Implement ssh config of gitea role

roles/container/defaults/main.yml

@@ -2,3 +2,5 @@
 
 reverse_proxy_type: caddy
 docker_database: none
+docker_additional_env: {}
+docker_published_ports: []

roles/container/tasks/main.yml

@@ -36,9 +36,9 @@
     pull: true
     container_default_behavior: no_defaults
     volumes: "{{ docker_volumes | default(omit) }}"
-    published_ports: "{{ container_published_ports | default(omit) }}"
+    published_ports: "{{ container_published_ports + docker_published_ports | default(omit) }}"
     labels: "{{ traefik_labels | default(omit) }}"
-    env: "{{ docker_env }}"
+    env: "{{ docker_env | combine(docker_additional_env) }}"
     entrypoint: "{{ docker_entrypoint | default(omit) }}"
     restart_policy: always
     networks:

roles/gitea/meta/main.yml

@@ -8,7 +8,12 @@ dependencies:
     docker_database: postgres
     docker_volumes:
       - gitea_data:/data
+      - /var/lib/gitea/.ssh/:/data/git/.ssh
+    docker_published_ports:
+      - "127.0.0.1:{{ ports.gitea.ssh }}:22"
     docker_env:
+      USER_UID: '2132'
+      USER_GID: '2132'
       GITEA__database__DB_TYPE: postgres
       GITEA__database__USER: gitea
       GITEA__database__HOST: gitea_db:5432

roles/gitea/tasks/main.yml

@@ -0,0 +1,28 @@
+---
+
+- name: Create git group on host for gitea ssh
+  group:
+    name: git
+    gid: 2132
+    system: yes
+
+- name: Create git user on host for gitea ssh
+  user:
+    name: git
+    uid: 2132
+    group: git
+    system: yes
+    home: /var/lib/gitea
+    generate_ssh_key: yes
+  register: git_user
+
+- name: Add git user's own ssh key to its authorized keys
+  authorized_key:
+    user: git
+    key: "{{ git_user.ssh_public_key }}"
+
+- name: Put gitea ssh forwarder in place
+  template:
+    src: gitea_ssh_forward.j2
+    dest: /usr/local/bin/gitea
+    mode: '755'

roles/gitea/templates/gitea_ssh_forward.j2

@@ -0,0 +1,2 @@
+#!/bin/sh
+ssh -p {{ ports.gitea.ssh }} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"