From 51869e069aca034fecb3416f22c45067a04afbb0 Mon Sep 17 00:00:00 2001 From: Salt Date: Sun, 28 Jun 2020 08:27:46 -0500 Subject: [PATCH] Instead of janking read-only git bullshit, how about we actually generate some keys? --- roles/user/tasks/main.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 57cc866..391fbdf 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -11,7 +11,27 @@ become: yes - name: Bootstrap user block: - - name: Configure SSH keys + - name: Generate keypair + openssh_keypair: + comment: "{{ user_username }}@{{ inventory_hostname }}" + path: $HOME/.ssh/id_rsa + mode: "0600" + register: keypair + - name: Register keypair with Gitea + uri: + url: "https://git.9iron.club/api/v1/user/keys" + method: POST + headers: + accept: "application/json" + Authorization: "token {{ gitea_api_token }}" + body_format: json + body: + key: "{{ keypair.public_key }}" + read_only: yes + title: "{{ inventory_hostname }}" + status_code: 201 + when: keypair is changed + - name: Configure authorized hosts authorized_key: user: "{{ user_username }}" manage_dir: yes @@ -30,16 +50,19 @@ name: url."https://github.com/".insteadOf value: "git@github.com:" scope: global + state: absent - name: Configure git SSH substitute for GitLab git_config: name: url."https://gitlab.com/".insteadOf value: "git@gitlab.com:" scope: global + state: absent - name: Configure git SSH substitute for 9iron git_config: name: url."https://git.9iron.club/".insteadOf value: "git@git.9iron.club:" scope: global + state: absent - name: Clone bootstrap script git: accept_hostkey: yes