From 5deb2e6e48d6851f5b7553c3f18d67dc385cf759 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Sat, 28 Mar 2026 17:53:01 -0400 Subject: [PATCH] feat: add SSH key and known_hosts for gitea-runner Generate ed25519 deploy key and add git.skudak.com/git.debyl.io host keys to known_hosts so the runner can clone SSH submodules in CI. Co-Authored-By: Claude Opus 4.6 (1M context) --- ansible/roles/gitea-actions/tasks/user.yml | 39 ++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/ansible/roles/gitea-actions/tasks/user.yml b/ansible/roles/gitea-actions/tasks/user.yml index 0926744..cccce1f 100644 --- a/ansible/roles/gitea-actions/tasks/user.yml +++ b/ansible/roles/gitea-actions/tasks/user.yml @@ -32,3 +32,42 @@ state: directory mode: "0755" tags: gitea-actions + +- name: create .ssh directory + become: true + ansible.builtin.file: + path: "{{ gitea_runner_home }}/.ssh" + state: directory + owner: "{{ gitea_runner_user }}" + group: "{{ gitea_runner_user }}" + mode: "0700" + tags: gitea-actions + +- name: generate SSH key for gitea-runner + become: true + become_user: "{{ gitea_runner_user }}" + ansible.builtin.command: + cmd: ssh-keygen -t ed25519 -f {{ gitea_runner_home }}/.ssh/id_ed25519 -N "" -C "gitea-runner@galactica" + creates: "{{ gitea_runner_home }}/.ssh/id_ed25519" + tags: gitea-actions + +- name: add Gitea SSH host keys to known_hosts + become: true + become_user: "{{ gitea_runner_user }}" + ansible.builtin.shell: + cmd: ssh-keyscan -p 2222 {{ item }} >> {{ gitea_runner_home }}/.ssh/known_hosts 2>/dev/null + args: + creates: "{{ gitea_runner_home }}/.ssh/known_hosts" + loop: + - git.skudak.com + - git.debyl.io + tags: gitea-actions + +- name: set known_hosts permissions + become: true + ansible.builtin.file: + path: "{{ gitea_runner_home }}/.ssh/known_hosts" + owner: "{{ gitea_runner_user }}" + group: "{{ gitea_runner_user }}" + mode: "0644" + tags: gitea-actions