self-hosting/roles/forgejo/tasks/ssh.yml

---

- name: Create .ssh dir
  become: true
  become_user: git
  ansible.builtin.file:
    path: ~/.ssh
    state: directory
    owner: git
    group: git
    mode: 0700

- name: Add SSH public key
  become: true
  become_user: git
  ansible.builtin.copy:
    content: "{{ forgejo_git_ssh_keys.pub }}"
    dest: ~/.ssh/id_rsa.pub
    owner: git
    group: git
    mode: 0644

- name: Add SSH private key
  become: true
  become_user: git
  ansible.builtin.copy:
    content: "{{ forgejo_git_ssh_keys.priv }}"
    dest: ~/.ssh/id_rsa
    owner: git
    group: git
    mode: 0600

- name: Copy sshd_config
  become: true
  ansible.builtin.template:
    src: sshd_config.j2
    dest: /etc/ssh/sshd_config.d/01-forgejo.conf
    mode: "644"
    owner: root
    group: root
  notify: Restart sshd service

# The keys for the authorized_keys come from the imported backup
- name: Regenerate authorized_keys file
  become: true
  become_user: git
  ansible.builtin.command:
    cmd: forgejo admin regenerate keys --config /etc/forgejo/app.ini
  changed_when: true