Create local users in gitea/forgejo

+ Creating local users
+ modify file permissions
Inspired by https://github.com/roles-ansible/ansible_role_gitea/issues/155

defaults/main.yml

@@ -25,6 +25,15 @@ gitea_configuration_path: '/etc/gitea'
 gitea_shell: '/bin/false'
 gitea_systemd_cap_net_bind_service: false
 
+# optional users on gitea instance
+gitea_users: []
+# example of entry
+#  - name: johndoe
+#    password: verysecret
+#    email: "johndoe@example.com"
+#    admin: false
+#    must_change_password: true
+
 # Overall (DEFAULT)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default
 gitea_app_name: 'Gitea'

tasks/configure.yml

@@ -14,7 +14,7 @@
     dest: "{{ gitea_configuration_path }}/gitea.ini"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: 0600
+    mode: '0640'
   notify: "Restart gitea"
 
 - name: "Service gitea"

tasks/customize_footer.yml

@@ -18,7 +18,7 @@
     dest: "{{ gitea_custom }}/templates/custom/extra_links_footer.tmpl"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: '0644'
+    mode: '0640'
   failed_when: false
   tags: skip_ansible_lint
   notify: "Restart gitea"

tasks/customize_logo.yml

@@ -19,7 +19,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/logo.svg"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -30,7 +30,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/logo.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -41,7 +41,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/favicon.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -52,6 +52,6 @@
     dest: "{{ gitea_custom }}/public/assets/img/apple-touch-icon.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false

tasks/local_git_users.yml

@@ -0,0 +1,22 @@
+---
+- name: Identify gitea users
+  ansible.builtin.command: su - {{ gitea_user }} -c '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini admin user list'
+  become: true
+  register: _giteusers
+  changed_when: false
+
+- name: Use gitea cli to create user
+  become: true
+  ansible.builtin.command: |
+    su - {{ gitea_user }} -c
+    '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini
+    admin user create --username "{{ item.name }}"
+    --password "{{ item.password }}" --email "{{ item.email }}"
+    --must-change-password={{ item.must_change_password }} --admin={{ item.admin }}'
+  register: _gitearesult
+  failed_when:
+    - '"successfully created" not in gitearesult.stdout'
+  changed_when:
+    - '"successfully created!" in gitearesult.stdout'
+  when: "_giteusers is defined and item.name in _giteusers"
+  loop: "{{ gitea_users }}"

tasks/main.yml

@@ -79,3 +79,8 @@
   ansible.builtin.include_tasks:
     file: "customize_public_files.yml"
   when: gitea_customize_files | bool or gitea_custom_themes is defined
+
+- name: Optionally create local Users on git instance
+  ansible.builtin.include_tasks:
+    file: 'local_git_users.yml'
+  when: gitea_users | length > 0

vars/main.yml

@@ -63,5 +63,5 @@ transfer_custom_footer:
     - 'files/gitea_footer/extra_links_footer.tmpl'
     - 'files/extra_links_footer.tmpl'
 
-playbook_version_number: 57
+playbook_version_number: 58
 playbook_version_path: 'do1jlr.gitea.version'