From 8de31c4fbb48b49af16ff1e35b16998d219ae743 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Mon, 25 Mar 2024 17:55:37 +0100
Subject: [PATCH] Create local users in gitea/forgejo

+ Creating local users
+ modify file permissions
Inspired by https://github.com/roles-ansible/ansible_role_gitea/issues/155
---
 defaults/main.yml          |  9 +++++++++
 tasks/configure.yml        |  2 +-
 tasks/customize_footer.yml |  2 +-
 tasks/customize_logo.yml   |  8 ++++----
 tasks/local_git_users.yml  | 22 ++++++++++++++++++++++
 tasks/main.yml             |  5 +++++
 vars/main.yml              |  2 +-
 7 files changed, 43 insertions(+), 7 deletions(-)
 create mode 100644 tasks/local_git_users.yml

diff --git a/defaults/main.yml b/defaults/main.yml
index f460e4e..6dab209 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -25,6 +25,15 @@ gitea_configuration_path: '/etc/gitea'
 gitea_shell: '/bin/false'
 gitea_systemd_cap_net_bind_service: false
 
+# optional users on gitea instance
+gitea_users: []
+# example of entry
+#  - name: johndoe
+#    password: verysecret
+#    email: "johndoe@example.com"
+#    admin: false
+#    must_change_password: true
+
 # Overall (DEFAULT)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default
 gitea_app_name: 'Gitea'
diff --git a/tasks/configure.yml b/tasks/configure.yml
index a5f5f30..d04406c 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -14,7 +14,7 @@
     dest: "{{ gitea_configuration_path }}/gitea.ini"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: 0600
+    mode: '0640'
   notify: "Restart gitea"
 
 - name: "Service gitea"
diff --git a/tasks/customize_footer.yml b/tasks/customize_footer.yml
index 1f14080..ccf0478 100644
--- a/tasks/customize_footer.yml
+++ b/tasks/customize_footer.yml
@@ -18,7 +18,7 @@
     dest: "{{ gitea_custom }}/templates/custom/extra_links_footer.tmpl"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: '0644'
+    mode: '0640'
   failed_when: false
   tags: skip_ansible_lint
   notify: "Restart gitea"
diff --git a/tasks/customize_logo.yml b/tasks/customize_logo.yml
index 367a95c..7c3f9ca 100644
--- a/tasks/customize_logo.yml
+++ b/tasks/customize_logo.yml
@@ -19,7 +19,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/logo.svg"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -30,7 +30,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/logo.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -41,7 +41,7 @@
     dest: "{{ gitea_custom }}/public/assets/img/favicon.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
 
@@ -52,6 +52,6 @@
     dest: "{{ gitea_custom }}/public/assets/img/apple-touch-icon.png"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
-    mode: "0644"
+    mode: "0640"
   tags: skip_ansible_lint
   failed_when: false
diff --git a/tasks/local_git_users.yml b/tasks/local_git_users.yml
new file mode 100644
index 0000000..c2a3c1d
--- /dev/null
+++ b/tasks/local_git_users.yml
@@ -0,0 +1,22 @@
+---
+- name: Identify gitea users
+  ansible.builtin.command: su - {{ gitea_user }} -c '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini admin user list'
+  become: true
+  register: _giteusers
+  changed_when: false
+
+- name: Use gitea cli to create user
+  become: true
+  ansible.builtin.command: |
+    su - {{ gitea_user }} -c
+    '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini
+    admin user create --username "{{ item.name }}"
+    --password "{{ item.password }}" --email "{{ item.email }}"
+    --must-change-password={{ item.must_change_password }} --admin={{ item.admin }}'
+  register: _gitearesult
+  failed_when:
+    - '"successfully created" not in gitearesult.stdout'
+  changed_when:
+    - '"successfully created!" in gitearesult.stdout'
+  when: "_giteusers is defined and item.name in _giteusers"
+  loop: "{{ gitea_users }}"
diff --git a/tasks/main.yml b/tasks/main.yml
index b8562a9..01f1272 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -79,3 +79,8 @@
   ansible.builtin.include_tasks:
     file: "customize_public_files.yml"
   when: gitea_customize_files | bool or gitea_custom_themes is defined
+
+- name: Optionally create local Users on git instance
+  ansible.builtin.include_tasks:
+    file: 'local_git_users.yml'
+  when: gitea_users | length > 0
diff --git a/vars/main.yml b/vars/main.yml
index 9ea8814..77f92d1 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -63,5 +63,5 @@ transfer_custom_footer:
     - 'files/gitea_footer/extra_links_footer.tmpl'
     - 'files/extra_links_footer.tmpl'
 
-playbook_version_number: 57
+playbook_version_number: 58
 playbook_version_path: 'do1jlr.gitea.version'