---

- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - git
      - unzip
      - gpg  # to verify binary
      - acl  # for become_user: git
    state: present

- name: Create git group
  become: true
  ansible.builtin.group:
    name: git
    system: true

- name: Create git user
  become: true
  ansible.builtin.user:
    name: git
    group: git
    append: true
    groups:
      - sudo
      - mail
    create_home: false
    home: "{{ forgejo_run_dir }}"
    shell: /bin/bash
    system: true

- name: Create needed directories
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: git
    group: git
    mode: 0750
  with_items:
    - "{{ forgejo_conf_dir }}"
    - "{{ forgejo_run_dir }}"
    - "{{ forgejo_custom_dir }}"
    - "{{ forgejo_data_dir }}"
    - "{{ forgejo_log_dir }}"

- name: Set sudoer permissions to git user
  become: true
  ansible.builtin.template:
    src: sudoers.d/git.j2
    dest: /etc/sudoers.d/git
    owner: root
    group: root
    mode: 0440
    validate: /usr/sbin/visudo -csf %s