Instead of janking read-only git bullshit, how about we actually generate some keys?

This commit is contained in:
Salt 2020-06-28 08:27:46 -05:00
parent e898ee97b4
commit 51869e069a

View File

@ -11,7 +11,27 @@
become: yes
- name: Bootstrap user
block:
- name: Configure SSH keys
- name: Generate keypair
openssh_keypair:
comment: "{{ user_username }}@{{ inventory_hostname }}"
path: $HOME/.ssh/id_rsa
mode: "0600"
register: keypair
- name: Register keypair with Gitea
uri:
url: "https://git.9iron.club/api/v1/user/keys"
method: POST
headers:
accept: "application/json"
Authorization: "token {{ gitea_api_token }}"
body_format: json
body:
key: "{{ keypair.public_key }}"
read_only: yes
title: "{{ inventory_hostname }}"
status_code: 201
when: keypair is changed
- name: Configure authorized hosts
authorized_key:
user: "{{ user_username }}"
manage_dir: yes
@ -30,16 +50,19 @@
name: url."https://github.com/".insteadOf
value: "git@github.com:"
scope: global
state: absent
- name: Configure git SSH substitute for GitLab
git_config:
name: url."https://gitlab.com/".insteadOf
value: "git@gitlab.com:"
scope: global
state: absent
- name: Configure git SSH substitute for 9iron
git_config:
name: url."https://git.9iron.club/".insteadOf
value: "git@git.9iron.club:"
scope: global
state: absent
- name: Clone bootstrap script
git:
accept_hostkey: yes