aboutsummaryrefslogtreecommitdiff
path: root/roles/gitea/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/gitea/tasks')
-rw-r--r--roles/gitea/tasks/main.yml36
-rw-r--r--roles/gitea/tasks/secrets.yml24
2 files changed, 45 insertions, 15 deletions
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index e87d956..10610cc 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -37,6 +37,27 @@
state: directory
become: yes
+- name: Create secrets if needed
+ include_tasks: secrets.yml
+
+- name: Read secret Key
+ slurp:
+ src: /etc/gitea/secret_key
+ become: yes
+ register: sec_key
+
+- name: Read internal token
+ slurp:
+ src: /etc/gitea/internal_token
+ become: yes
+ register: int_tok
+
+- name: Read JWT Secret
+ slurp:
+ src: /etc/gitea/jwt_secret
+ become: yes
+ register: jwt_sec
+
- name: pull sha256sum
uri:
url: 'https://dl.gitea.com/gitea/{{ gitea.version.ver }}/gitea-{{ gitea.version.ver }}-linux-amd64.sha256'
@@ -61,21 +82,6 @@
when:
- (not gitea_bin_stat.stat.exists) or (gitea_bin_stat.stat.checksum != gitea_sha256)
-- name: Check if initial setup is needed
- include_tasks: secrets.yml
-
-- name: Read secret Key
- slurp:
- src: /etc/gitea/secret_key
- become: yes
- register: sec_key
-
-- name: Read secret Key
- slurp:
- src: /etc/gitea/internal_token
- become: yes
- register: int_tok
-
- name: Install gitea config file
template:
src: app.ini.j2
diff --git a/roles/gitea/tasks/secrets.yml b/roles/gitea/tasks/secrets.yml
index cde4dd8..a5da3bb 100644
--- a/roles/gitea/tasks/secrets.yml
+++ b/roles/gitea/tasks/secrets.yml
@@ -1,4 +1,6 @@
---
+# Secret Key
+
- name: Generate SECRET_KEY
command:
cmd: gitea generate secret SECRET_KEY
@@ -17,6 +19,8 @@
become: yes
when: gen_sec_key.changed
+# Internale Token
+
- name: Generate INTERNAL_TOKEN
command:
cmd: gitea generate secret INTERNAL_TOKEN
@@ -34,3 +38,23 @@
mode: '640'
become: yes
when: gen_int_tok.changed
+
+# JWT
+
+- name: Generate JWT_SECRET
+ command:
+ cmd: gitea generate secret INTERNAL_TOKEN
+ creates: /etc/gitea/jwt_secret
+ become_user: git
+ become: yes
+ register: gen_jwt_sec
+
+- name: Save JWT_SECRET
+ copy:
+ content: '{{ gen_jwt_sec.stdout }}'
+ dest: /etc/gitea/jwt_secret
+ owner: root
+ group: git
+ mode: '640'
+ become: yes
+ when: gen_jwt_sec.changed