Set more specific sudoers permissions for git user

roles/forgejo/tasks/unix.yml

@@ -46,8 +46,8 @@
 
 - name: Set sudoer permissions to git user
   become: true
-  ansible.builtin.copy:
-    content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl'
+  ansible.builtin.template:
+    src: sudoers.d/git.j2
     dest: /etc/sudoers.d/git
     owner: root
     group: root

roles/forgejo/templates/sudoers.d/git.j2

@@ -0,0 +1,2 @@
+git ALL=(root) NOPASSWD:/usr/bin/systemctl stop forgejo.service
+git ALL=(root) NOPASSWD:/usr/bin/systemctl restart forgejo.service