3 files changed, 19 insertions, 2 deletions

diff --git a/roles/gitserver/files/git.conf b/roles/gitserver/files/git.conf
index 3d6d6a3..f4e880d 100644
--- a/roles/gitserver/files/git.conf
+++ b/roles/gitserver/files/git.conf
@@ -1,7 +1,15 @@
 # Source: https://gist.github.com/kierdwyn/3745400e6a184f621b92
 
 location ~ /.+/(info/refs|git-upload-pack|git-receive-pack) {
-    auth_basic "Restricted";
+    # Disable authentication by default.
+    set $auth off;
+
+    # Require authentication for push.
+    if ($request ~ git-receive-pack) {
+        set $auth "Restricted";
+    }
+
+    auth_basic $auth;
     auth_basic_user_file /etc/nginx/auth/git/.htpasswd;
 
     # Set chunks to unlimited, as the body's can be huge.
@@ -9,7 +17,6 @@ location ~ /.+/(info/refs|git-upload-pack|git-receive-pack) {
 
     include fastcgi_params;
     fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
-    fastcgi_param GIT_HTTP_EXPORT_ALL "";
     fastcgi_param GIT_PROJECT_ROOT /srv/git;
     fastcgi_param PATH_INFO $uri;
     # Forward REMOTE_USER as we want to know when we are authenticated.
diff --git a/roles/gitserver/files/gitconfig b/roles/gitserver/files/gitconfig
new file mode 100644
index 0000000..3209b9f
--- /dev/null
+++ b/roles/gitserver/files/gitconfig
@@ -0,0 +1,2 @@
+[safe]
+	directory = /srv/git/*
diff --git a/roles/gitserver/tasks/main.yml b/roles/gitserver/tasks/main.yml
index c007c6e..9ec412f 100644
--- a/roles/gitserver/tasks/main.yml
+++ b/roles/gitserver/tasks/main.yml
@@ -65,6 +65,14 @@
     group: git
     mode: u+rwx,g+r,o+r
 
+- name: Configure git system-wide
+  ansible.builtin.copy:
+    src: files/gitconfig
+    dest: /etc/gitconfig
+    owner: git
+    group: git
+    mode: u+rwx,g+r,o+r
+
 - name: Configure git-daemon systemd service
   ansible.builtin.copy:
     src: files/git-daemon.service