Add simple git web deploy role

And, of course, furnish it

ec2.yml

@@ -33,3 +33,8 @@
         nextcloud_tarbz2: "https://download.nextcloud.com/server/releases/nextcloud-18.0.0.tar.bz2"
         nextcloud_url: "nc.assburgers.club"
         nextcloud_webroot: "/var/www/nextcloud"
+    - role: gitweb
+      vars:
+        gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers"
+        gitweb_url: "www.assburgers.club"
+        gitweb_webroot: "/var/www/assburgers"

roles/gitweb/meta/main.yml

@@ -0,0 +1,4 @@
+---
+allow_duplicates: no
+dependencies:
+  - role: apache-php

roles/gitweb/tasks/main.yml

@@ -0,0 +1,43 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Set up webroot for {{ gitweb_repo }}
+  block:
+    - name: Set up Apache
+      block:
+        - name: Create webroot
+          file:
+            path: "{{ gitweb_webroot }}"
+            mode: "0755"
+            recurse: yes
+            state: directory
+        - name: Clone repo
+          git:
+            repo: "{{ gitweb_repo }}"
+            dest: "{{ gitweb_webroot }}"
+            force: yes
+    - name: Register certificates
+      block:
+        - name: Configure insecure virtual host configs
+          template:
+            src: apache2-vhost.conf
+            dest: "/etc/apache2/sites-enabled/{{ gitweb_url }}.conf"
+        - name: Generate certificate
+          include_role:
+            name: https
+          vars:
+            website_url: "{{ gitweb_url }}"
+            website_webroot: "{{ gitweb_webroot }}"
+    - name: Secure Apache
+      block:
+        # If we copied over http-only configs before, they get oblooterated now
+        - name: Copy over virtual host configs
+          template:
+            src: apache2-vhost-ssl.conf
+            dest: "/etc/apache2/sites-enabled/{{ gitweb_url }}.conf"
+        - name: Reload Apache
+          service:
+            name: apache2
+            state: reloaded
+            enabled: true
+  become: yes

roles/gitweb/templates/apache2-vhost-ssl.conf

@@ -0,0 +1,30 @@
+# Configuration for {{ gitweb_url }}
+# vim:ft=apache:
+
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ gitweb_url }}
+	Redirect permanent / https://{{ gitweb_url }}
+</VirtualHost>
+<VirtualHost *:443>
+	SSLEngine on
+	SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
+	SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
+	SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
+	<FilesMatch "\.(cgi|shtml|phtml|php)$">\
+		SSLOptions +StdEnvVars
+	</FilesMatch>
+	<Directory /usr/lib/cgi-bin>
+		SSLOptions +StdEnvVars
+	</Directory>
+	ServerName {{ gitweb_url }}
+	DocumentRoot {{ gitweb_webroot }}
+	<Directory "{{ gitweb_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+</VirtualHost>

roles/gitweb/templates/apache2-vhost.conf

@@ -0,0 +1,13 @@
+# Configuration for {{ gitweb_url }}
+# vim:ft=apache:
+
+# Website configuration
+<VirtualHost *:80>
+	ServerName {{ gitweb_url }}
+	DocumentRoot {{ gitweb_webroot }}
+	<Directory "{{ gitweb_webroot }}">
+		Require all granted
+		AllowOverride All
+		Options MultiViews FollowSymlinks
+	</Directory>
+</VirtualHost>