#
include_recipe "networking"
+include_recipe "xinetd"
git_directory = node[:git][:directory]
directory git_directory do
- owner "git"
- group "git"
+ owner node[:git][:user]
+ group node[:git][:group]
mode 02775
end
-firewall_rule "accept-git" do
- action :accept
- source "net"
- dest "fw"
- proto "tcp:syn"
- dest_ports "git"
- source_ports "1024:"
+if node[:git][:allowed_nodes]
+ search(:node, node[:git][:allowed_nodes]).each do |n|
+ n.interfaces(:role => :external).each do |interface|
+ firewall_rule "accept-git" do
+ action :accept
+ family interface[:family]
+ source "#{interface[:zone]}:#{interface[:address]}"
+ dest "fw"
+ proto "tcp:syn"
+ dest_ports "git"
+ source_ports "1024:"
+ end
+ end
+ end
+else
+ firewall_rule "accept-git" do
+ action :accept
+ source "net"
+ dest "fw"
+ proto "tcp:syn"
+ dest_ports "git"
+ source_ports "1024:"
+ end
end
Dir.new(git_directory).select { |name| name =~ /\.git$/ }.each do |repository|
template "#{git_directory}/#{repository}/hooks/post-update" do
source "post-update.erb"
owner "root"
- group "git"
+ group node[:git][:group]
mode 0755
end
- if repository != "dns.git"
- template "#{git_directory}/#{repository}/hooks/post-receive" do
- source "post-receive.erb"
- owner "root"
- group "git"
- mode 0755
- variables :repository => "#{git_directory}/#{repository}"
- end
+ next unless node[:recipes].include?("trac") && repository != "dns.git"
+
+ template "#{git_directory}/#{repository}/hooks/post-receive" do
+ source "post-receive.erb"
+ owner "root"
+ group node[:git][:group]
+ mode 0755
+ variables :repository => "#{git_directory}/#{repository}"
end
end
group "root"
mode 0755
end
+
+template "/etc/xinetd.d/git" do
+ source "xinetd.erb"
+ owner "root"
+ group "root"
+ mode 0644
+ notifies :reload, "service[xinetd]"
+end