diff --git a/roles/gitea/defaults/main.yml b/roles/gitea/defaults/main.yml index 865f2d9..c3dba03 100644 --- a/roles/gitea/defaults/main.yml +++ b/roles/gitea/defaults/main.yml @@ -1,7 +1,9 @@ # container settings gitea_name: gitea -gitea_sshport: "127.0.0.1:222" -gitea_webport: "127.0.0.1:3000" +gitea_sshport: "222" +gitea_webport: "3000" +gitea_ssh: "127.0.0.1:{{ gitea_sshport }}" +gitea_web: "127.0.0.1:{{ gitea_webport }}" gitea_volume: "{{ gitea_name }}" gitea_rooturl: "http://{{ gitea_domain }}" gitea_signup: true diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index da7b267..d498dea 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -17,6 +17,52 @@ become: true become_user: postgres +- name: Create git user + user: + name: git + state: present + +- name: Git user uid + getent: + database: passwd + key: git + +- name: Git user gid + getent: + database: group + key: git + +- name: Create git's .ssh directory + file: + path: /home/git/.ssh + state: directory + +- name: Generate git's SSH keys + openssh_keypair: + path: /home/git/.ssh/id_rsa + +- name: Find git's public SSH key + slurp: + src: /home/git/.ssh/id_rsa.pub + register: git_rsapub + +- name: Create git's authorized_keys file + file: + path: /home/git/.ssh/authorized_keys + state: touch + +- name: Add git's public SSH key to authorized_keys + lineinfile: + path: /home/git/.ssh/authorized_keys + line: "{{ git_rsapub['content'] | b64decode }}" + insertbefore: BOF + +- name: Create Gitea host script for SSH + template: + src: gitea.sh.j2 + dest: /usr/local/bin/gitea + mode: 0755 + - name: Install Gitea's docker-compose file template: src: docker-compose.yml.j2 diff --git a/roles/gitea/templates/compose-env.j2 b/roles/gitea/templates/compose-env.j2 index bfa1ca5..b88eb24 100644 --- a/roles/gitea/templates/compose-env.j2 +++ b/roles/gitea/templates/compose-env.j2 @@ -3,8 +3,8 @@ gitea_version={{ gitea_version }} gitea_name={{ gitea_name }} gitea_domain={{ gitea_domain }} gitea_rooturl={{ gitea_rooturl }} -gitea_webport={{ gitea_webport }} -gitea_sshport={{ gitea_sshport }} +gitea_web={{ gitea_web }} +gitea_ssh={{ gitea_ssh }} gitea_dbtype={{ gitea_dbtype }} gitea_dbhost={{ gitea_dbhost }} gitea_dbname={{ gitea_dbname }} diff --git a/roles/gitea/templates/docker-compose.yml.j2 b/roles/gitea/templates/docker-compose.yml.j2 index 742d9bd..a87022f 100644 --- a/roles/gitea/templates/docker-compose.yml.j2 +++ b/roles/gitea/templates/docker-compose.yml.j2 @@ -5,13 +5,13 @@ services: image: "gitea/gitea:${gitea_version}" container_name: "${gitea_name}" ports: - - "${gitea_sshport}:22" - - "${gitea_webport}:3000" + - "${gitea_ssh}:22" + - "${gitea_web}:3000" extra_hosts: - "host.docker.internal:host-gateway" environment: - - USER_UID=1000 - - USER_GID=1000 + - USER_UID={{ getent_passwd.git[1] }} + - USER_GID={{ getent_group.git[1] }} - GITEA__server__ROOT_URL=${gitea_rooturl} - GITEA__server__DOMAIN=${gitea_domain} - GITEA__server__SSH_DOMAIN=${gitea_domain} @@ -23,6 +23,7 @@ services: - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration} volumes: - {{ gitea_volume }}:/data + - /home/git/.ssh/:/data/git/.ssh - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro diff --git a/roles/gitea/templates/gitea.sh.j2 b/roles/gitea/templates/gitea.sh.j2 new file mode 100644 index 0000000..7b2a2b9 --- /dev/null +++ b/roles/gitea/templates/gitea.sh.j2 @@ -0,0 +1,2 @@ +#!/bin/sh +ssh -p {{ gitea_sshport }} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"