RISCI_ATOM
/
pagure
mirror of https://pagure.io/pagure.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
							---

- include: clamav.yml
- include: eventsource.yml
#- include: gitolite.yml
- include: milter.yml
- include: postgres.yml

- name: Install helpful development packages
  dnf:
    name:
      - git
      - ngrep
      - nmap-ncat
      - python3-rpdb
      - tmux
      - tree
      - vim-enhanced
      - python3-pip
      - httpd
    state: present

- name: Install Pagure development packages
  dnf:
    name:
      - python3-alembic
      - python3-arrow
      - python3-binaryornot
      - python3-bleach
      - python3-blinker
      - python3-celery
      - python3-chardet
      - python3-cryptography
      - python3-docutils
      - python3-email-validator
      - python3-eventlet
      - python3-fedora-flask
      - python3-flask
      - python3-flask-oidc
      - python3-flask-wtf
      - python3-jinja2
      - python3-markdown
      - python3-munch
      - python3-mock
      - python3-openid-cla
      - python3-openid-teams
      - python3-pillow
      - python3-pip
      - python3-psutil
      - python3-pygit2
      - python3-redis
      - python3-sqlalchemy
      - python3-straight-plugin
      - python3-virtualenvwrapper
      - python3-whitenoise
      - python3-wtforms
      - python3-devel
      - python3-devel
      - python3-bcrypt
      - redhat-rpm-config
    state: latest

- name: Create the folder where we'll place the symbolic link for pagure
  file:
    path: /usr/local/lib/python3.7/site-packages/
    state: directory

- name: Create symbolic link for pagure to be in the python path
  file:
    src: /srv/pagure/pagure
    dest: /usr/local/lib/python3.7/site-packages/pagure
    state: link

- name: Create symbolic link for python to be py3 by default
  file:
    src: /usr/bin/python3
    dest: /usr/bin/python
    state: link

# Add various helpful configuration files
- name: Install a custom bashrc
  become_user: "{{ ansible_env.SUDO_USER }}"
  copy: src=bashrc dest=/home/{{ ansible_env.SUDO_USER }}/.bashrc

- name: Install the message of the day
  copy: src=motd dest=/etc/motd

- name: Remove the motd duplicate
  pamd:
    name: sshd
    type: session
    control: optional
    module_path: pam_motd.so
    state: absent

- name: populate bash history
  become_user: "{{ ansible_env.SUDO_USER }}"
  copy: src=bash_history dest=/home/{{ ansible_env.SUDO_USER }}/.bash_history


# Configure pagure

- name: Create the git user and group
  command: useradd --create-home --home-dir=/srv/git/ git
           creates=/srv/git/

- name: create the /attachments folder
  file: state=directory
        path=/srv/attachments
        owner=git group=git mode=0775

- name: Adjust owner of /srv/git
  file: name=/srv/git state=directory recurse=yes owner=git group=git

- name: create all the directories used by pagure
  file: state=directory
        path={{ item }}
        owner=git group=git mode=0775
  with_items:
  - /srv/git/repositories/
  - /srv/git/repositories/forks
  - /srv/git/repositories/docs
  - /srv/git/repositories/tickets
  - /srv/git/repositories/requests
  - /srv/git/remotes
  - /var/www/releases
  - /var/www/archives
  - /srv/tmp

- name: create the /etc/pagure folder for the config
  file: state=directory
        path=/etc/pagure
        owner=git group=git mode=0775


# Set things up for the mirroring feature

- name: create the `paguremirroring` group
  group:
      name: paguremirroring
      state: present

- name: create the `paguremirroring` user
  user:
      name: paguremirroring
      group: paguremirroring
      groups: paguremirroring,git
      shell: /bin/nologin
      home: /srv/mirror


# Configure the web app

- name: Install the pagure configuration
  copy:
    src: pagure.cfg
    dest: /etc/pagure/pagure.cfg
    owner: git
    group: git
    mode: 0644

- name: Add a working copy of alembic.ini
  copy:
    src: /srv/pagure/files/alembic.ini
    dest: /etc/pagure/alembic.ini
    owner: git
    group: git
    mode: 0644
    remote_src: True

- name: Configure alembic to use our development database
  replace:
    dest: /etc/pagure/alembic.ini
    regexp: "sqlalchemy.url = sqlite:////var/tmp/pagure_dev.sqlite"
    replace: "sqlalchemy.url = sqlite:////srv/git/pagure_dev.sqlite"

- name: Configure alembic to point to the pagure migration folder
  replace:
    dest: /etc/pagure/alembic.ini
    regexp: "script_location = /usr/share/pagure/alembic"
    replace: "script_location = /srv/pagure/alembic/"

- name: Create the Pagure database
  become_user: git
  command: python3 /srv/pagure/createdb.py
  environment:
      PAGURE_CONFIG: /etc/pagure/pagure.cfg
  args:
    creates: /srv/git/pagure_dev.sqlite

- name: Stamp the database with its current migration
  become_user: git
  shell: alembic-3 stamp $(alembic-3 heads | awk '{ print $1 }')
  args:
    chdir: "/etc/pagure"

- name: Install the Pagure service files for systemd
  copy:
    src: "{{ item }}"
    dest: /etc/systemd/system/{{ item }}
  with_items:
    - pagure.service
    - pagure-docs.service
    - pagure_ci.service
    - pagure_ev.service
    - pagure_webhook.service
    - pagure_worker.service
    - pagure_authorized_keys_worker.service

- name: let paguremirroring read the pagure config
  command: /usr/bin/setfacl -m user:paguremirroring:rx /etc/pagure/pagure.cfg

- name: Add default facl so apache can read git repos
  acl: default=yes etype=user entity=apache permissions="rx" name=/srv/git state=present
  register: acl_updates

- name: Manually fix current default ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rdm user:apache:rx /srv/git

- name: Manually fix current ACLs since Ansible doesnt know recursive acls
  when: acl_updates.changed
  command: /usr/bin/setfacl -Rm user:apache:rx /srv/git

- name: Turn off SELinux, this dev box is doing too many unwdily things
  command: setenforce 0

- name: Turn off SELinux accross reboot
  replace:
    dest: /etc/selinux/config
    regexp: "SELINUX=enforcing"
    replace: "SELINUX=permissive"

- name: Enable and start the all services needed
  systemd:
    daemon_reload: yes
    name: "{{ item }}"
    enabled: True
    state: started
  with_items:
    - httpd
    - redis
    - pagure
    - pagure-docs
    - pagure_ci
    - pagure_ev
    - pagure_webhook
    - pagure_worker
    - pagure_authorized_keys_worker