From b63efbf66b741fce2648cb60fc396d394a6dcae5 Mon Sep 17 00:00:00 2001 From: uumas Date: Thu, 10 Mar 2022 09:05:33 +0200 Subject: [PATCH] Implement ssh config of gitea role --- docs/gitea.md | 1 + roles/container/defaults/main.yml | 2 ++ roles/container/tasks/main.yml | 4 ++-- roles/gitea/meta/main.yml | 5 ++++ roles/gitea/tasks/main.yml | 28 ++++++++++++++++++++++ roles/gitea/templates/gitea_ssh_forward.j2 | 2 ++ 6 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 roles/gitea/tasks/main.yml create mode 100644 roles/gitea/templates/gitea_ssh_forward.j2 diff --git a/docs/gitea.md b/docs/gitea.md index 11790b3..7c3ee73 100644 --- a/docs/gitea.md +++ b/docs/gitea.md @@ -5,6 +5,7 @@ These variables are required. Example values included. Some general variables mi ports: gitea: http: 8080 + ssh: 2222 docker_vhost_domains: gitea: diff --git a/roles/container/defaults/main.yml b/roles/container/defaults/main.yml index 8029fba..d7e3dd2 100644 --- a/roles/container/defaults/main.yml +++ b/roles/container/defaults/main.yml @@ -2,3 +2,5 @@ reverse_proxy_type: caddy docker_database: none +docker_additional_env: {} +docker_published_ports: [] diff --git a/roles/container/tasks/main.yml b/roles/container/tasks/main.yml index 8bddf74..cb6ffaa 100644 --- a/roles/container/tasks/main.yml +++ b/roles/container/tasks/main.yml @@ -36,9 +36,9 @@ pull: true container_default_behavior: no_defaults volumes: "{{ docker_volumes | default(omit) }}" - published_ports: "{{ container_published_ports | default(omit) }}" + published_ports: "{{ container_published_ports + docker_published_ports | default(omit) }}" labels: "{{ traefik_labels | default(omit) }}" - env: "{{ docker_env }}" + env: "{{ docker_env | combine(docker_additional_env) }}" entrypoint: "{{ docker_entrypoint | default(omit) }}" restart_policy: always networks: diff --git a/roles/gitea/meta/main.yml b/roles/gitea/meta/main.yml index 8a00bda..67f428c 100644 --- a/roles/gitea/meta/main.yml +++ b/roles/gitea/meta/main.yml @@ -8,7 +8,12 @@ dependencies: docker_database: postgres docker_volumes: - gitea_data:/data + - /var/lib/gitea/.ssh/:/data/git/.ssh + docker_published_ports: + - "127.0.0.1:{{ ports.gitea.ssh }}:22" docker_env: + USER_UID: '2132' + USER_GID: '2132' GITEA__database__DB_TYPE: postgres GITEA__database__USER: gitea GITEA__database__HOST: gitea_db:5432 diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml new file mode 100644 index 0000000..1460b14 --- /dev/null +++ b/roles/gitea/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: Create git group on host for gitea ssh + group: + name: git + gid: 2132 + system: yes + +- name: Create git user on host for gitea ssh + user: + name: git + uid: 2132 + group: git + system: yes + home: /var/lib/gitea + generate_ssh_key: yes + register: git_user + +- name: Add git user's own ssh key to its authorized keys + authorized_key: + user: git + key: "{{ git_user.ssh_public_key }}" + +- name: Put gitea ssh forwarder in place + template: + src: gitea_ssh_forward.j2 + dest: /usr/local/bin/gitea + mode: '755' diff --git a/roles/gitea/templates/gitea_ssh_forward.j2 b/roles/gitea/templates/gitea_ssh_forward.j2 new file mode 100644 index 0000000..46881fc --- /dev/null +++ b/roles/gitea/templates/gitea_ssh_forward.j2 @@ -0,0 +1,2 @@ +#!/bin/sh +ssh -p {{ ports.gitea.ssh }} -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"