Implement ssh config of gitea role

2022-03-10 09:05:33 +02:00
parent ef9e2cdee5
commit b63efbf66b
6 changed files with 40 additions and 2 deletions
--- a/docs/gitea.md
+++ b/docs/gitea.md
@@ -5,6 +5,7 @@ These variables are required. Example values included. Some general variables mi
 ports:
  gitea:
    http: 8080
+    ssh: 2222

 docker_vhost_domains: 
  gitea:
--- a/roles/container/defaults/main.yml
+++ b/roles/container/defaults/main.yml
@@ -2,3 +2,5 @@

 reverse_proxy_type: caddy
 docker_database: none
+docker_additional_env: {}
+docker_published_ports: []
--- a/roles/container/tasks/main.yml
+++ b/roles/container/tasks/main.yml
@@ -36,9 +36,9 @@
    pull: true
    container_default_behavior: no_defaults
    volumes: "{{ docker_volumes | default(omit) }}"
-    published_ports: "{{ container_published_ports | default(omit) }}"
+    published_ports: "{{ container_published_ports + docker_published_ports | default(omit) }}"
    labels: "{{ traefik_labels | default(omit) }}"
-    env: "{{ docker_env }}"
+    env: "{{ docker_env | combine(docker_additional_env) }}"
    entrypoint: "{{ docker_entrypoint | default(omit) }}"
    restart_policy: always
    networks:
--- a/roles/gitea/meta/main.yml
+++ b/roles/gitea/meta/main.yml
@@ -8,7 +8,12 @@ dependencies:
    docker_database: postgres
    docker_volumes:
      - gitea_data:/data
+      - /var/lib/gitea/.ssh/:/data/git/.ssh
+    docker_published_ports:
+      - "127.0.0.1:{{ ports.gitea.ssh }}:22"
    docker_env:
+      USER_UID: '2132'
+      USER_GID: '2132'
      GITEA__database__DB_TYPE: postgres
      GITEA__database__USER: gitea
      GITEA__database__HOST: gitea_db:5432
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+
+- name: Create git group on host for gitea ssh
+  group:
+    name: git
+    gid: 2132
+    system: yes
+
+- name: Create git user on host for gitea ssh
+  user:
+    name: git
+    uid: 2132
+    group: git
+    system: yes
+    home: /var/lib/gitea
+    generate_ssh_key: yes
+  register: git_user
+
+- name: Add git user's own ssh key to its authorized keys
+  authorized_key:
+    user: git
+    key: "{{ git_user.ssh_public_key }}"
+
+- name: Put gitea ssh forwarder in place
+  template:
+    src: gitea_ssh_forward.j2
+    dest: /usr/local/bin/gitea
+    mode: '755'
--- a/roles/gitea/templates/gitea_ssh_forward.j2
+++ b/roles/gitea/templates/gitea_ssh_forward.j2
@@ -0,0 +1,2 @@
+#!/bin/sh
+ssh -p {{ ports.gitea.ssh }} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"