From f26261fb997ac41224a1efb422cbbb4c272add9d Mon Sep 17 00:00:00 2001 From: tanshu Date: Tue, 24 Aug 2021 09:14:15 +0530 Subject: [PATCH] Updated the gitea playbook for ssh passthrough. Still not fully there though. --- gitea/files/gitea | 2 ++ gitea/playbook.yml | 75 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 76 insertions(+), 1 deletion(-) create mode 100644 gitea/files/gitea diff --git a/gitea/files/gitea b/gitea/files/gitea new file mode 100644 index 0000000..862a073 --- /dev/null +++ b/gitea/files/gitea @@ -0,0 +1,2 @@ +#!/bin/sh +ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@" diff --git a/gitea/playbook.yml b/gitea/playbook.yml index bfbb93c..38e09bc 100755 --- a/gitea/playbook.yml +++ b/gitea/playbook.yml @@ -8,12 +8,84 @@ - vars/default.yml tasks: - - name: Add the user 'git' with a specific uid and a primary group of 'admin' + - name: Add the user 'git' user: name: "{{ user }}" comment: Git user create_home: yes + - name: Ensure SSH Passthrough file Directory exists + file: + path: /app/gitea + state: directory + group: git + owner: git + mode: 0755 + + - name: Check if ssh passthrough file exists + stat: + path: /app/gitea/gitea + register: pass_status + + - name: No need to upload ssh passthrough file + when: pass_status.stat.exists == true + debug: + msg: No need to upload ssh passthrough file as it already exists. + + - name: Upload ssh passthrough file + when: pass_status.stat.exists == false + template: + src: "files/gitea" + dest: "/app/gitea/gitea" + owner: "{{ user }}" + group: "{{ user }}" + mode: 0755 + + - name: Ensure SSH Directory exists + file: + path: /home/git/.ssh + state: directory + group: git + owner: git + mode: 0700 + + - name: Check if rsa key exists + stat: + path: /home/git/.ssh/id_rsa + register: key_status + + - name: No need to generate new rsa key + when: key_status.stat.exists == true + debug: + msg: No need to generate new rsa key as it already exists. + + - name: Generate new rsa key + when: key_status.stat.exists == false + shell: ssh-keygen -t rsa -b 4096 -q -f /home/git/.ssh/id_rsa -C "Gitea Host Key" -N "" + + - name: Ensure rsa key permissions + file: + path: /home/git/.ssh/id_rsa + group: git + owner: git + mode: 0600 + + - name: Ensure rsa public key permissions + file: + path: /home/git/.ssh/id_rsa.pub + group: git + owner: git + mode: 0644 + + - name: Add key to authorized_files + when: key_status.stat.exists == false + copy: + src: /home/git/.ssh/id_rsa.pub + dest: /home/git/.ssh/authorized_keys + owner: git + group: git + mode: 0644 + - name: Pull Gitea image docker_image: name: "{{ container_image }}" @@ -42,6 +114,7 @@ - /var/lib/gitea:/data - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro + - "/home/{{ user }}/.ssh/:/data/git/.ssh" - name: Check if Nginx conf file exists stat: path="/etc/nginx/sites-available/{{ http_conf }}"