55 lines
1.1 KiB
YAML
55 lines
1.1 KiB
YAML
---
|
|
- name: Install needed packages
|
|
become: true
|
|
ansible.builtin.apt:
|
|
name:
|
|
- git
|
|
- unzip
|
|
- gpg # to verify binary
|
|
- acl # for become_user: git
|
|
state: present
|
|
|
|
- name: Create git group
|
|
become: true
|
|
ansible.builtin.group:
|
|
name: git
|
|
system: true
|
|
|
|
- name: Create git user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: git
|
|
group: git
|
|
append: true
|
|
groups:
|
|
- sudo
|
|
- mail
|
|
create_home: false
|
|
home: "{{ forgejo_run_dir }}"
|
|
shell: /bin/bash
|
|
system: true
|
|
|
|
- name: Create needed directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
owner: git
|
|
group: git
|
|
mode: 0750
|
|
with_items:
|
|
- "{{ forgejo_conf_dir }}"
|
|
- "{{ forgejo_run_dir }}"
|
|
- "{{ forgejo_custom_dir }}"
|
|
- "{{ forgejo_data_dir }}"
|
|
- "{{ forgejo_log_dir }}"
|
|
|
|
- name: Set sudoer permissions to git user
|
|
become: true
|
|
ansible.builtin.copy:
|
|
content: 'git ALL=(root) NOPASSWD:/usr/bin/systemctl'
|
|
dest: /etc/sudoers.d/git
|
|
owner: root
|
|
group: root
|
|
mode: 0440
|
|
validate: /usr/sbin/visudo -csf %s
|