Instead of janking read-only git bullshit, how about we actually generate some keys?

roles/user/tasks/main.yml

@@ -11,7 +11,27 @@
   become: yes
 - name: Bootstrap user
   block:
-  - name: Configure SSH keys
+  - name: Generate keypair
+    openssh_keypair:
+      comment: "{{ user_username }}@{{ inventory_hostname }}"
+      path: $HOME/.ssh/id_rsa
+      mode: "0600"
+    register: keypair
+  - name: Register keypair with Gitea
+    uri:
+      url: "https://git.9iron.club/api/v1/user/keys"
+      method: POST
+      headers:
+        accept: "application/json"
+        Authorization: "token {{ gitea_api_token }}"
+      body_format: json
+      body:
+        key: "{{ keypair.public_key }}"
+        read_only: yes
+        title: "{{ inventory_hostname }}"
+      status_code: 201
+    when: keypair is changed
+  - name: Configure authorized hosts
     authorized_key:
       user: "{{ user_username }}"
       manage_dir: yes
@@ -30,16 +50,19 @@
         name: url."https://github.com/".insteadOf
         value: "git@github.com:"
         scope: global
+        state: absent
     - name: Configure git SSH substitute for GitLab
       git_config:
         name: url."https://gitlab.com/".insteadOf
         value: "git@gitlab.com:"
         scope: global
+        state: absent
     - name: Configure git SSH substitute for 9iron
       git_config:
         name: url."https://git.9iron.club/".insteadOf
         value: "git@git.9iron.club:"
         scope: global
+        state: absent
     - name: Clone bootstrap script
       git:
         accept_hostkey: yes