---
- name: Install needed packages
  become: true
  ansible.builtin.apt:
    name:
      - git
      - unzip
      - gpg  # to verify binary
      - acl  # for become_user: git
    state: present

- name: Create git group
  become: true
  ansible.builtin.group:
    name: git
    system: true

- name: Create git user
  become: true
  ansible.builtin.user:
    name: git
    group: git
    append: true
    groups:
      - sudo
      - mail
    create_home: false
    home: /var/lib/gitea
    shell: /bin/bash
    system: true

- name: Create needed directories
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: git
    group: git
    mode: 0750
  with_items:
    - /etc/gitea
    - /var/lib/gitea
    - /var/lib/gitea/custom
    - /var/lib/gitea/data
    - /var/log/gitea

- name: Set sudoer permissions to git user
  become: true
  ansible.builtin.copy:
    content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl'
    dest: /etc/sudoers.d/git
    owner: root
    group: root
    mode: 0440
    validate: /usr/sbin/visudo -csf %s