Migrate to v2 config format

deploy.d/plays/postdeploy.yml

@@ -0,0 +1,80 @@
+---
+- name: Remove automatically configured ports
+  dokku_ports:
+    app: gitea
+    mappings:
+      - "http:3000:3000"
+      - "http:2222:2222"
+    state: absent
+
+- name: Ensure system jq package is installed
+  become: true
+  apt:
+    name: jq
+    state: present
+
+- name: Retrieve application docker container IP address
+  shell: "dokku ps:inspect {{ dokku.app }} | jq -r .[0].NetworkSettings.IPAddress"
+  register: dokku_ps_inspect
+
+- name: Setup the SSH system -> container passthrough script
+  become: true
+  vars:
+    ssh_listen_port: "{{ config.vars.ssh_listen_port }}"
+    dokku_container_ip: "{{ dokku_ps_inspect.stdout }}"
+  template:
+    src: "{{ app_config_root }}/templates/gitea.j2"
+    dest: /app/gitea/gitea
+    owner: git
+    group: git
+    mode: "+x"
+    force: true
+
+- name: Store the git user public key
+  become: true
+  shell: cat /home/git/.ssh/id_rsa.pub
+  register: git_id_rsa_pub
+
+- name: Store the gitea authorized_keys file
+  become: true
+  shell: cat /var/lib/gitea/git/.ssh/authorized_keys
+  register: git_auth_keys
+
+- name: Check if the public key is already in place
+  become: true
+  command: 'grep -Fxq "{{ git_id_rsa_pub.stdout}}" /var/lib/gitea/git/.ssh/authorized_keys'
+  check_mode: false
+  ignore_errors: true
+  changed_when: false
+  register: git_id_rsa_pub_check
+
+- name: Ensure git public key is in the gitea loaded authorized_keys
+  become: true
+  blockinfile:
+    path: /var/lib/gitea/git/.ssh/authorized_keys
+    block: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {{ git_id_rsa_pub.stdout }}"
+    state: present
+    owner: git
+    group: git
+    create: true
+    insertbefore: BOF
+    backup: true
+    marker: "# ansible inserted git <-> gitea public key"
+  when: git_id_rsa_pub_check.rc == 0
+
+- name: Symlink the gitea authorized keys configuration to the host git user
+  become: true
+  file:
+    src: /var/lib/gitea/git/.ssh/authorized_keys
+    dest: /home/git/.ssh/authorized_keys
+    state: link
+    force: true
+    owner: git
+
+- name: Add git user to AllowUsers SSH configuration
+  become: true
+  replace:
+    backup: true
+    dest: /etc/ssh/sshd_config
+    regexp: '^(AllowUsers(?!.*\bgit\b).*)$'
+    replace: '\1 git'

deploy.d/plays/predeploy.yml

@@ -0,0 +1,43 @@
+---
+- name: Setup system level git user
+  become: true
+  user:
+    name: git
+    comment: gitea user
+    create_home: true
+    home: /home/git
+    group: git
+    system: true
+    generate_ssh_key: true
+    ssh_key_bits: 2048
+    ssh_key_file: .ssh/id_rsa
+    state: present
+
+- name: Get uid/guid of the git user
+  become: true
+  getent:
+    database: passwd
+    key: git
+    split: ":"
+
+- name: Store gitea git user uid/guid in config.vars
+  set_fact:
+    config: "{{
+      config.vars |
+      default({}) |
+      combine({
+        'git_user_uid': getent_passwd['git'][1],
+        'git_user_guid': getent_passwd['git'][2],
+      })
+    }}"
+
+- name: Create extra application directories
+  become: true
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: git
+    group: git
+  with_items:
+    - /app
+    - /app/gitea