python-discord · jb3 · Aug 26, 2024 · Aug 26, 2024 · Aug 26, 2024 · Aug 26, 2024
diff --git a/ansible/roles/git-mirrors/tasks/main.yml b/ansible/roles/git-mirrors/tasks/main.yml
@@ -16,9 +16,18 @@
   tags:
     - role::git-mirrors
 
+- name: Install moreutils for cron utilities
+  package:
+    state: present
+    name:
+      - moreutils
+  tags:
+    - role::git-mirrors
+
 - name: Create mirroring user
   user:
     state: present
+    system: true
     name: "{{ git_mirrors_user }}"
     home: "{{ git_mirrors_base_dir }}"
   tags:
@@ -52,9 +61,13 @@
 - name: Clone repositories # noqa: command-instead-of-module
   become: true
   become_user: "{{ git_mirrors_user }}"
-  command: >
-    git clone --mirror https://github.com/{{ item.owner }}/{{ item.repo }}.git {{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}
-  args:
+  command:
+    argv:
+      - "git"
+      - "clone"
+      - "--mirror"
+      - "https://github.com/{{ item.owner }}/{{ item.repo }}.git"
+      - "{{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}"
     creates: "{{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}"
   with_items:
     - "{{ git_mirrors_mirrored_repositories }}"
@@ -67,7 +80,7 @@
     dest: "{{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}/description"
     owner: "{{ git_mirrors_user }}"
     group: "{{ git_mirrors_user }}"
-    mode: "0644"
+    mode: "0444"
   with_items:
     - "{{ git_mirrors_mirrored_repositories }}"
   tags:
@@ -77,7 +90,7 @@
   template:
     src: cgitrc.j2
     dest: /etc/cgitrc
-    mode: "0644"
+    mode: "0444"
     owner: root
     group: root
   tags:
@@ -101,8 +114,8 @@
 - name: Template NGINX configuration
   template:
     src: nginx-site.conf.j2
-    dest: /etc/nginx/sites-available/cgit.conf
-    mode: "0644"
+    dest: "/etc/nginx/sites-available/{{ git_mirrors_nginx_config_name }}"
+    mode: "0444"
     owner: root
     group: root
   tags:
@@ -112,8 +125,8 @@
 
 - name: Enable the NGINX site
   file:
-    src: /etc/nginx/sites-available/cgit.conf
-    dest: /etc/nginx/sites-enabled/cgit.conf
+    src: "/etc/nginx/sites-available/{{ git_mirrors_nginx_config_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ git_mirrors_nginx_config_name }}"
     state: link
   tags:
     - role::git-mirrors
@@ -124,27 +137,27 @@
   template:
     src: update-mirrors.sh.j2
     dest: "{{ git_mirrors_base_dir }}/update-mirrors.sh"
-    mode: "0744"
+    mode: "0544"
     owner: "{{ git_mirrors_user }}"
     group: "{{ git_mirrors_user }}"
   tags:
     - role::git-mirrors
 
 - name: Add cronjob for mirror updating
   cron:
-    name: "git mirrors update"
+    name: "Update the git mirrors published by cgit (git-mirrors role)"
     # Every 5 minutes
     minute: "*/5"
     job: "chronic {{ git_mirrors_base_dir }}/update-mirrors.sh"
     user: git-mirrors
-    cron_file: ansible_git_mirrors_update
+    cron_file: "{{ git_mirrors_cron_file }}"
   tags:
     - role::git-mirrors
 
 - name: Set cronjob failure email
   community.general.cronvar:
     name: MAILTO
     value: "{{ git_mirrors_error_email }}"
-    cron_file: ansible_git_mirrors_update
+    cron_file: "{{ git_mirrors_cron_file }}"
   tags:
     - role::git-mirrors
diff --git a/ansible/roles/git-mirrors/templates/nginx-site.conf.j2 b/ansible/roles/git-mirrors/templates/nginx-site.conf.j2
@@ -1,5 +1,5 @@
 server {
-    server_name {{ git_mirrors_nginx_url }};
+    server_name {{ git_mirrors_nginx_domain }};
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2;

diff --git a/ansible/roles/git-mirrors/templates/update-mirrors.sh.j2 b/ansible/roles/git-mirrors/templates/update-mirrors.sh.j2
@@ -6,7 +6,7 @@ set -u
 MIRRORS_BASE_DIR="{{ git_mirrors_base_dir }}/mirrored"
 
 # Locate repositories knowing that there will be a HEAD file inside them
-FOUND_REPOS=$(find "$MIRRORS_BASE_DIR" -name "HEAD" | xargs dirname)
+FOUND_REPOS=$(find "$MIRRORS_BASE_DIR" -name "HEAD" -print0 | xargs -0 dirname)
 
 for repo in $FOUND_REPOS; do
     cd "$repo";
@@ -16,4 +16,6 @@ for repo in $FOUND_REPOS; do
         exit 1
     fi
     echo "Updated repository."
+
+    cd -
 done
diff --git a/ansible/roles/git-mirrors/vars/main.yml b/ansible/roles/git-mirrors/vars/main.yml
@@ -7,6 +7,8 @@ git_mirrors_cgit_logo: "https://raw.githubusercontent.com/python-discord/ops-sit
 git_mirrors_cgit_title: PyDis DevOps Git Server
 git_mirrors_cgit_description: Mirrored copies of Python Discord and related projects
 
+git_mirrors_cron_file: "ansible_git_mirrors_update"
+
 # Sources are assumed to be GitHub.com repositories
 git_mirrors_mirrored_repositories:
   # DevOps Repos
@@ -65,6 +67,7 @@ git_mirrors_mirrored_repositories:
     description: >-
       Owl Corp surveillance storage platform
 
-git_mirrors_nginx_url: "git.pydis.wtf"
+git_mirrors_nginx_domain: "git.pydis.wtf"
 git_mirrors_nginx_cert_file: "/etc/letsencrypt/live/pydis.wtf/fullchain.pem"
 git_mirrors_nginx_cert_key: "/etc/letsencrypt/live/pydis.wtf/privkey.pem"
+git_mirrors_nginx_config_name: "git.pydis.wtf.conf"