5deb2e6e48
Generate ed25519 deploy key and add git.skudak.com/git.debyl.io host keys to known_hosts so the runner can clone SSH submodules in CI. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
74 lines
2.0 KiB
YAML
74 lines
2.0 KiB
YAML
---
|
|
- name: create gitea-runner user
|
|
become: true
|
|
ansible.builtin.user:
|
|
name: "{{ gitea_runner_user }}"
|
|
comment: Gitea Actions runner
|
|
shell: /bin/bash
|
|
createhome: true
|
|
home: "{{ gitea_runner_home }}"
|
|
groups: docker
|
|
append: true
|
|
tags: gitea-actions
|
|
|
|
- name: check if gitea-runner lingering enabled
|
|
become: true
|
|
ansible.builtin.stat:
|
|
path: "/var/lib/systemd/linger/{{ gitea_runner_user }}"
|
|
register: gitea_runner_lingering
|
|
tags: gitea-actions
|
|
|
|
- name: enable gitea-runner lingering
|
|
become: true
|
|
ansible.builtin.command: loginctl enable-linger {{ gitea_runner_user }}
|
|
when: not gitea_runner_lingering.stat.exists
|
|
tags: gitea-actions
|
|
|
|
- name: create .config/systemd/user directory
|
|
become: true
|
|
become_user: "{{ gitea_runner_user }}"
|
|
ansible.builtin.file:
|
|
path: "{{ gitea_runner_home }}/.config/systemd/user"
|
|
state: directory
|
|
mode: "0755"
|
|
tags: gitea-actions
|
|
|
|
- name: create .ssh directory
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ gitea_runner_home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ gitea_runner_user }}"
|
|
group: "{{ gitea_runner_user }}"
|
|
mode: "0700"
|
|
tags: gitea-actions
|
|
|
|
- name: generate SSH key for gitea-runner
|
|
become: true
|
|
become_user: "{{ gitea_runner_user }}"
|
|
ansible.builtin.command:
|
|
cmd: ssh-keygen -t ed25519 -f {{ gitea_runner_home }}/.ssh/id_ed25519 -N "" -C "gitea-runner@galactica"
|
|
creates: "{{ gitea_runner_home }}/.ssh/id_ed25519"
|
|
tags: gitea-actions
|
|
|
|
- name: add Gitea SSH host keys to known_hosts
|
|
become: true
|
|
become_user: "{{ gitea_runner_user }}"
|
|
ansible.builtin.shell:
|
|
cmd: ssh-keyscan -p 2222 {{ item }} >> {{ gitea_runner_home }}/.ssh/known_hosts 2>/dev/null
|
|
args:
|
|
creates: "{{ gitea_runner_home }}/.ssh/known_hosts"
|
|
loop:
|
|
- git.skudak.com
|
|
- git.debyl.io
|
|
tags: gitea-actions
|
|
|
|
- name: set known_hosts permissions
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ gitea_runner_home }}/.ssh/known_hosts"
|
|
owner: "{{ gitea_runner_user }}"
|
|
group: "{{ gitea_runner_user }}"
|
|
mode: "0644"
|
|
tags: gitea-actions
|