0
0
opnxng-deploy-playbook/config-tasks/gitea-netrc.yaml

96 lines
2.9 KiB
YAML
Raw Normal View History

2024-11-02 13:34:37 +08:00
- name: Define the location of the gnupg folder
set_fact:
gnupg_folder: "/home/{{ control_user }}/.gnupg"
2023-11-16 19:23:33 +08:00
2024-11-02 18:19:03 +08:00
# --------------------------------------------------
2023-11-11 21:29:49 +08:00
# Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker
2023-11-10 01:58:47 +08:00
- name: Remove existing .netrc
2023-11-10 03:38:57 +08:00
file:
2023-11-16 19:23:33 +08:00
path: "{{ gnupg_folder }}/.netrc"
2023-11-10 01:58:47 +08:00
state: absent
delegate_to: "{{ control_host }}"
- name: Remove existing .netrc.gpg
2023-11-10 03:38:57 +08:00
file:
2023-11-16 19:23:33 +08:00
path: "{{ gnupg_folder }}/.netrc.gpg"
2023-11-10 01:58:47 +08:00
state: absent
delegate_to: "{{ control_host }}"
2024-11-02 18:19:03 +08:00
# --------------------------------------------------
2023-11-10 01:58:47 +08:00
- name: Reminder to generate GPG key by hand
pause:
2024-11-02 18:19:03 +08:00
prompt: "Generate GPG key using gpg --gen-key --homedir /home/{{ control_user }}/.gnupg --pinentry-mode loopback"
2023-11-10 01:58:47 +08:00
delegate_to: "{{ control_host }}"
- name: Set up .netrc
template:
src: "conf/.netrc.j2"
2023-11-16 19:23:33 +08:00
dest: "{{ gnupg_folder }}/.netrc"
2023-11-10 01:58:47 +08:00
owner: 1000
group: 1000
2023-11-13 20:27:07 +08:00
mode: 0600
2023-11-10 01:58:47 +08:00
delegate_to: "{{ control_host }}"
- name: Encrypt .netrc
2023-11-16 19:23:33 +08:00
command: gpg -e -r opnxng@tuta.io {{ gnupg_folder }}/.netrc
2023-11-10 01:58:47 +08:00
delegate_to: "{{ control_host }}"
- name: Clear .netrc
2023-11-13 20:27:07 +08:00
copy:
content: '# Clear'
2023-11-16 19:23:33 +08:00
dest: "{{ gnupg_folder }}/.netrc"
2023-11-10 01:58:47 +08:00
delegate_to: "{{ control_host }}"
- name: Remove .netrc
2023-11-10 03:38:57 +08:00
file:
2023-11-16 19:23:33 +08:00
path: "{{ gnupg_folder }}/.netrc"
2023-11-10 01:58:47 +08:00
state: absent
delegate_to: "{{ control_host }}"
- name: Curl git-credential-netrc
shell: curl -s 'https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc.perl' > /usr/bin/git-credential-netrc
ignore_errors: true
delegate_to: "{{ control_host }}"
become: true
- name: Set git-credential-netrc permissions
2023-11-16 19:23:33 +08:00
file:
path: "/usr/bin/git-credential-netrc"
state: touch
mode: '0755'
owner: 1000
group: 1000
2023-11-10 01:58:47 +08:00
delegate_to: "{{ control_host }}"
2023-11-16 19:23:33 +08:00
become: true
2023-11-10 01:58:47 +08:00
- name: Use git-credential-netrc
2024-11-02 13:34:37 +08:00
command: "git config --global credential.helper '/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v'"
2023-11-13 20:27:07 +08:00
delegate_to: "{{ control_host }}"
2023-12-05 21:17:43 +08:00
- name: Ensure gpg-agent.conf file exists
file:
path: "{{ gnupg_folder }}/gpg-agent.conf"
2024-11-02 13:34:37 +08:00
state: touch
mode: '0755'
owner: 1000
group: 1000
delegate_to: "{{ control_host }}"
2023-12-05 21:17:43 +08:00
become: true
2023-11-13 20:27:07 +08:00
- name: Add pinentry-program to gpg-agent.conf on control host
lineinfile:
2023-11-16 19:23:33 +08:00
path: "{{ gnupg_folder }}/gpg-agent.conf"
2024-11-27 20:32:53 +08:00
line: "pinentry-program /usr/bin/pinentry-curses"
2023-11-13 20:27:07 +08:00
delegate_to: "{{ control_host }}"
2024-11-27 20:32:53 +08:00
- name: Add ssh support to gpg-agent.conf on control host
lineinfile:
path: "{{ gnupg_folder }}/gpg-agent.conf"
line: "enable-ssh-support"
delegate_to: "{{ control_host }}"