diff --git a/ansible/arcodange/factory/inventory/group_vars/all/common.yml b/ansible/arcodange/factory/inventory/group_vars/all/common.yml new file mode 100644 index 0000000..6a5cc45 --- /dev/null +++ b/ansible/arcodange/factory/inventory/group_vars/all/common.yml @@ -0,0 +1 @@ +user_home: "{{ lookup('ansible.builtin.env','HOME') }}" \ No newline at end of file diff --git a/ansible/arcodange/factory/inventory/group_vars/all/ssh.yml b/ansible/arcodange/factory/inventory/group_vars/all/ssh.yml new file mode 100644 index 0000000..b2c7317 --- /dev/null +++ b/ansible/arcodange/factory/inventory/group_vars/all/ssh.yml @@ -0,0 +1,19 @@ +ssh_public_key_paths: + - /Users/gabrielradureau/.ssh/id_ed25519_arcodange.pub + - "{{ user_home }}/.ssh/id_ed25519.pub" + - "{{ user_home }}/.ssh/id_rsa.pub" +ssh_public_key_path: >- + {{ ( + lookup('ansible.builtin.first_found', files=ssh_public_key_paths, errors='ignore') + ) + }} +ssh_public_key_found: "{{ ssh_public_key_path > '' }}" +ssh_public_key_full_content: >- + {{ + 'key_type b64key key_name' if not ssh_public_key_found + else + lookup('ansible.builtin.file', ssh_public_key_path) + }} +ssh_public_key: "{{ ssh_public_key_full_content.split()[1] }}" +ssh_key_title: "{{ ssh_public_key_full_content.split()[-1] }}" +ssh_key_algorithm: "{{ ssh_public_key_full_content.split()[0] }}" \ No newline at end of file diff --git a/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml index 7e863ae..c0da59f 100644 --- a/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml +++ b/ansible/arcodange/factory/inventory/group_vars/hard_disk/gitea.yml @@ -40,6 +40,8 @@ gitea: GITEA__mailer__SMTP_ADDR: smtp.orange.fr GITEA__mailer__SMTP_PORT: 465 GITEA__mailer__PASSWD: '{{ gitea_vault.GITEA__mailer__PASSWD }}' + GITEA__server__SSH_PORT: 2222 + GITEA__server__SSH_LISTEN_PORT: 22 networks: - gitea ports: diff --git a/ansible/arcodange/factory/playbooks/setup/gitea.yml b/ansible/arcodange/factory/playbooks/setup/gitea.yml index cdfa76a..ce42bcb 100644 --- a/ansible/arcodange/factory/playbooks/setup/gitea.yml +++ b/ansible/arcodange/factory/playbooks/setup/gitea.yml @@ -81,6 +81,7 @@ path: '{{ gitea_user.avatar_img_path | realpath }}' register: gitea_user_avatar_img + no_log: True - name: Upload l'avatar de l'admin uri: @@ -95,6 +96,46 @@ image: "{{ gitea_user_avatar_img['content'] }}" status_code: 204 + - name: Enregistrer sa clée publique SSH + when: ssh_public_key_found + block: + - name: Récupérer les clés SSH existantes pour l'utilisateur + uri: + url: "{{ gitea_base_url }}/api/v1/user/keys" + method: GET + headers: + Authorization: "token {{ gitea_api_token }}" + return_content: yes + register: existing_ssh_keys + + - name: Vérifier si la clé SSH existe déjà + set_fact: + ssh_key_exists: "{{ ' '.join([ssh_key_algorithm, ssh_public_key]) in existing_ssh_keys.json | map(attribute='key') | list }}" + + - name: Ajouter une clé SSH publique à l'utilisateur dans Gitea si elle n'existe pas + uri: + url: "{{ gitea_base_url }}/api/v1/user/keys" + method: POST + headers: + Content-Type: application/json + Accept: application/json + Authorization: "token {{ gitea_api_token }}" + body_format: json + body: + title: "{{ ssh_key_title }}" # Un nom descriptif pour la clé SSH + key: "{{ ssh_public_key }}" # Le contenu de la clé publique SSH + status_code: 201 + when: not ssh_key_exists + register: add_ssh_key_result + + - name: Vérifier la nouvelle clé SSH ajoutée avec succès + when: not ssh_key_exists and add_ssh_key_result.status == 201 + debug: + msg: >- + Clé SSH ajoutée avec succès. + Visitez https://gitea.arcodange.duckdns.org/user/settings/keys?verify_ssh={{ add_ssh_key_result.json.fingerprint }} + pour vérifier la signature de vos commits avec cette clé. + - set_fact: gitea_org_name: arcodange-org gitea_org_full_name: Arcodange