From 8de31c4fbb48b49af16ff1e35b16998d219ae743 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 25 Mar 2024 17:55:37 +0100 Subject: [PATCH] Create local users in gitea/forgejo + Creating local users + modify file permissions Inspired by https://github.com/roles-ansible/ansible_role_gitea/issues/155 --- defaults/main.yml | 9 +++++++++ tasks/configure.yml | 2 +- tasks/customize_footer.yml | 2 +- tasks/customize_logo.yml | 8 ++++---- tasks/local_git_users.yml | 22 ++++++++++++++++++++++ tasks/main.yml | 5 +++++ vars/main.yml | 2 +- 7 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 tasks/local_git_users.yml diff --git a/defaults/main.yml b/defaults/main.yml index f460e4e..6dab209 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,15 @@ gitea_configuration_path: '/etc/gitea' gitea_shell: '/bin/false' gitea_systemd_cap_net_bind_service: false +# optional users on gitea instance +gitea_users: [] +# example of entry +# - name: johndoe +# password: verysecret +# email: "johndoe@example.com" +# admin: false +# must_change_password: true + # Overall (DEFAULT) # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default gitea_app_name: 'Gitea' diff --git a/tasks/configure.yml b/tasks/configure.yml index a5f5f30..d04406c 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -14,7 +14,7 @@ dest: "{{ gitea_configuration_path }}/gitea.ini" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: 0600 + mode: '0640' notify: "Restart gitea" - name: "Service gitea" diff --git a/tasks/customize_footer.yml b/tasks/customize_footer.yml index 1f14080..ccf0478 100644 --- a/tasks/customize_footer.yml +++ b/tasks/customize_footer.yml @@ -18,7 +18,7 @@ dest: "{{ gitea_custom }}/templates/custom/extra_links_footer.tmpl" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: '0644' + mode: '0640' failed_when: false tags: skip_ansible_lint notify: "Restart gitea" diff --git a/tasks/customize_logo.yml b/tasks/customize_logo.yml index 367a95c..7c3f9ca 100644 --- a/tasks/customize_logo.yml +++ b/tasks/customize_logo.yml @@ -19,7 +19,7 @@ dest: "{{ gitea_custom }}/public/assets/img/logo.svg" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: "0644" + mode: "0640" tags: skip_ansible_lint failed_when: false @@ -30,7 +30,7 @@ dest: "{{ gitea_custom }}/public/assets/img/logo.png" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: "0644" + mode: "0640" tags: skip_ansible_lint failed_when: false @@ -41,7 +41,7 @@ dest: "{{ gitea_custom }}/public/assets/img/favicon.png" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: "0644" + mode: "0640" tags: skip_ansible_lint failed_when: false @@ -52,6 +52,6 @@ dest: "{{ gitea_custom }}/public/assets/img/apple-touch-icon.png" owner: "{{ gitea_user }}" group: "{{ gitea_group }}" - mode: "0644" + mode: "0640" tags: skip_ansible_lint failed_when: false diff --git a/tasks/local_git_users.yml b/tasks/local_git_users.yml new file mode 100644 index 0000000..c2a3c1d --- /dev/null +++ b/tasks/local_git_users.yml @@ -0,0 +1,22 @@ +--- +- name: Identify gitea users + ansible.builtin.command: su - {{ gitea_user }} -c '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini admin user list' + become: true + register: _giteusers + changed_when: false + +- name: Use gitea cli to create user + become: true + ansible.builtin.command: | + su - {{ gitea_user }} -c + '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini + admin user create --username "{{ item.name }}" + --password "{{ item.password }}" --email "{{ item.email }}" + --must-change-password={{ item.must_change_password }} --admin={{ item.admin }}' + register: _gitearesult + failed_when: + - '"successfully created" not in gitearesult.stdout' + changed_when: + - '"successfully created!" in gitearesult.stdout' + when: "_giteusers is defined and item.name in _giteusers" + loop: "{{ gitea_users }}" diff --git a/tasks/main.yml b/tasks/main.yml index b8562a9..01f1272 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -79,3 +79,8 @@ ansible.builtin.include_tasks: file: "customize_public_files.yml" when: gitea_customize_files | bool or gitea_custom_themes is defined + +- name: Optionally create local Users on git instance + ansible.builtin.include_tasks: + file: 'local_git_users.yml' + when: gitea_users | length > 0 diff --git a/vars/main.yml b/vars/main.yml index 9ea8814..77f92d1 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -63,5 +63,5 @@ transfer_custom_footer: - 'files/gitea_footer/extra_links_footer.tmpl' - 'files/extra_links_footer.tmpl' -playbook_version_number: 57 +playbook_version_number: 58 playbook_version_path: 'do1jlr.gitea.version'