opnxng-deploy-playbook/config-tasks/gitea-netrc.yaml

---
# Define the location of the gnupg folder
vars:
  gnupg_folder: "/home/{{ control_user }}/.gnupg"

# ----------------------------------------------------------------------------------------------------
# Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker

    - name: Remove existing .netrc
      file:
        path: "{{ gnupg_folder }}/.netrc"
        state: absent
      delegate_to: "{{ control_host }}"

    - name: Remove existing .netrc.gpg
      file:
        path: "{{ gnupg_folder }}/.netrc.gpg"
        state: absent
      delegate_to: "{{ control_host }}"

# ----------------------------------------------------------------------------------------------------

    - name: Reminder to generate GPG key by hand
      pause:
        prompt: "Generate GPG key using gpg --gen-key"
      delegate_to: "{{ control_host }}"

    - name: Set up .netrc
      template:
        src: "conf/.netrc.j2"
        dest: "{{ gnupg_folder }}/.netrc"
        owner: 1000
        group: 1000
        mode: 0600
      delegate_to: "{{ control_host }}"

    - name: Encrypt .netrc
      command: gpg -e -r opnxng@tuta.io {{ gnupg_folder }}/.netrc
      delegate_to: "{{ control_host }}"

    - name: Clear .netrc
      copy:
        content: '# Clear'
        dest: "{{ gnupg_folder }}/.netrc"
      delegate_to: "{{ control_host }}"

    - name: Remove .netrc
      file:
        path: "{{ gnupg_folder }}/.netrc"
        state: absent
      delegate_to: "{{ control_host }}"

    - name: Curl git-credential-netrc
      shell: curl -s 'https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc.perl' > /usr/bin/git-credential-netrc
      ignore_errors: true
      delegate_to: "{{ control_host }}"
      become: true

    - name: Set git-credential-netrc permissions
      file:
        path: "/usr/bin/git-credential-netrc"
        state: touch
        mode: '0755'
        owner: 1000
        group: 1000
      delegate_to: "{{ control_host }}"
      become: true

    - name: Use git-credential-netrc
      command: git config --global credential.helper "/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v"
      delegate_to: "{{ control_host }}"

    - name: Ensure gpg-agent.conf file exists
      file:
        path: "{{ gnupg_folder }}/gpg-agent.conf"
        state: touch  # Ensure the file exists, but do not modify its contents
      become: true

    - name: Add pinentry-program to gpg-agent.conf on control host
      lineinfile:
        path: "{{ gnupg_folder }}/gpg-agent.conf"
        line: 'pinentry-program /usr/bin/pinentry-gnome3'
      delegate_to: "{{ control_host }}"