From 4a2a5b349ea1a17926497bd0d7cba84048a899af Mon Sep 17 00:00:00 2001
From: "flyingscorpio@clevo" <tfranken@protonmail.com>
Date: Wed, 18 Jan 2023 16:15:24 +0100
Subject: [PATCH] Add ssh tasks for forgejo

---
 roles/forgejo/tasks/main.yml |  3 +++
 roles/forgejo/tasks/ssh.yml  | 44 ++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 roles/forgejo/tasks/ssh.yml

diff --git a/roles/forgejo/tasks/main.yml b/roles/forgejo/tasks/main.yml
index 5dfacab..32b2885 100644
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@@ -29,3 +29,6 @@
 
 - name: Include repos tasks
   ansible.builtin.include_tasks: repos.yml
+
+- name: Include ssh tasks
+  ansible.builtin.include_tasks: ssh.yml
diff --git a/roles/forgejo/tasks/ssh.yml b/roles/forgejo/tasks/ssh.yml
new file mode 100644
index 0000000..fd72b2d
--- /dev/null
+++ b/roles/forgejo/tasks/ssh.yml
@@ -0,0 +1,44 @@
+---
+# TODO: Deploy existing key on the server, don't generate them here
+# The key is already in the database
+
+- name: Generate SSH keys for git
+  become: true
+  become_user: git
+  community.crypto.openssh_keypair:
+    path: ~/.ssh/id_rsa
+    type: rsa
+    comment: "git@{{ ansible_fqdn }}"
+  register: ssh_key
+
+- name: (TODO) fail because cert isn't generated
+  ansible.builtin.fail:
+    msg: (TODO) make letsencrypt work and make git.tunuifranken.info point to localhost
+
+- name: Get previously added SSH keys
+  ansible.builtin.uri:
+    url: https://git.tunuifranken.info/api/v1/user/keys
+    method: GET
+    user: "{{ forgejo_user }}"
+    password: "{{ forgejo_pass }}"
+    force_basic_auth: true
+  register: present_ssh_keys
+
+- name: List SSH fingerprints
+  ansible.builtin.set_fact:
+    present_ssh_fingerprints: "{{ present_ssh_keys.json | map(attribute='fingerprint') }}"
+
+- name: Add SSH key using Forgejo's API
+  ansible.builtin.uri:
+    url: https://git.tunuifranken.info/api/v1/user/keys
+    method: POST
+    user: "{{ forgejo_user }}"
+    password: "{{ forgejo_pass }}"
+    force_basic_auth: true
+    status_code: 201
+    body_format: json
+    body:
+      key: "{{ ssh_key.public_key | trim }}"
+      read_only: false
+      title: "{{ ssh_key.comment | trim }}"
+  when: ssh_key.fingerprint not in present_ssh_fingerprints