Gitea SSH container passthrough

roles/gitea/defaults/main.yml

@@ -1,7 +1,9 @@
 # container settings
 gitea_name: gitea
-gitea_sshport: "127.0.0.1:222"
-gitea_webport: "127.0.0.1:3000"
+gitea_sshport: "222"
+gitea_webport: "3000"
+gitea_ssh: "127.0.0.1:{{ gitea_sshport }}"
+gitea_web: "127.0.0.1:{{ gitea_webport }}"
 gitea_volume: "{{ gitea_name }}"
 gitea_rooturl: "http://{{ gitea_domain }}"
 gitea_signup: true

roles/gitea/tasks/main.yml

@@ -17,6 +17,52 @@
   become: true
   become_user: postgres
 
+- name: Create git user
+  user:
+    name: git
+    state: present
+
+- name: Git user uid
+  getent:
+    database: passwd
+    key: git
+
+- name: Git user gid
+  getent:
+    database: group
+    key: git
+
+- name: Create git's .ssh directory
+  file:
+    path: /home/git/.ssh
+    state: directory
+
+- name: Generate git's SSH keys
+  openssh_keypair:
+    path: /home/git/.ssh/id_rsa
+
+- name: Find git's public SSH key
+  slurp:
+    src: /home/git/.ssh/id_rsa.pub
+  register: git_rsapub
+
+- name: Create git's authorized_keys file
+  file:
+    path: /home/git/.ssh/authorized_keys
+    state: touch
+
+- name: Add git's public SSH key to authorized_keys
+  lineinfile:
+    path: /home/git/.ssh/authorized_keys
+    line: "{{ git_rsapub['content'] | b64decode }}"
+    insertbefore: BOF
+
+- name: Create Gitea host script for SSH
+  template:
+    src: gitea.sh.j2
+    dest: /usr/local/bin/gitea
+    mode: 0755
+
 - name: Install Gitea's docker-compose file
   template:
     src: docker-compose.yml.j2

roles/gitea/templates/compose-env.j2

@@ -3,8 +3,8 @@ gitea_version={{ gitea_version }}
 gitea_name={{ gitea_name }}
 gitea_domain={{ gitea_domain }}
 gitea_rooturl={{ gitea_rooturl }}
-gitea_webport={{ gitea_webport }}
-gitea_sshport={{ gitea_sshport }}
+gitea_web={{ gitea_web }}
+gitea_ssh={{ gitea_ssh }}
 gitea_dbtype={{ gitea_dbtype }}
 gitea_dbhost={{ gitea_dbhost }}
 gitea_dbname={{ gitea_dbname }}

roles/gitea/templates/docker-compose.yml.j2

@@ -5,13 +5,13 @@ services:
     image: "gitea/gitea:${gitea_version}"
     container_name: "${gitea_name}"
     ports:
-      - "${gitea_sshport}:22"
-      - "${gitea_webport}:3000"
+      - "${gitea_ssh}:22"
+      - "${gitea_web}:3000"
     extra_hosts:
       - "host.docker.internal:host-gateway"
     environment:
-      - USER_UID=1000
-      - USER_GID=1000
+      - USER_UID={{ getent_passwd.git[1] }}
+      - USER_GID={{ getent_group.git[1] }}
       - GITEA__server__ROOT_URL=${gitea_rooturl}
       - GITEA__server__DOMAIN=${gitea_domain}
       - GITEA__server__SSH_DOMAIN=${gitea_domain}
@@ -23,6 +23,7 @@ services:
       - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}
     volumes:
       - {{ gitea_volume }}:/data
+      - /home/git/.ssh/:/data/git/.ssh
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
 

roles/gitea/templates/gitea.sh.j2

@@ -0,0 +1,2 @@
+#!/bin/sh
+ssh -p {{ gitea_sshport }} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"