--- - name: Remove automatically configured ports dokku_ports: app: gitea mappings: - "http:3000:3000" - "http:2222:2222" state: absent - name: Ensure system jq package is installed become: true apt: name: jq state: present - name: Retrieve application docker container IP address shell: "dokku ps:inspect {{ dokku.app }} | jq -r .[0].NetworkSettings.IPAddress" register: dokku_ps_inspect - name: Setup the SSH system -> container passthrough script become: true vars: ssh_listen_port: "{{ config.vars.ssh_listen_port }}" dokku_container_ip: "{{ dokku_ps_inspect.stdout }}" template: src: "{{ app_config_root }}/templates/gitea.j2" dest: /app/gitea/gitea owner: git group: git mode: "+x" force: true - name: Store the git user public key become: true shell: cat /home/git/.ssh/id_rsa.pub register: git_id_rsa_pub - name: Store the gitea authorized_keys file become: true shell: cat /var/lib/gitea/git/.ssh/authorized_keys register: git_auth_keys - name: Check if the public key is already in place become: true command: 'grep -Fxq "{{ git_id_rsa_pub.stdout}}" /var/lib/gitea/git/.ssh/authorized_keys' check_mode: false ignore_errors: true changed_when: false register: git_id_rsa_pub_check - name: Ensure git public key is in the gitea loaded authorized_keys become: true blockinfile: path: /var/lib/gitea/git/.ssh/authorized_keys block: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty {{ git_id_rsa_pub.stdout }}" state: present owner: git group: git create: true insertbefore: BOF backup: true marker: "# ansible inserted git <-> gitea public key" when: git_id_rsa_pub_check.rc == 0 - name: Symlink the gitea authorized keys configuration to the host git user become: true file: src: /var/lib/gitea/git/.ssh/authorized_keys dest: /home/git/.ssh/authorized_keys state: link force: true owner: git - name: Add git user to AllowUsers SSH configuration become: true replace: backup: true dest: /etc/ssh/sshd_config regexp: '^(AllowUsers(?!.*\bgit\b).*)$' replace: '\1 git'