diff --git a/ec2.yml b/ec2.yml
index bb5da2c..bb54376 100755
--- a/ec2.yml
+++ b/ec2.yml
@@ -33,3 +33,8 @@
nextcloud_tarbz2: "https://download.nextcloud.com/server/releases/nextcloud-18.0.0.tar.bz2"
nextcloud_url: "nc.assburgers.club"
nextcloud_webroot: "/var/www/nextcloud"
+ - role: gitweb
+ vars:
+ gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers"
+ gitweb_url: "www.assburgers.club"
+ gitweb_webroot: "/var/www/assburgers"
diff --git a/roles/gitweb/meta/main.yml b/roles/gitweb/meta/main.yml
new file mode 100644
index 0000000..7e415bc
--- /dev/null
+++ b/roles/gitweb/meta/main.yml
@@ -0,0 +1,4 @@
+---
+allow_duplicates: no
+dependencies:
+ - role: apache-php
diff --git a/roles/gitweb/tasks/main.yml b/roles/gitweb/tasks/main.yml
new file mode 100644
index 0000000..f8b29e7
--- /dev/null
+++ b/roles/gitweb/tasks/main.yml
@@ -0,0 +1,43 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Set up webroot for {{ gitweb_repo }}
+ block:
+ - name: Set up Apache
+ block:
+ - name: Create webroot
+ file:
+ path: "{{ gitweb_webroot }}"
+ mode: "0755"
+ recurse: yes
+ state: directory
+ - name: Clone repo
+ git:
+ repo: "{{ gitweb_repo }}"
+ dest: "{{ gitweb_webroot }}"
+ force: yes
+ - name: Register certificates
+ block:
+ - name: Configure insecure virtual host configs
+ template:
+ src: apache2-vhost.conf
+ dest: "/etc/apache2/sites-enabled/{{ gitweb_url }}.conf"
+ - name: Generate certificate
+ include_role:
+ name: https
+ vars:
+ website_url: "{{ gitweb_url }}"
+ website_webroot: "{{ gitweb_webroot }}"
+ - name: Secure Apache
+ block:
+ # If we copied over http-only configs before, they get oblooterated now
+ - name: Copy over virtual host configs
+ template:
+ src: apache2-vhost-ssl.conf
+ dest: "/etc/apache2/sites-enabled/{{ gitweb_url }}.conf"
+ - name: Reload Apache
+ service:
+ name: apache2
+ state: reloaded
+ enabled: true
+ become: yes
diff --git a/roles/gitweb/templates/apache2-vhost-ssl.conf b/roles/gitweb/templates/apache2-vhost-ssl.conf
new file mode 100644
index 0000000..c3e444b
--- /dev/null
+++ b/roles/gitweb/templates/apache2-vhost-ssl.conf
@@ -0,0 +1,30 @@
+# Configuration for {{ gitweb_url }}
+# vim:ft=apache:
+
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+
+ ServerName {{ gitweb_url }}
+ Redirect permanent / https://{{ gitweb_url }}
+
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/cert/crt/{{ gitweb_url }}.crt
+ SSLCertificateKeyFile /etc/pki/cert/private/{{ gitweb_url }}.key
+ SSLCertificateChainFile /etc/pki/cert/crt/{{ gitweb_url}}-fullchain.crt
+ \
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+ ServerName {{ gitweb_url }}
+ DocumentRoot {{ gitweb_webroot }}
+
+ Require all granted
+ AllowOverride All
+ Options MultiViews FollowSymlinks
+
+
diff --git a/roles/gitweb/templates/apache2-vhost.conf b/roles/gitweb/templates/apache2-vhost.conf
new file mode 100644
index 0000000..65255a3
--- /dev/null
+++ b/roles/gitweb/templates/apache2-vhost.conf
@@ -0,0 +1,13 @@
+# Configuration for {{ gitweb_url }}
+# vim:ft=apache:
+
+# Website configuration
+
+ ServerName {{ gitweb_url }}
+ DocumentRoot {{ gitweb_webroot }}
+
+ Require all granted
+ AllowOverride All
+ Options MultiViews FollowSymlinks
+
+