Deploy metadata of git repositories.

author Jakub Czajka <jakub@ekhem.eu.org>

Wed, 1 Nov 2023 21:22:21 +0000 (22:22 +0100)

committer Jakub Czajka <jczajka@google.com>

Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)
author Jakub Czajka <jakub@ekhem.eu.org>
Wed, 1 Nov 2023 21:22:21 +0000 (22:22 +0100)
committer Jakub Czajka <jczajka@google.com>
Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)
diff --git a/server.yaml b/server.yaml

index 8ab71b9dae7c931a95b4ccab4ae21567614ed24e..1d1f9bf2bbdbd4cbc856458056904d4b072d0fa9 100644 (file)
--- a/server.yaml
+++ b/server.yaml
@@ -16,6 +16,9 @@
  - name: Install matrix
    import_playbook: server/matrix.yaml
  
+- name: Install metadata
+  import_playbook: server/metadata.yaml
+
  - name: Install nginx
    import_playbook: server/nginx.yaml
  
diff --git a/server/metadata.yaml b/server/metadata.yaml

new file mode 100644 (file)

index 0000000..1a1fa1b
--- /dev/null
+++ b/server/metadata.yaml
@@ -0,0 +1,42 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  tasks:
+    - name: Checkout configuration
+      command: |
+        git --work-tree=/srv/git --git-dir=/srv/git/metadata.git checkout main \
+          --force "*.git/*"
+      become: yes
+    - name: Checkout additional configuration
+      command: |
+        git --work-tree=/etc/sudoers.d --git-dir=/srv/git/metadata_prod.git \
+          checkout main --force "90-git*"
+      become: yes
+    - name: Install ansible
+      package:
+        name:
+          - ansible
+        state: latest
+      become: yes
+    - name: Find all post-receive scripts
+      find:
+        paths: "/srv/git"
+        recurse: yes
+        patterns: "post-receive"
+      register: post_receive_scripts
+    - name: Ensure correct permissions on the post-receive scripts
+      file:
+        path: "{{ item.path }}"
+        owner: git
+        group: git
+        mode: '0744'
+      become: yes
+      with_items: "{{ post_receive_scripts.files }}"
+    - name: Ensure correct permissions on the additional configuration
+      file:
+        path: "/etc/sudoers.d/90-git"
+        owner: root
+        group: root
+        mode: '0440'
+      become: yes
diff --git a/sources.yaml b/sources.yaml

index de1946e72fd22dd399b09827b07cb3374c26825a..b6f3f991df26a1a1b2ccb8d8845c2c16bdfce58a 100644 (file)
--- a/sources.yaml
+++ b/sources.yaml
@@ -39,6 +39,11 @@ files:
      dest: "/srv/git"
      owner: "git"
      group: "www-data"
+  - name: "metadata_prod.git"
+    uid: "1L5G_bXUC2QduZlPLhS4-wmOTNMxwgCXq"
+    dest: "/srv/git"
+    owner: "git"
+    group: "www-data"
    - name: "notify.git"
      uid: "1JimiRQnm3drG8pSR_NrKs9q0ZXJ_KYzt"
      dest: "/srv/git"
author	Jakub Czajka <jakub@ekhem.eu.org>
	Wed, 1 Nov 2023 21:22:21 +0000 (22:22 +0100)
committer	Jakub Czajka <jczajka@google.com>
	Sun, 24 Dec 2023 18:46:45 +0000 (19:46 +0100)
server.yaml		patch \| blob \| history
server/metadata.yaml	[new file with mode: 0644]	patch \| blob
sources.yaml		patch \| blob \| history