Merge pull request #162 from roles-ansible/deluser

add ability to delete local git user

README.md

@@ -378,6 +378,17 @@ As this will only deploy config files, fail2ban already has to be installed or o
 | `gitea_fail2ban_jail_bantime` | `900` | fail2ban jail `bantime` setting. |
 | `gitea_fail2ban_jail_action` | `iptables-allports` | fail2ban jail `action` setting. |
 
+### local gitea Users
+| variable | option | description |
+| -------- | ------ | ----------- |
+| ``gitea_users`` | | dict to create local gitea or forgejo users |
+| | ``name`` | name for local gitea/forgejo user |
+| | ``password`` | user for local git user |
+| | ``email`` | email for local git user |
+| | ``admin`` | give user admin permissions |
+| | ``must_change_password`` | user should change password after first login |
+| | ``state`` | set to ``absent`` to delete user |
+
 ### optional customisation
 You can optionally customize your gitea using this ansible role. We got our information about customisation from [docs.gitea.io/en-us/customizing-gitea](https://docs.gitea.io/en-us/customizing-gitea/).
 To deploy multiple files we created the ``gitea_custom_search`` variable, that can point to the path where you put the custom gitea files *( default ``"files/host_files/{{ inventory_hostname }}/gitea"``)*.

defaults/main.yml

@@ -33,6 +33,7 @@ gitea_users: []
 #    email: "johndoe@example.com"
 #    admin: false
 #    must_change_password: true
+#    state: present
 
 # Overall (DEFAULT)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default

tasks/directory.yml

@@ -1,4 +1,24 @@
 ---
+- name: "Create config and data directory"
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ gitea_user }}"
+    group: "{{ gitea_group }}"
+    mode: "u=rwX,g=rX"
+    recurse: true
+  loop:
+    - "{{ gitea_user_home }}"
+    - "{{ gitea_home }}"
+    - "{{ gitea_home }}/data"
+    - "{{ gitea_custom }}"
+    - "{{ gitea_custom }}/https"
+    - "{{ gitea_custom }}/mailer"
+    - "{{ gitea_home }}/indexers"
+    - "{{ gitea_home }}/log"
+    - "{{ gitea_repository_root }}"
+
 - name: "Create config and data directory"
   become: true
   ansible.builtin.file:
@@ -10,12 +30,3 @@
     recurse: true
   loop:
     - "{{ gitea_configuration_path }}"
-    - "{{ gitea_user_home }}"
-    - "{{ gitea_home }}"
-    - "{{ gitea_home }}/data"
-    - "{{ gitea_custom }}"
-    - "{{ gitea_custom }}/https"
-    - "{{ gitea_custom }}/mailer"
-    - "{{ gitea_home }}/indexers"
-    - "{{ gitea_home }}/log"
-    - "{{ gitea_repository_root }}"

tasks/local_git_users.yml

@@ -18,5 +18,19 @@
     - '"successfully created" not in _gitearesult.stdout'
   changed_when:
     - '"successfully created!" in _gitearesult.stdout'
-  when: "_giteausers is defined and item.name not in _giteausers.stdout"
+  when: "_giteausers is defined and item.name not in _giteausers.stdout and item.state | default('present') == 'present'"
+  loop: "{{ gitea_users }}"
+
+- name: Use gitea cli to delete user
+  become: true
+  ansible.builtin.command: |
+    su - {{ gitea_user }} -c \
+    '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini \
+    admin user delete --username "{{ item.name }}"'
+  register: _giteadelresult
+  failed_when:
+    - '"error" in _giteadelresult.stdout'
+  changed_when:
+    "_giteausers is defined and item.name in _giteausers.stdout"
+  when: "_giteausers is defined and item.name in _giteausers.stdout and item.state | default('present') == 'absent'"
   loop: "{{ gitea_users }}"

vars/main.yml

@@ -63,5 +63,5 @@ transfer_custom_footer:
     - 'files/gitea_footer/extra_links_footer.tmpl'
     - 'files/extra_links_footer.tmpl'
 
-playbook_version_number: 58
+playbook_version_number: 59
 playbook_version_path: 'do1jlr.gitea.version'