Updated the gitea playbook for ssh passthrough. Still not fully there though.
This commit is contained in:
parent
1189c478d6
commit
f26261fb99
2
gitea/files/gitea
Normal file
2
gitea/files/gitea
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
|
||||||
@ -8,12 +8,84 @@
|
|||||||
- vars/default.yml
|
- vars/default.yml
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Add the user 'git' with a specific uid and a primary group of 'admin'
|
- name: Add the user 'git'
|
||||||
user:
|
user:
|
||||||
name: "{{ user }}"
|
name: "{{ user }}"
|
||||||
comment: Git user
|
comment: Git user
|
||||||
create_home: yes
|
create_home: yes
|
||||||
|
|
||||||
|
- name: Ensure SSH Passthrough file Directory exists
|
||||||
|
file:
|
||||||
|
path: /app/gitea
|
||||||
|
state: directory
|
||||||
|
group: git
|
||||||
|
owner: git
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Check if ssh passthrough file exists
|
||||||
|
stat:
|
||||||
|
path: /app/gitea/gitea
|
||||||
|
register: pass_status
|
||||||
|
|
||||||
|
- name: No need to upload ssh passthrough file
|
||||||
|
when: pass_status.stat.exists == true
|
||||||
|
debug:
|
||||||
|
msg: No need to upload ssh passthrough file as it already exists.
|
||||||
|
|
||||||
|
- name: Upload ssh passthrough file
|
||||||
|
when: pass_status.stat.exists == false
|
||||||
|
template:
|
||||||
|
src: "files/gitea"
|
||||||
|
dest: "/app/gitea/gitea"
|
||||||
|
owner: "{{ user }}"
|
||||||
|
group: "{{ user }}"
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Ensure SSH Directory exists
|
||||||
|
file:
|
||||||
|
path: /home/git/.ssh
|
||||||
|
state: directory
|
||||||
|
group: git
|
||||||
|
owner: git
|
||||||
|
mode: 0700
|
||||||
|
|
||||||
|
- name: Check if rsa key exists
|
||||||
|
stat:
|
||||||
|
path: /home/git/.ssh/id_rsa
|
||||||
|
register: key_status
|
||||||
|
|
||||||
|
- name: No need to generate new rsa key
|
||||||
|
when: key_status.stat.exists == true
|
||||||
|
debug:
|
||||||
|
msg: No need to generate new rsa key as it already exists.
|
||||||
|
|
||||||
|
- name: Generate new rsa key
|
||||||
|
when: key_status.stat.exists == false
|
||||||
|
shell: ssh-keygen -t rsa -b 4096 -q -f /home/git/.ssh/id_rsa -C "Gitea Host Key" -N ""
|
||||||
|
|
||||||
|
- name: Ensure rsa key permissions
|
||||||
|
file:
|
||||||
|
path: /home/git/.ssh/id_rsa
|
||||||
|
group: git
|
||||||
|
owner: git
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Ensure rsa public key permissions
|
||||||
|
file:
|
||||||
|
path: /home/git/.ssh/id_rsa.pub
|
||||||
|
group: git
|
||||||
|
owner: git
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Add key to authorized_files
|
||||||
|
when: key_status.stat.exists == false
|
||||||
|
copy:
|
||||||
|
src: /home/git/.ssh/id_rsa.pub
|
||||||
|
dest: /home/git/.ssh/authorized_keys
|
||||||
|
owner: git
|
||||||
|
group: git
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Pull Gitea image
|
- name: Pull Gitea image
|
||||||
docker_image:
|
docker_image:
|
||||||
name: "{{ container_image }}"
|
name: "{{ container_image }}"
|
||||||
@ -42,6 +114,7 @@
|
|||||||
- /var/lib/gitea:/data
|
- /var/lib/gitea:/data
|
||||||
- /etc/timezone:/etc/timezone:ro
|
- /etc/timezone:/etc/timezone:ro
|
||||||
- /etc/localtime:/etc/localtime:ro
|
- /etc/localtime:/etc/localtime:ro
|
||||||
|
- "/home/{{ user }}/.ssh/:/data/git/.ssh"
|
||||||
|
|
||||||
- name: Check if Nginx conf file exists
|
- name: Check if Nginx conf file exists
|
||||||
stat: path="/etc/nginx/sites-available/{{ http_conf }}"
|
stat: path="/etc/nginx/sites-available/{{ http_conf }}"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user