From 1adfa18eaa5f5f62e39397586db426c5fc83d8bb Mon Sep 17 00:00:00 2001
From: kencho <kencho.gigascience@gmail.com>
Date: Mon, 9 Sep 2024 15:33:31 +0800
Subject: [PATCH] feat: make user can execute the script

---
 .../roles/bastion-users/tasks/main.yml        | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/ops/infrastructure/roles/bastion-users/tasks/main.yml b/ops/infrastructure/roles/bastion-users/tasks/main.yml
index 600b78bea9..c1044ffd21 100644
--- a/ops/infrastructure/roles/bastion-users/tasks/main.yml
+++ b/ops/infrastructure/roles/bastion-users/tasks/main.yml
@@ -194,5 +194,28 @@
       mode: 0644
   when: credentials_csv_path is defined
 
+- name: Ensure user has GIGADB_ENV set
+  ansible.builtin.lineinfile:
+    path: "/home/{{ newuser }}/.bash_profile"
+    insertafter: '# User specific environment and startup programs\n'
+    line: "GIGADB_ENV={{ gigadb_environment }}"
+
+- name: get private key of upstream
+  ansible.builtin.uri:
+    url: "{{ gitlab_misc_url }}/variables/id_rsa_aws_hk_gigadb_pem"
+    method: GET
+    headers:
+      PRIVATE-TOKEN: "{{ gitlab_private_token }}"
+    body_format: json
+  register: private_key_from_gl
+
+- name: copy private key
+  ansible.builtin.copy:
+    content: "{{ private_key_from_gl.json.value  }}"
+    dest: "/home/{{ newuser }}/.ssh/id-rsa-aws-hk-gigadb.pem"
+    owner: "{{ newuser }}"
+    group: "{{ newuser }}"
+    mode: g-rw,o-rw
+
 - name: Restart systemd sshd service
   command: systemctl restart sshd.service