dedizierter User

tasks/main.yaml

@@ -7,22 +7,43 @@
       - docker.io
       - python3-docker
 
+- name: Create git USER
+  ansible.builtin.user:
+    name: git
+  register: git_user
+
 - name: Create Data Directory
   file:
-    path: /data
+    path: "{{ git_user.home }}/gitea/data"
     state: directory
-    owner: 1000
+    owner: "{{ git_user.uid }}"
-    group: 1000
+    group: "{{ git_user.group }}"
     mode: '0755'
 
 - name: Create Config Directory
   file:
-    path: /config
+    path: "{{ git_user.home }}/gitea/config"
     state: directory
-    owner: 1000
+    owner: "{{ git_user.uid }}"
-    group: 1000
+    group: "{{ git_user.group }}"
     mode: '0755'
 
+- name: Create SSH Directory
+  file:
+    path: "{{ git_user.home }}/gitea/ssh"
+    state: directory
+    owner: "{{ git_user.uid }}"
+    group: "{{ git_user.group }}"
+    mode: '0755'
+
+- name: Create SSH authorized_keys
+  file:
+    path: "{{ git_user.home }}/gitea/ssh/authorized_keys"
+    state: touch
+    owner: "{{ git_user.uid }}"
+    group: "{{ git_user.group }}"
+    mode: '0600'
+
 - name: Start Docker Daemon
   systemd:
     name: docker
@@ -39,13 +60,20 @@
       env: strict
     restart_policy: unless-stopped
     volumes:
-      - /data:/var/lib/gitea
+      - "{{ git_user.home }}/gitea/data:/var/lib/gitea"
-      - /config:/etc/gitea
+      - "{{ git_user.home }}/gitea/ssh:/var/lib/gitea/git/.ssh"
+      - "{{ git_user.home }}/gitea/config:/etc/gitea"
+      #- /data:/var/lib/gitea
+      #- /config:/etc/gitea
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
     ports:
       - "3000:3000"
       - "22:2222"
+    user: "{{ git_user.uid }}:{{ git_user.group }}"
+    env:
+      USER_UID: "{{ git_user.uid }}"
+      USER_GID: "{{ git_user.group }}"