Configure Gitea commit signing with SSH key

site-cookbooks/kosmos_gitea/recipes/default.rb

@@ -26,6 +26,13 @@ user "git" do
   home "/home/git"
 end
 
+directory '/home/git/.ssh' do
+  owner 'git'
+  group 'git'
+  mode '0700'
+  recursive true
+end
+
 directory working_directory do
   owner "git"
   group "git"
@@ -100,6 +107,16 @@ config_variables = {
   s3_bucket: gitea_data_bag_item["s3_bucket"]
 }
 
+bash "Generate git ed25519 keypair" do
+  user "git"
+  group "git"
+  cwd git_home_directory
+  code <<-EOH
+    ssh-keygen -t ed25519 -f #{git_home_directory}/.ssh/id_ed25519
+  EOH
+  creates "#{git_home_directory}/.ssh/id_ed25519"
+end
+
 template "#{config_directory}/app.ini" do
   source "app.ini.erb"
   owner "git"

site-cookbooks/kosmos_gitea/templates/default/app.ini.erb

@@ -30,6 +30,16 @@ MAX_OPEN_CONNS = 20
 ROOT = <%= @repository_root_directory %>
 DISABLE_DOWNLOAD_SOURCE_ARCHIVES = true
 
+[repository.signing]
+SIGNING_KEY = <%= @git_home_directory %>/.ssh/id_ed25519.pub
+SIGNING_NAME = Gitea
+SIGNING_EMAIL = <%= @email %>
+SIGNING_FORMAT = ssh
+INITIAL_COMMIT = always
+CRUD_ACTIONS = always
+WIKI = always
+MERGES = always
+
 # [indexer]
 # ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve