From c6483994e13a62551ef22ed75433582b0ac96813 Mon Sep 17 00:00:00 2001 From: Dmitry Ilvokhin Date: Fri, 3 May 2024 20:46:45 +0100 Subject: Do not export everything with git-daemon We should export only repositories with git-daemon-export-ok file inside. --- roles/gitserver/files/git-daemon.service | 14 ++++++++++++++ roles/gitserver/tasks/main.yml | 11 ++++++++++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 roles/gitserver/files/git-daemon.service (limited to 'roles/gitserver') diff --git a/roles/gitserver/files/git-daemon.service b/roles/gitserver/files/git-daemon.service new file mode 100644 index 0000000..e08d066 --- /dev/null +++ b/roles/gitserver/files/git-daemon.service @@ -0,0 +1,14 @@ +[Unit] +Description=Git Daemon Instance + +[Service] +User=git +# The '-' is to ignore non-zero exit statuses +ExecStart=-/usr/lib/git-core/git-daemon --inetd --base-path=/srv/git +StandardInput=socket +StandardOutput=inherit +StandardError=journal +ProtectSystem=full +ProtectHome=on +PrivateDevices=on +NoNewPrivileges=on diff --git a/roles/gitserver/tasks/main.yml b/roles/gitserver/tasks/main.yml index fb1377e..fdcf55a 100644 --- a/roles/gitserver/tasks/main.yml +++ b/roles/gitserver/tasks/main.yml @@ -65,11 +65,20 @@ group: git mode: u+rwx,g+r,o+r +- name: Configure git-daemon systemd service + ansible.builtin.copy: + src: files/git-daemon.service + dest: /usr/lib/systemd/system/git-daemon@.service + owner: root + group: root + mode: u+rw,g+r,o+r + - name: Enable git-daemon - ansible.builtin.service: + ansible.builtin.systemd_service: name: git-daemon.socket enabled: yes state: started + daemon_reload: true - name: Setup auth directory for git ansible.builtin.file: -- cgit v1.2.3-70-g09d2