml
+++ b/forge/gitserver/roles/common/tasks/main.yml
@ -0,0 +1,26 @@
+---
+- name: Update & upgrade system
+  apt:
+    update_cache: yes
+    upgrade: dist
+  tags:
+    - update
+
+- name: Install required packages
+  apt:
+    name:
+      - htop
+      - vim
+      - locales
+      - python-is-python3
+      - python3-pip
+      - wget
+      - zip
+      - bzip2
+      - vim-common
+      - screen
+      - curl
+      - git
+      - unzip
+    state: present
+
--- a/forge/gitserver/roles/git/files/gwen.pub
+++ b/forge/gitserver/roles/git/files/gwen.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen
--- a/forge/gitserver/roles/git/files/selcuk.pub
+++ b/forge/gitserver/roles/git/files/selcuk.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com
--- a/forge/gitserver/roles/git/tasks/main.yml
+++ b/forge/gitserver/roles/git/tasks/main.yml
@ -0,0 +1,37 @@
+---
+- name: Ensure that the git group exists
+  ansible.builtin.group:
+    name: "{{ git_group }}"
+    state: present
+
+- name: add git user
+  ansible.builtin.user:
+    name: "{{ git_user }}"
+    home: "{{ git_homedir }}"
+    create_home: yes
+    shell: "/bin/bash"
+    groups: "{{ git_group }}"
+    append: true
+    state: present
+
+#- name: add authorized_key to user
+#  ansible.posix.authorized_key:
+#    user: git
+#    state: present
+#    key: "{{ lookup('file', 'files/XXX.pub') }}"
+
+- name: Add authorized_key for users
+  ansible.posix.authorized_key:
+    user: "{{ item.user }}"
+    state: present
+    key: "{{ lookup('file', 'files/' + item.key) }}"
+  loop: "{{ users }}"
+
+#- name: create repositories directory
+#  ansible.builtin.file:
+#    path: "{{ git_repos }}"
+#    owner: "{{ git_user }}"
+#    group: "{{ git_group }}"
+#    state: directory
+#    mode: u=rwx,g=rwx,o=r
+
--- a/forge/gitserver/roles/git/vars/main.yml
+++ b/forge/gitserver/roles/git/vars/main.yml
@ -0,0 +1,10 @@
+git_user: git
+git_homedir: /home/git
+git_group: git
+git_repos: /home/git
+users:
+  - user: "git"
+    key: "gwen.pub"
+  - user: "git"
+    key: "selcuk.pub"
+
--- a/forge/gitserver/todo.txt
+++ b/forge/gitserver/todo.txt
@ -0,0 +1,7 @@
+TODO
+========
+
+- mettre la ssh-key dans un inventory en yaml et pas dans la ligne de commande
+- sécurisation du serveur (interdire ssh root, creer un compte admin de ssh, 
+  ufw, port ssh 2222, ...)
+
				`@ -0,0 +1 @@`
				`ansible-playbook -i hosts --private-key myprivatekey.key playbook.yml`
				`@ -0,0 +1 @@`
				`gitserver ansible_host="{{ domain }}" ansible_ssh_user="{{ git_user }}" ansible_python_interpreter="/usr/bin/python3"`
				`@ -0,0 +1 @@`
				`gitserver ansible_host=forge.myforge.fr ansible_ssh_user=root ansible_python_interpreter="/usr/bin/python3"`
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDem+BGBCt8Sf/tzWJmWYJKiEWI0GQn9xLfpo+KCnnJmHV2tv9a1a5ED4IJttXjqdlMrENIe6g0MBxbcqxtgLKUvYhNpw0eKz1zUOec1WzcPh+K7VRMYKBDTemUl5Tw4tw9IQe8XtoT64YsG+YJJlZ/WxgIRUDf4VGpEgpxGf9o+6bDwNaSlZcc24+Rm4EHGPFfCz0OdLMECUrW+PrhmES+mlFcCBxcOsdWPl1GZ0nGiyfbK8ozgaLHwgOXR0D0eYOYyfkWmqlwrMgv2ZkhTbgRwfNxgDljlz4cK78Cp5hNBwTacX9r3t7763V+6LdCKpJtY5h5C036lfWhmU8n0rcx gwen@gwen`
				`@ -0,0 +1 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoeAXaO4A5BykCzy5SA0wnI2AcAcSwt8XfuxaV/bTYmY1st4yH8JeEGsVB6qLVGJ9PWgkn0Avt4r8W+aF81duMDnH5F2vU18dtyBh/tmn4iTmEdqHIoz2OFGjvtYxr7t9RIgTiaHoJ6Mc73YrrFMTZo3HJZarP+I29slaeMHgYq4UrwMHhNQ24BProg4RrIt8Xcts8OqgJSYGuI4mPF7vRbNSiCk8mmjuUQX4IPP0jWKka+kO8EUEYjeK6oivdHxbYh8FeZZJP39NUPu0Q2ldu6jV1mfIgGfg2TAMB5gcaivWXpzTx4NhXcmq+oymIhvTd106ch8dWUF7bijeghN0sdc+uz43YXMzV3OdlfK7esxu9W05Iea7THFtywkbqu1N5nXHNtAvgDV+hNEKdE0mLJpq/qt+li4tvkDT5aXxGxwaXhgH0/0upHjUQY2OPP769y9JhsJnnK4D3YwtUtzUxNhmvV26Qsd9IKSVnHh+opG0XTJrGWs8Qko+cHCouVRdVQ0KwyGrdHMy2+R8IJvTa6DISBX/C72GYjZeJE5W3C4Q62t6hXtPWl+zEtCwqKaDQXswKuVvL8ZnacgS6/qYcU2HfYbmuGHM/59u7x4oI7ehZZvyqx1gNuJGM85XBm15ke3DF14UlppJlgFg3ED97Vf1AvdnYECC7V7zrwZwtQQ== selcukcemoglu@gmail.com