From 07775204c4f56cbc08fe6aaa13abba7cbe42ff95 Mon Sep 17 00:00:00 2001
From: Jakub Czajka <jakub@ekhem.eu.org>
Date: Wed, 1 Nov 2023 22:22:21 +0100
Subject: [PATCH] Deploy metadata of git repositories.

---
 server.yaml          |  3 +++
 server/metadata.yaml | 42 ++++++++++++++++++++++++++++++++++++++++++
 sources.yaml         |  5 +++++
 3 files changed, 50 insertions(+)
 create mode 100644 server/metadata.yaml

diff --git a/server.yaml b/server.yaml
index 8ab71b9..1d1f9bf 100644
--- a/server.yaml
+++ b/server.yaml
@@ -16,6 +16,9 @@
 - name: Install matrix
   import_playbook: server/matrix.yaml
 
+- name: Install metadata
+  import_playbook: server/metadata.yaml
+
 - name: Install nginx
   import_playbook: server/nginx.yaml
 
diff --git a/server/metadata.yaml b/server/metadata.yaml
new file mode 100644
index 0000000..1a1fa1b
--- /dev/null
+++ b/server/metadata.yaml
@@ -0,0 +1,42 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  tasks:
+    - name: Checkout configuration
+      command: |
+        git --work-tree=/srv/git --git-dir=/srv/git/metadata.git checkout main \
+          --force "*.git/*"
+      become: yes
+    - name: Checkout additional configuration
+      command: |
+        git --work-tree=/etc/sudoers.d --git-dir=/srv/git/metadata_prod.git \
+          checkout main --force "90-git*"
+      become: yes
+    - name: Install ansible
+      package:
+        name:
+          - ansible
+        state: latest
+      become: yes
+    - name: Find all post-receive scripts
+      find:
+        paths: "/srv/git"
+        recurse: yes
+        patterns: "post-receive"
+      register: post_receive_scripts
+    - name: Ensure correct permissions on the post-receive scripts
+      file:
+        path: "{{ item.path }}"
+        owner: git
+        group: git
+        mode: '0744'
+      become: yes
+      with_items: "{{ post_receive_scripts.files }}"
+    - name: Ensure correct permissions on the additional configuration
+      file:
+        path: "/etc/sudoers.d/90-git"
+        owner: root
+        group: root
+        mode: '0440'
+      become: yes
diff --git a/sources.yaml b/sources.yaml
index de1946e..b6f3f99 100644
--- a/sources.yaml
+++ b/sources.yaml
@@ -39,6 +39,11 @@ files:
     dest: "/srv/git"
     owner: "git"
     group: "www-data"
+  - name: "metadata_prod.git"
+    uid: "1L5G_bXUC2QduZlPLhS4-wmOTNMxwgCXq"
+    dest: "/srv/git"
+    owner: "git"
+    group: "www-data"
   - name: "notify.git"
     uid: "1JimiRQnm3drG8pSR_NrKs9q0ZXJ_KYzt"
     dest: "/srv/git"
-- 
2.39.5