chore: add current provisioning state before migration

2025-09-22 23:11:41 +01:00 · 2025-09-22 23:11:41 +01:00 · 50745b0f22
commit 50745b0f22
parent a9703b4748
660 changed files with 88126 additions and 0 deletions
--- a/taskservs/gitea/default/app.ini.j2
+++ b/taskservs/gitea/default/app.ini.j2
@ -0,0 +1,173 @@
+{%- if server %} 
+APP_NAME = {{taskserv.app_name}}
+RUN_MODE = prod
+RUN_USER = {{taskserv.run_user}}
+WORK_PATH = {{taskserv.work_path}}
+
+[repository]
+ROOT = {{taskserv.work_path}}/data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = {{taskserv.work_path}}/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = {{taskserv.work_path}}/uploads
+
+[server]
+PROTOCOL = {{taskserv.protocol}}
+APP_DATA_PATH = {{taskserv.work_path}}/data
+SSH_DOMAIN = {{taskserv.ssh_domain}}
+DOMAIN = {{taskserv.domain}}
+{% if taskserv.http_addr == "$network_private_ip" %}
+HTTP_ADDR="{{server.network_private_ip}}"
+{% elif taskserv.http_addr == "$network_public_ip" %}
+HTTP_ADDR="{{server.network_public_ip}}"
+{%- else %}
+HTTP_ADDR = {{taskserv.http_addr}}
+{%- endif %}
+HTTP_PORT = {{taskserv.http_port}}
+ROOT_URL = {{taskserv.root_url}}
+DISABLE_SSH = false
+LFS_START_SERVER = true
+shFS_MAX_FILE_SIZE = 0
+LFS_LOCK_PAGING_NUM = 50
+; Permission for unix socket
+UNIX_SOCKET_PERMISSION = 666
+START_SSH_SERVER = {{taskserv.start_ssh_server}}
+BUILTIN_SSH_SERVER_USER = {{taskserv.builtin_ssh_server_user}}
+; The network interface the builtin SSH server should listen on
+; SSH_LISTEN_HOST =
+; Port number to be exposed in clone URL
+SSH_PORT = {{taskserv.ssh_port}}
+; The port number the builtin SSH server should listen on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+; SSH_ROOT_PATH =
+SSH_ROOT_PATH = {{taskserv.ssh_root_path}}
+; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_KEYS_FILE = false
+; For the built-in SSH server, choose the ciphers to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections
+; for system SSH this setting has no effect
+SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+; for system SSH this setting has no effect
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; Directory to create temporary files in when testing public keys using ssh-keygen,
+; default is the system temporary directory.
+; SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+SSH_BACKUP_AUTHORIZED_KEYS = true
+; Enable exposure of SSH clone URL to anonymous visitors, default is false
+SSH_EXPOSE_ANONYMOUS = false
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+; Disable CDN even in "prod" mode
+DISABLE_ROUTER_LOG = false
+OFFLINE_MODE = true
+; Generate steps:
+; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+; 
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+# CERT_FILE                       = {{taskserv.work_path}}/conf/ssl/fullchain.pem
+# KEY_FILE                        = {{taskserv.work_path}}/conf/ssl/privkey.pem
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+CERT_FILE = {{taskserv.cert_file}}
+KEY_FILE = {{taskserv.key_file}}
+
+[database]
+PATH = {{taskserv.db.path}}
+DB_TYPE = {{taskserv.db.typ}}
+{% if taskserv.db.typ != "sqlite" %}
+HOST = {{taskserv.db.host | replace(from="$network_private_ip", to=server.network_private_ip)}}
+NAME = {{taskserv.db.name}}
+USER = {{taskserv.db.user}}
+PASSWD = {{taskserv.db.password}}
+LOG_SQL = false
+SCHEMA = 
+CHARSET = {{taskserv.db.charset}}
+SSL_MODE = {{taskserv.db.ssl_mode}}
+{%- endif %}
+
+[indexer]
+ISSUE_INDEXER_PATH = {{taskserv.work_path}}/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = {{taskserv.work_path}}/sessions
+PROVIDER = file
+
+[picture]
+AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = {{taskserv.work_path}}/repo-avatars
+
+[attachment]
+PATH = {{taskserv.work_path}}/attachments
+
+[log]
+MODE = console
+LEVEL = info
+ROOT_PATH = {{taskserv.work_path}}/log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY = 
+REVERSE_PROXY_LIMIT = 1
+REVERSE_PROXY_TRUSTED_PROXIES = *
+PASSWORD_HASH_ALGO = pbkdf2
+
+[service]
+DISABLE_REGISTRATION = {{taskserv.disable_registration}}
+REQUIRE_SIGNIN_VIEW = {{taskserv.require_signin_view}}
+REGISTER_EMAIL_CONFIRM = false
+ENABLE_NOTIFY_MAIL = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+ENABLE_CAPTCHA = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING = true
+NO_REPLY_ADDRESS = noreply.localrepo.cloudnative.zone
+
+[lfs]
+PATH = {{taskserv.work_path}}/data/git/lfs
+
+[mailer]
+ENABLED = false
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[cron.update_checker]
+ENABLED = false
+
+[repository.pull-request]
+DEFAULT_MERGE_STYLE = merge
+
+[repository.signing]
+DEFAULT_TRUST_MODEL = committer
+
+[oauth2]
+
+[webhook]
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT = 
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM = 10
+{% if taskserv.webhook_allowed_hosts_list == "$server.priv_cidr_block" %}
+ALLOWED_HOST_LIST = {{server.priv_cidr_block}}
+{%- else %}
+ALLOWED_HOST_LIST = {{taskserv.webhook_allowed_hosts_list}}
+{%- endif %}
+
+{%- endif %}
--- a/taskservs/gitea/default/env-gitea.j2
+++ b/taskservs/gitea/default/env-gitea.j2
@ -0,0 +1,19 @@
+GITEA_VERSION="{{taskserv.version}}"
+GITEA_RUN_MODE=local
+GITEA_RUN_PATH={{taskserv.run_path}}
+GITEA_SYSTEMCTL_MODE=enabled
+GITEA_ETC_PATH={{taskserv.etc_path}}
+GITEA_LIB_PATH={{taskserv.work_path}}
+GITEA_DB_TYPE={{taskserv.db.typ}}
+GITEA_CONFIG_FILE={{taskserv.config_path}}
+GITEA_RUN_USER={{taskserv.run_user.name}}
+GITEA_RUN_GROUP={{taskserv.run_user.group}}
+GITEA_RUN_USER_HOME={{taskserv.run_user.home}}
+GITEA_SSL_CERTS_PATH={{taskserv.certs_path}}
+GITEA_ADM_USER={{taskserv.adm_user.name}}
+GITEA_ADM_PASSWORD={{taskserv.adm_user.password}}
+GITEA_ADM_EMAIL={{taskserv.adm_user.email}}
+GITEA_DOMAIN={{taskserv.domain}}
+GITEA_CDCI_USER={{taskserv.cdci_user}}
+GITEA_CDCI_GROUP={{taskserv.cdci_group}}
+GITEA_CDCI_USER_HOME={{taskserv.cdci_user_home}}
--- a/taskservs/gitea/default/gitea.service.j2
+++ b/taskservs/gitea/default/gitea.service.j2
@ -0,0 +1,87 @@
+{%- if server %} 
+[Unit]
+Description=Gitea ({{taskserv.app_name}})
+After=syslog.target
+After=network.target
+###
+# Don't forget to add the database service dependencies
+###
+#
+{%- if taskserv.db.typ == "mysql" %}
+Wants=mysql.service
+After=mysql.service
+{%- elif taskserv.db.typ == "mariadb" %}
+Wants=mariadb.service
+After=mariadb.service
+{%- elif taskserv.db.typ == "postgres" %}
+Wants=postgresql.service
+After=postgresql.service
+{%- endif %}
+#
+#Wants=memcached.service
+#After=memcached.service
+#
+#Wants=redis.service
+#After=redis.service
+#
+###
+# If using socket activation for main http/s
+###
+#
+#After=gitea.main.socket
+#Requires=gitea.main.socket
+#
+###
+# (You can also provide gitea an http fallback and/or ssh socket too)
+#
+# An example of /etc/systemd/system/gitea.main.socket
+###
+##
+## [Unit]
+## Description=Gitea Web Socket
+## PartOf=gitea.service
+##
+## [Socket]
+## Service=gitea.service
+## ListenStream=<some_port>
+## NoDelay=true
+##
+## [Install]
+## WantedBy=sockets.target
+##
+###
+
+[Service]
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
+RestartSec=2s
+Type=simple
+User={{taskserv.run_user.name}}
+Group={{taskserv.run_user.group}}
+WorkingDirectory={{taskserv.work_path}}
+# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=gitea
+ExecStart={{taskserv.run_path}} web --config {{taskserv.etc_path}}/{{taskserv.config_path}}
+Restart=always
+Environment=USER={{taskserv.run_user.name}} HOME={{taskserv.run_user.home}} GITEA_WORK_DIR={{taskserv.work_path}}
+# If you install Git to directory prefix other than default PATH (which happens
+# for example if you install other versions of Git side-to-side with
+# distribution version), uncomment below line and add that prefix to PATH
+# Don't forget to place git-lfs binary on the PATH below if you want to enable
+# Git LFS support
+#Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
+
+[Install]
+WantedBy=multi-user.target
+{%- endif %}
--- a/taskservs/gitea/default/install-gitea.sh
+++ b/taskservs/gitea/default/install-gitea.sh
@ -0,0 +1,168 @@
+#!/bin/bash
+# Info: Script to install Gitea
+# Author: JesusPerezLorenzo  
+# Release: 1.0 
+# Date: 12-12-2023
+
+USAGE="install-gitea.sh "
+[ "$1" == "-h"  ] && echo "$USAGE"  && exit 1
+
+[ -r "env-gitea" ] && . ./env-gitea
+
+GITEA_VERSION=${GITEA_VERSION:-1.21.7} 
+
+GITEA_URL=https://dl.gitea.io/gitea
+ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')"
+GITEA_FILE=$GITEA_VERSION/gitea-$GITEA_VERSION-linux-$ARCH
+GITEA_ARCH=linux-$ARCH
+
+GITEA_RUN_PATH=${GITEA_RUN_PATH:-/usr/local/bin/gitea}
+
+GITEA_SYSTEMCTL_MODE=${GITEA_SYSTEMCTL_MODE:-enabled}
+
+GITEA_ETC_PATH=${GITEA_ETC_PATH:-/etc/gitea}
+
+GITEA_LIB_PATH=${GITEA_LIB_PATH:-/home2/lib/gitea}
+GITEA_CONFIG_FILE=${GITEA_CONFIG_FILE:-app.ini}
+
+GITEA_RUN_USER=${GITEA_RUN_USER:-gitea}
+GITEA_RUN_GROUP=${GITEA_RUN_GROUP:-gitea}
+GITEA_RUN_USER_HOME=${GITEA_RUN_USER_HOME:-/home/gitea}
+
+GITEA_PKG_NAME=gitea
+
+CMD_TSKSRVC=${1:-install}
+
+#ORG="$(pwd)"
+export LC_CTYPE=C.UTF-8 
+export LANG=C.UTF-8
+
+_init() {
+  local curr_vers
+	[ -z "$GITEA_VERSION" ] || [ -z "$GITEA_ARCH" ] || [ -z "$GITEA_URL" ] || [ -z "$GITEA_FILE" ] && exit 1
+  if [ -x "$GITEA_RUN_PATH" ] ; then 
+    curr_vers=$(${GITEA_RUN_PATH} -v | awk '{print $3}')
+  else 
+    curr_vers=0
+  fi
+  if [ "$curr_vers" != "$GITEA_VERSION" ] || [ "$curr_vers" != "$GITEA_VERSION" ]; then
+  if curl -fsSL "${GITEA_URL}/${GITEA_VERSION}/gitea-${GITEA_VERSION}-${GITEA_ARCH}" -o gitea ; then 
+    sudo mv gitea "${GITEA_RUN_PATH}"
+    sudo chmod +x "${GITEA_RUN_PATH}"
+  else 
+      echo "error download ${GITEA_URL}/${GITEA_VERSION}/gitea-${GITEA_VERSION}-${GITEA_ARCH}"
+    return 1
+  fi
+  fi 
+  return 0
+}
+
+_config_gitea() {
+  local has_user=""
+  local http_addr
+  local etc_entry
+  has_user=$(grep "$GITEA_RUN_USER" /etc/passwd)
+  if [ -z "$has_user" ] ; then 
+		sudo adduser \
+			--system \
+			--shell /bin/bash \
+			--gecos 'Git Version Control' \
+			--group \
+			--disabled-password \
+			--home "$GITEA_RUN_USER_HOME" \
+			"${GITEA_RUN_USER}"
+  fi
+	if [ ! -d "$GITEA_RUN_USER_HOME" ] ; then 
+    sudo mkdir -p "$GITEA_RUN_USER_HOME"
+		sudo chown -R "$GITEA_RUN_USER":"$GITEA_RUN_GROUP" "$GITEA_RUN_USER_HOME"
+	fi
+  sudo mkdir -p "${GITEA_LIB_PATH}"/{custom,data,log}
+	sudo chown -R "${GITEA_RUN_USER}:${GITEA_RUN_GROUP}" "${GITEA_LIB_PATH}"
+	sudo chmod -R 750 "${GITEA_LIB_PATH}"
+	[ ! -d "${GITEA_ETC_PATH}" ] && sudo mkdir "${GITEA_ETC_PATH}"
+  sudo chmod 750 "${GITEA_ETC_PATH}"
+	sudo chown -R root:"${GITEA_RUN_GROUP}" "${GITEA_ETC_PATH}"
+
+  [ ! -r "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}" ] && [ -r "app.ini" ] && sudo cp app.ini  "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}"
+  sudo chown "$GITEA_RUN_USER":"$GITEA_RUN_GROUP" "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}"
+	[ -r "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}" ] && sudo chmod 640 "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}"
+
+  if [ ! -r "${GITEA_ETC_PATH}/.psql.sql" ] && [ -r "psql.sql" ] ; then 
+      sudo cp psql.sql  "${GITEA_ETC_PATH}/.psql.sql"
+      case "$GITEA_DB_TYPE" in 
+        postgres)  sudo -u postgres psql < psql.sql
+        ;;
+      esac
+      rm -f psql.sql
+      sudo chmod 400 "${GITEA_ETC_PATH}/.psql.sql"
+  fi
+  if [ -d "ssl" ] ; then 
+    sudo rm -rf "${GITEA_SSL_CERTS_PATH}"
+    sudo cp -pr ssl "${GITEA_SSL_CERTS_PATH}"
+    sudo chown -R "${GITEA_RUN_USER}:${GITEA_RUN_GROUP}" "${GITEA_SSL_CERTS_PATH}"
+    sudo chmod 400 "${GITEA_SSL_CERTS_PATH}"/*key*pem 2>/dev/null
+  fi
+	if [ -r "${GITEA_RUN_PATH}" ] && [ -r "gitea.service" ] ;  then 
+    sudo cp gitea.service /lib/systemd/system/gitea.service
+    [ "${GITEA_SYSTEMCTL_MODE}" == "enabled" ] && sudo systemctl enable gitea --now >/dev/null 2>&1
+    # [ "${GITEA_SYSTEMCTL_MODE}" == "start" ] && sudo systemctl start gitea >/dev/null 2>&1
+  fi
+  if [ -d "${GITEA_CDCI_USER_HOME}" ] && [ -n "${GITEA_CDCI_USER_HOME}" ] && [ -r "ssh-config" ] ; then 
+    sudo cp ssh-config "${GITEA_CDCI_USER_HOME}/.ssh/config"
+    if [ -d ".ssh" ] ; then 
+      sudo cp -pr .ssh/* "${GITEA_CDCI_USER_HOME}/.ssh"
+      sudo chown -R "${GITEA_CDCI_USER}:${GITEA_CDCI_GROUP}" "${GITEA_CDCI_USER_HOME}/.ssh"
+    fi
+  fi
+  [ -d ".ssh" ] && rm -rf .ssh
+  http_addr=$(sudo grep HTTP_ADDR /etc/gitea/app.ini | cut -f2 -d"=" | sed "s/ //g")
+  if [ -n "$http_addr" ] && [ -n "$GITEA_DOMAIN" ]; then 
+    etc_entry=$(sudo grep "$http_addr" /etc/hosts | grep -v "$GITEA_DOMAIN")
+    [ -n "$etc_entry" ] && sudo sed -i "s/$etc_entry/$etc_entry $GITEA_DOMAIN/g" /etc/hosts
+  fi
+  if [ ! -r "$GITEA_ETC_PATH/.done" ] && [ -n "$GITEA_ADM_USER" ] ; then 
+    _start_gitea
+    echo "wait 11 to gitea init ..."
+    sleep 11
+    if sudo -u "$GITEA_RUN_USER" gitea admin user create --username "$GITEA_ADM_USER" --password "$GITEA_ADM_PASSWORD" --email "$GITEA_ADM_EMAIL" --admin  --config "${GITEA_ETC_PATH}/${GITEA_CONFIG_FILE}" ; then 
+      date +%Y_%m_%d_%H_%M_%S | sudo tee "$GITEA_ETC_PATH/.done"
+    fi
+  fi
+}
+
+_remove_gitea() {
+  sudo timeout -k 10 20 systemctl stop "$GITEA_PKG_NAME"  >/dev/null 2>&1
+  sudo timeout -k 10 20 systemctl disable "$GITEA_PKG_NAME" >/dev/null 2>&1
+  sudo rm -f "${GITEA_RUN_PATH}"
+}
+
+_start_gitea() {
+  if [ "$GITEA_SYSTEMCTL_MODE" == "enabled" ] ; then 
+    sudo timeout -k 10 20 systemctl enable "$GITEA_PKG_NAME" >/dev/null 2>&1
+  else 
+    sudo timeout -k 10 20 systemctl disable "$GITEA_PKG_NAME" >/dev/null 2>&1
+  fi
+  [ -r "/lib/systemd/system/gitea.service" ] && _restart_gitea && return 
+  sudo timeout -k 10 20 systemctl start "$GITEA_PKG_NAME" >/dev/null 2>&1
+}
+_restart_gitea() {
+  sudo timeout -k 10 20 systemctl restart "$GITEA_PKG_NAME" >/dev/null 2>&1
+}
+
+if [ "$CMD_TSKSRVC" == "remove" ] ; then
+  _remove_gitea
+  exit
+fi
+if ! _init ; then
+  echo "error gitea install"
+  exit 1
+fi
+[ "$CMD_TSKSRVC"  == "update" ] &&  _restart_gitea && exit 0
+if ! _config_gitea ; then 
+  echo "error gitea config"
+  exit 1
+fi
+if ! _start_gitea ; then 
+  echo "error gitea start"
+  exit 1
+fi
--- a/taskservs/gitea/default/prepare
+++ b/taskservs/gitea/default/prepare
@ -0,0 +1,26 @@
+#!/usr/bin/env nu 
+# Info: Prepare for gitea installation
+# Author: JesusPerezLorenzo 
+# Release: 1.0.2
+# Date: 19-11-2023
+
+use lib_provisioning/cmd/env.nu * 
+use lib_provisioning/cmd/lib.nu *
+
+use lib_provisioning/utils/ui.nu *
+
+print $"(_ansi green_bold)Gitea(_ansi reset) with ($env.PROVISIONING_VARS) " 
+
+let defs = load_defs
+
+let ssh_keys = ($defs.taskserv.cdci_key | str replace "~" $env.HOME | str trim)
+
+if $ssh_keys != "" { 
+   let target_path = $env.PROVISIONING_WK_ENV_PATH
+   ^mkdir -p $"($target_path)/.ssh"
+   for key in ($ssh_keys | split row " ") { 
+    log_debug $"on ($key)"
+    if ($key | path exists) { cp $key $"($target_path)/.ssh" } 
+    if ($"($key).pub" | path exists) { cp $"($key).pub" $"($target_path)/.ssh" }
+  }
+}
--- a/taskservs/gitea/default/psql.sql.j2
+++ b/taskservs/gitea/default/psql.sql.j2
@ -0,0 +1,9 @@
+-- su -
+-- su -u postgres
+-- psql
+create database {{taskserv.db.name}};
+create user {{taskserv.db.user}} with encrypted password '{{taskserv.db.password}}';
+grant all privileges on database {{taskserv.db.name}} to {{taskserv.db.user}};
+
+GRANT CREATE ON SCHEMA public TO {{taskserv.db.user}};
+ALTER DATABASE {{taskserv.db.name}} OWNER TO {{taskserv.db.user}};
--- a/taskservs/gitea/default/ssh-config.j2
+++ b/taskservs/gitea/default/ssh-config.j2
@ -0,0 +1,8 @@
+Host {{taskserv.domain}}
+  User git
+  HostName {{taskserv.domain}}
+  IdentityFile {{taskserv.cdci_key}}
+  ServerAliveInterval 240
+  StrictHostKeyChecking no
+  UserKnownHostsFile=/dev/null
+  Port {{taskserv.ssh_port}}