From 096a32a7ad28f710cd87f14f276b66007e875be2 Mon Sep 17 00:00:00 2001
From: Y <theYinYeti@yalis.fr>
Date: Sun, 10 Mar 2019 18:33:53 +0100
Subject: [PATCH] =?UTF-8?q?ihmgit=5Fback:=20user=20=E2=80=9Cgitea=E2=80=9D?=
 =?UTF-8?q?=20instead=20of=20=E2=80=9Cgit=E2=80=9D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 group_vars/all                   |  3 +++
 roles/ihmgit_back/tasks/main.yml | 15 +++------------
 roles/ssh/tasks/main.yml         |  2 +-
 3 files changed, 7 insertions(+), 13 deletions(-)

diff --git a/group_vars/all b/group_vars/all
index c0b35f2..b5178a6 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -106,6 +106,9 @@ gitea_mime_attach: 'image/jpeg image/png application/zip application/gzip'
 # A random salt-string for internal encryption (change it!).
 gitea_security_secret: '!#@FDEWREWR&*('
 
+# System user running Gitea
+gitea_user: gitea
+
 # Maximum size of HTTP and PHP uploads.
 http_max_upload: 10000M
 
diff --git a/roles/ihmgit_back/tasks/main.yml b/roles/ihmgit_back/tasks/main.yml
index 0de1380..f891610 100644
--- a/roles/ihmgit_back/tasks/main.yml
+++ b/roles/ihmgit_back/tasks/main.yml
@@ -17,13 +17,6 @@
     - gitea
     - asciidoctor
 
-- name: set git home to Gitea repos
-  user:
-    name: git
-    home: /var/lib/gitea/repos
-    create_home: true
-    shell: /bin/sh
-
 ### UPSTREAM END ⇒ ###
 - name: merge upstream
   include_role: name=etckeeper.inc allow_duplicates=true tasks_from=merge.yml
@@ -52,7 +45,7 @@
   file:
     path: '{{item}}'
     state: directory
-    owner: git
+    owner: '{{gitea_user}}'
     recurse: true
   with_items:
     - /var/lib/gitea
@@ -65,7 +58,7 @@
     option: '{{item.o}}'
     value: '{{item.v}}'
   with_items:
-    - {s: null, o: RUN_USER, v: git}
+    - {s: null, o: RUN_USER, v: '{{gitea_user}}'}
     - {s: null, o: RUN_MODE, v: prod}
     - {s: repository, o: ROOT, v: /var/lib/gitea/repos}
     - {s: repository.editor, o: LINE_WRAP_EXTENSIONS, v: '.txt,.md,.markdown,.mdown,.mkd,.adoc,.asciidoc,'}
@@ -77,7 +70,7 @@
     - {s: server, o: LOCAL_ROOT_URL, v: ''}
     - {s: server, o: SSH_DOMAIN, v: '{{net_soa}}'}
     - {s: server, o: SSH_PORT, v: 2222}
-    - {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/repos/.ssh}
+    - {s: server, o: SSH_ROOT_PATH, v: /var/lib/gitea/.ssh}
     - {s: server, o: MINIMUM_KEY_SIZE_CHECK, v: 'true'}
     - {s: server, o: LFS_START_SERVER, v: 'false'}
     - {s: ssh.minimum_key_sizes, o: ECDSA, v: '-1'}
@@ -138,8 +131,6 @@
   copy:
     content: |
       [Service]
-      User=git
-      Environment=USER=git
       CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_LEASE CAP_SYS_CHROOT
       PrivateDevices=true
       PrivateTmp=true
diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml
index 1cfee13..3bc3843 100644
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@@ -225,7 +225,7 @@
       Match Address {{(net_trusted_ranges + ' ' + (iodine_net | ipaddr('0'))) | replace(' ', ',')}}
         ForceCommand none
       Match LocalPort 2222
-        AllowUsers git
+        AllowUsers {{gitea_user}}
         PermitRootLogin no
         PasswordAuthentication no
         PermitEmptyPasswords no