diff options
Diffstat (limited to 'roles/gitea/tasks')
-rw-r--r-- | roles/gitea/tasks/main.yml | 36 | ||||
-rw-r--r-- | roles/gitea/tasks/secrets.yml | 24 |
2 files changed, 45 insertions, 15 deletions
diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml index e87d956..10610cc 100644 --- a/roles/gitea/tasks/main.yml +++ b/roles/gitea/tasks/main.yml @@ -37,6 +37,27 @@ state: directory become: yes +- name: Create secrets if needed + include_tasks: secrets.yml + +- name: Read secret Key + slurp: + src: /etc/gitea/secret_key + become: yes + register: sec_key + +- name: Read internal token + slurp: + src: /etc/gitea/internal_token + become: yes + register: int_tok + +- name: Read JWT Secret + slurp: + src: /etc/gitea/jwt_secret + become: yes + register: jwt_sec + - name: pull sha256sum uri: url: 'https://dl.gitea.com/gitea/{{ gitea.version.ver }}/gitea-{{ gitea.version.ver }}-linux-amd64.sha256' @@ -61,21 +82,6 @@ when: - (not gitea_bin_stat.stat.exists) or (gitea_bin_stat.stat.checksum != gitea_sha256) -- name: Check if initial setup is needed - include_tasks: secrets.yml - -- name: Read secret Key - slurp: - src: /etc/gitea/secret_key - become: yes - register: sec_key - -- name: Read secret Key - slurp: - src: /etc/gitea/internal_token - become: yes - register: int_tok - - name: Install gitea config file template: src: app.ini.j2 diff --git a/roles/gitea/tasks/secrets.yml b/roles/gitea/tasks/secrets.yml index cde4dd8..a5da3bb 100644 --- a/roles/gitea/tasks/secrets.yml +++ b/roles/gitea/tasks/secrets.yml @@ -1,4 +1,6 @@ --- +# Secret Key + - name: Generate SECRET_KEY command: cmd: gitea generate secret SECRET_KEY @@ -17,6 +19,8 @@ become: yes when: gen_sec_key.changed +# Internale Token + - name: Generate INTERNAL_TOKEN command: cmd: gitea generate secret INTERNAL_TOKEN @@ -34,3 +38,23 @@ mode: '640' become: yes when: gen_int_tok.changed + +# JWT + +- name: Generate JWT_SECRET + command: + cmd: gitea generate secret INTERNAL_TOKEN + creates: /etc/gitea/jwt_secret + become_user: git + become: yes + register: gen_jwt_sec + +- name: Save JWT_SECRET + copy: + content: '{{ gen_jwt_sec.stdout }}' + dest: /etc/gitea/jwt_secret + owner: root + group: git + mode: '640' + become: yes + when: gen_jwt_sec.changed |