Fix Forgejo SSH passthrough: use -u git and correct app.ini path

docker exec needs -u git to avoid running as root (Forgejo refuses root), and the config path inside the container is /data/gitea/conf/app.ini. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-28 10:51:33 +00:00 · 2026-03-28 10:51:33 +00:00 · 397d4fcc48
parent c34d2b4849
commit 397d4fcc48
1 changed files with 2 additions and 2 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -252,7 +252,7 @@
        mode: '0755'
        content: |
          #!/bin/sh
-          /usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" forgejo sh "$@"
+          /usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" forgejo sh "$@"

    - name: Create git user for Forgejo
      ansible.builtin.user:
@ -281,7 +281,7 @@
        content: |
          Match User git
            AuthorizedKeysCommandUser git
-            AuthorizedKeysCommand /usr/bin/docker exec -i forgejo /usr/local/bin/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k
+            AuthorizedKeysCommand /usr/bin/docker exec -i -u git forgejo /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
      notify: restart sshd

    - name: Generate Pangolin secret