Add ssh tasks for forgejo

2023-01-18 16:15:24 +01:00 · 2023-01-18 16:15:24 +01:00 · 4a2a5b349e
commit 4a2a5b349e
parent 5ead3d5701
2 changed files with 47 additions and 0 deletions
--- a/roles/forgejo/tasks/main.yml
+++ b/roles/forgejo/tasks/main.yml
@ -29,3 +29,6 @@
 - name: Include repos tasks
  ansible.builtin.include_tasks: repos.yml
 - name: Include ssh tasks
  ansible.builtin.include_tasks: ssh.yml
--- a/roles/forgejo/tasks/ssh.yml
+++ b/roles/forgejo/tasks/ssh.yml
@ -0,0 +1,44 @@
 ---
 # TODO: Deploy existing key on the server, don't generate them here
 # The key is already in the database
 - name: Generate SSH keys for git
  become: true
  become_user: git
  community.crypto.openssh_keypair:
    path: ~/.ssh/id_rsa
    type: rsa
    comment: "git@{{ ansible_fqdn }}"
  register: ssh_key
 - name: (TODO) fail because cert isn't generated
  ansible.builtin.fail:
    msg: (TODO) make letsencrypt work and make git.tunuifranken.info point to localhost
 - name: Get previously added SSH keys
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: GET
    user: "{{ forgejo_user }}"
    password: "{{ forgejo_pass }}"
    force_basic_auth: true
  register: present_ssh_keys
 - name: List SSH fingerprints
  ansible.builtin.set_fact:
    present_ssh_fingerprints: "{{ present_ssh_keys.json | map(attribute='fingerprint') }}"
 - name: Add SSH key using Forgejo's API
  ansible.builtin.uri:
    url: https://git.tunuifranken.info/api/v1/user/keys
    method: POST
    user: "{{ forgejo_user }}"
    password: "{{ forgejo_pass }}"
    force_basic_auth: true
    status_code: 201
    body_format: json
    body:
      key: "{{ ssh_key.public_key | trim }}"
      read_only: false
      title: "{{ ssh_key.comment | trim }}"
  when: ssh_key.fingerprint not in present_ssh_fingerprints