From 1152d4b300cd5ff03c5642fce71bda53b5baaa6d Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 26 Jul 2025 20:03:08 +0100
Subject: Make smart http git protocol work without authentication

Ask to authenticate only when trying to push to repository. All other
operations do not require authentication anymore. Http protocol is still
not fully usable, because of the git (git) and fcgiwrap (http) are
running under different user.

`GIT_HTTP_EXPORT_ALL` was removed to forbid export of private
repositories via http protocol.
---
 roles/gitserver/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'roles/gitserver/tasks/main.yml')

diff --git a/roles/gitserver/tasks/main.yml b/roles/gitserver/tasks/main.yml
index c007c6e..9ec412f 100644
--- a/roles/gitserver/tasks/main.yml
+++ b/roles/gitserver/tasks/main.yml
@@ -65,6 +65,14 @@
     group: git
     mode: u+rwx,g+r,o+r
 
+- name: Configure git system-wide
+  ansible.builtin.copy:
+    src: files/gitconfig
+    dest: /etc/gitconfig
+    owner: git
+    group: git
+    mode: u+rwx,g+r,o+r
+
 - name: Configure git-daemon systemd service
   ansible.builtin.copy:
     src: files/git-daemon.service
-- 
cgit v1.2.3-70-g09d2