From 95d696a55a43f38f8aa4bd8a38d448bcc593da76 Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Thu, 4 Jan 2024 22:38:36 +0100
Subject: refactor gitea

---
 roles/gitea/tasks/main.yml    | 36 +++++++++++++++++++++---------------
 roles/gitea/tasks/secrets.yml | 24 ++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 15 deletions(-)

(limited to 'roles/gitea/tasks')

diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index e87d956..10610cc 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -37,6 +37,27 @@
     state: directory
   become: yes
 
+- name: Create secrets if needed
+  include_tasks: secrets.yml
+
+- name: Read secret Key
+  slurp:
+    src: /etc/gitea/secret_key
+  become: yes
+  register: sec_key
+
+- name: Read internal token
+  slurp:
+    src: /etc/gitea/internal_token
+  become: yes
+  register: int_tok
+
+- name: Read JWT Secret
+  slurp:
+    src: /etc/gitea/jwt_secret
+  become: yes
+  register: jwt_sec
+
 - name: pull sha256sum
   uri:
     url: 'https://dl.gitea.com/gitea/{{ gitea.version.ver }}/gitea-{{ gitea.version.ver }}-linux-amd64.sha256'
@@ -61,21 +82,6 @@
   when:
     - (not gitea_bin_stat.stat.exists) or (gitea_bin_stat.stat.checksum != gitea_sha256)
 
-- name: Check if initial setup is needed
-  include_tasks: secrets.yml
-
-- name: Read secret Key
-  slurp:
-    src: /etc/gitea/secret_key
-  become: yes
-  register: sec_key
-
-- name: Read secret Key
-  slurp:
-    src: /etc/gitea/internal_token
-  become: yes
-  register: int_tok
-
 - name: Install gitea config file
   template:
     src: app.ini.j2
diff --git a/roles/gitea/tasks/secrets.yml b/roles/gitea/tasks/secrets.yml
index cde4dd8..a5da3bb 100644
--- a/roles/gitea/tasks/secrets.yml
+++ b/roles/gitea/tasks/secrets.yml
@@ -1,4 +1,6 @@
 ---
+# Secret Key
+
 - name: Generate SECRET_KEY
   command:
     cmd: gitea generate secret SECRET_KEY
@@ -17,6 +19,8 @@
   become: yes
   when: gen_sec_key.changed
 
+# Internale Token
+
 - name: Generate INTERNAL_TOKEN
   command:
     cmd: gitea generate secret INTERNAL_TOKEN
@@ -34,3 +38,23 @@
     mode: '640'
   become: yes
   when: gen_int_tok.changed
+
+# JWT
+
+- name: Generate JWT_SECRET
+  command:
+    cmd: gitea generate secret INTERNAL_TOKEN
+    creates: /etc/gitea/jwt_secret
+  become_user: git
+  become: yes
+  register: gen_jwt_sec
+
+- name: Save JWT_SECRET
+  copy:
+    content: '{{ gen_jwt_sec.stdout }}'
+    dest: /etc/gitea/jwt_secret
+    owner: root
+    group: git
+    mode: '640'
+  become: yes
+  when: gen_jwt_sec.changed
-- 
cgit v1.2.3