Felix Dörre [Tue, 28 Mar 2017 09:48:57 +0000 (11:48 +0200)]
add: systemd module for executing daemon-reload
This change adds a new resource type that manages a given
unit file and triggers a systemd daemon-reload when any of
the files have been managed (but before any of their
dependencies, i.e. services, are managed).
The git daemon doesn’t require any privileges (assuming the repositories
are world-readable), and the git user owns /gitweb-socket (and possibly
also the repositories). ReadOnlyDirectories=/ should prevent the git
daemon to make any modifications to those directories, but still,
there’s no harm done in locking it down even further.
This removes the need for running `git update-server-info` on the
repositories regularly (or on update), possibly speeds up clones (at
least, git clone can now show progress information), and almost
certainly improves reliability on a pull concurrent with a push to the
same repository (the git daemon can respect lock files, nginx can’t).
(We can also probably remove /srv/git from front-nginx, but I’ll do that
in a separate change.)
Serves all repositories in /data/git on the code. subdomain with gitweb,
and allows cloning them via https:// and git://.
NOTE: For clone over HTTP(S), git update-server-info needs to be run in
the repositories; this is expected to be done via a post-update hook in
the repositories, and not configured here.
Felix [Tue, 1 Nov 2016 11:10:57 +0000 (12:10 +0100)]
initial import
Current features include:
- setup of gigi, cassiopeia-client, quiz-system, minimalist exim, nginx
- setup of gigi-database from scratch (including validation of own domain and issuing own certificates
- optional cassiopeia-signer in own container with communication via tcpserial
- hop container for administrators connecting to the system