From 51869e069aca034fecb3416f22c45067a04afbb0 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Sun, 28 Jun 2020 08:27:46 -0500
Subject: [PATCH] Instead of janking read-only git bullshit, how about we
 actually generate some keys?

---
 roles/user/tasks/main.yml | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml
index 57cc866..391fbdf 100644
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@@ -11,7 +11,27 @@
   become: yes
 - name: Bootstrap user
   block:
-  - name: Configure SSH keys
+  - name: Generate keypair
+    openssh_keypair:
+      comment: "{{ user_username }}@{{ inventory_hostname }}"
+      path: $HOME/.ssh/id_rsa
+      mode: "0600"
+    register: keypair
+  - name: Register keypair with Gitea
+    uri:
+      url: "https://git.9iron.club/api/v1/user/keys"
+      method: POST
+      headers:
+        accept: "application/json"
+        Authorization: "token {{ gitea_api_token }}"
+      body_format: json
+      body:
+        key: "{{ keypair.public_key }}"
+        read_only: yes
+        title: "{{ inventory_hostname }}"
+      status_code: 201
+    when: keypair is changed
+  - name: Configure authorized hosts
     authorized_key:
       user: "{{ user_username }}"
       manage_dir: yes
@@ -30,16 +50,19 @@
         name: url."https://github.com/".insteadOf
         value: "git@github.com:"
         scope: global
+        state: absent
     - name: Configure git SSH substitute for GitLab
       git_config:
         name: url."https://gitlab.com/".insteadOf
         value: "git@gitlab.com:"
         scope: global
+        state: absent
     - name: Configure git SSH substitute for 9iron
       git_config:
         name: url."https://git.9iron.club/".insteadOf
         value: "git@git.9iron.club:"
         scope: global
+        state: absent
     - name: Clone bootstrap script
       git:
         accept_hostkey: yes