diff --git a/.gitignore b/.gitignore index 5c6be97..93ed22d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ vars/secrets.yaml +files/fly.io templates/conf/users_database.yaml.j2 templates/conf/configuration.yaml.j2 production diff --git a/config-tasks/gitea-netrc.yaml b/config-tasks/gitea-netrc.yaml index 76a7228..b4b85b2 100644 --- a/config-tasks/gitea-netrc.yaml +++ b/config-tasks/gitea-netrc.yaml @@ -1,7 +1,6 @@ ---- -# Define the location of the gnupg folder -vars: - gnupg_folder: "/home/{{ control_user }}/.gnupg" + - name: Define the location of the gnupg folder + set_fact: + gnupg_folder: "/home/{{ control_user }}/.gnupg" # ---------------------------------------------------------------------------------------------------- # Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker @@ -22,7 +21,7 @@ vars: - name: Reminder to generate GPG key by hand pause: - prompt: "Generate GPG key using gpg --gen-key" + prompt: "Generate GPG key using gpg --gen-key --homedir /home/{{ user }}/.gnupg --pinentry-mode loopback" delegate_to: "{{ control_host }}" - name: Set up .netrc @@ -67,17 +66,21 @@ vars: become: true - name: Use git-credential-netrc - command: git config --global credential.helper "/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v" + command: "git config --global credential.helper '/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v'" delegate_to: "{{ control_host }}" - name: Ensure gpg-agent.conf file exists file: path: "{{ gnupg_folder }}/gpg-agent.conf" - state: touch # Ensure the file exists, but do not modify its contents + state: touch + mode: '0755' + owner: 1000 + group: 1000 + delegate_to: "{{ control_host }}" become: true - name: Add pinentry-program to gpg-agent.conf on control host lineinfile: path: "{{ gnupg_folder }}/gpg-agent.conf" - line: 'pinentry-program /usr/bin/pinentry-gnome3' + line: "pinentry-program /usr/bin/pinentry-tty" delegate_to: "{{ control_host }}"