From dce1b80da13f9fd7997243e84f1e26a0bc55a16a Mon Sep 17 00:00:00 2001
From: Nikita Iryupin <nikita.iryupin@scalesoft.cz>
Date: Mon, 22 Aug 2022 13:33:20 +0200
Subject: [PATCH] Added gitea_user_home, gitea_executable_path and
 gitea_configuration_path for gitea role

---
 defaults/main.yml          |  3 +++
 tasks/backup.yml           |  2 +-
 tasks/configure.yml        |  2 +-
 tasks/create_user.yml      |  2 +-
 tasks/directory.yml        |  3 ++-
 tasks/gitea_secrets.yml    | 12 ++++++------
 tasks/install.yml          |  2 +-
 tasks/jwt_secrets.yml      | 12 ++++++------
 tasks/set_version.yml      |  2 +-
 templates/gitea.service.j2 |  2 +-
 10 files changed, 23 insertions(+), 19 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 50a8078..9a8fcda 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -13,6 +13,9 @@ submodules_versioncheck: false
 gitea_group: 'gitea'
 # gitea_groups: []  # Optional a list of groups user gitea will be added to
 gitea_home: '/var/lib/gitea'
+gitea_user_home: /home/gitea
+gitea_executable_path: '/usr/local/bin/gitea'
+gitea_configuraion_path: '/etc/gitea'
 gitea_shell: '/bin/false'
 gitea_systemd_cap_net_bind_service: false
 
diff --git a/tasks/backup.yml b/tasks/backup.yml
index b8fb7bf..9d6f6e8 100644
--- a/tasks/backup.yml
+++ b/tasks/backup.yml
@@ -25,7 +25,7 @@
     - name: Backing up gitea before upgrade
       become: true
       ansible.builtin.command:
-        cmd: "sudo -u {{ gitea_user }} /usr/local/bin/gitea dump -c /etc/gitea/gitea.ini"
+        cmd: "sudo -u {{ gitea_user }} {{ gitea_executable_path }} dump -c {{ gitea_configuraion_path }}/gitea.ini"
         chdir: "{{ gitea_backup_location }}"
       changed_when: true
   rescue:
diff --git a/tasks/configure.yml b/tasks/configure.yml
index ae86a3e..cf57dcf 100644
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@@ -3,7 +3,7 @@
   become: true
   ansible.builtin.template:
     src: gitea.ini.j2
-    dest: /etc/gitea/gitea.ini
+    dest: "{{ gitea_configuraion_path }}/gitea.ini"
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: 0600
diff --git a/tasks/create_user.yml b/tasks/create_user.yml
index 91bf3d0..3f2aa38 100644
--- a/tasks/create_user.yml
+++ b/tasks/create_user.yml
@@ -18,6 +18,6 @@
     comment: "Gitea user"
     group: "{{ gitea_group }}"
     groups: "{{ gitea_groups | default(omit) }}"
-    home: "{{ gitea_home }}"
+    home: "{{ gitea_user_home }}"
     shell: "{{ gitea_shell }}"
     system: true
diff --git a/tasks/directory.yml b/tasks/directory.yml
index 6d4b291..f89f70d 100644
--- a/tasks/directory.yml
+++ b/tasks/directory.yml
@@ -8,7 +8,8 @@
     group: "{{ gitea_group }}"
     mode: 'u=rwX,g=rX,o='
   with_items:
-    - "/etc/gitea"
+    - "{{ gitea_configuraion_path }}"
+    - "{{ gitea_user_home }}"
     - "{{ gitea_home }}"
     - "{{ gitea_home }}/data"
     - "{{ gitea_custom }}"
diff --git a/tasks/gitea_secrets.yml b/tasks/gitea_secrets.yml
index 916e466..f2ae535 100644
--- a/tasks/gitea_secrets.yml
+++ b/tasks/gitea_secrets.yml
@@ -1,15 +1,15 @@
 ---
 - name: generate gitea SECRET_KEY if not provided
   become: true
-  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret SECRET_KEY > /etc/gitea/gitea_secret_key'
+  ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret SECRET_KEY > {{ gitea_configuraion_path }}/gitea_secret_key'
   args:
-    creates: '/etc/gitea/gitea_secret_key'
+    creates: '{{ gitea_configuraion_path }}/gitea_secret_key'
   when: gitea_secret_key | string | length == 0
 
 - name: read gitea SECRET_KEY from file
   become: true
   ansible.builtin.slurp:
-    src: '/etc/gitea/gitea_secret_key'
+    src: '{{ gitea_configuraion_path }}/gitea_secret_key'
   register: remote_secret_key
   when: gitea_secret_key | string | length == 0
 
@@ -20,15 +20,15 @@
 
 - name: generate gitea INTERNAL_TOKEN if not provided
   become: true
-  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret INTERNAL_TOKEN > /etc/gitea/gitea_internal_token'
+  ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret INTERNAL_TOKEN > {{ gitea_configuraion_path }}/gitea_internal_token'
   args:
-    creates: '/etc/gitea/gitea_internal_token'
+    creates: '{{ gitea_configuraion_path }}/gitea_internal_token'
   when: gitea_internal_token | string | length == 0
 
 - name: read gitea INTERNAL_TOKEN from file
   become: true
   ansible.builtin.slurp:
-    src: '/etc/gitea/gitea_internal_token'
+    src: '{{ gitea_configuraion_path }}/gitea_internal_token'
   register: remote_internal_token
   when: gitea_internal_token | string | length == 0
 
diff --git a/tasks/install.yml b/tasks/install.yml
index 37c1f21..9c7cc96 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -70,7 +70,7 @@
       ansible.builtin.copy:
         src: "/tmp/{{ gitea_filename }}"
         remote_src: true
-        dest: "/usr/local/bin/gitea"
+        dest: "{{ gitea_executable_path }}"
         mode: 0755
         owner: root
         group: root
diff --git a/tasks/jwt_secrets.yml b/tasks/jwt_secrets.yml
index 3ce8ba5..8a6eed7 100644
--- a/tasks/jwt_secrets.yml
+++ b/tasks/jwt_secrets.yml
@@ -1,15 +1,15 @@
 ---
 - name: generate OAuth2 JWT_SECRET if not provided
   become: true
-  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_oauth_jwt_secret'
+  ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
   args:
-    creates: '/etc/gitea/gitea_oauth_jwt_secret'
+    creates: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
   when: gitea_oauth2_jwt_secret | length == 0
 
 - name: read OAuth2 JWT_SECRET from file
   become: true
   ansible.builtin.slurp:
-    src: '/etc/gitea/gitea_oauth_jwt_secret'
+    src: '{{ gitea_configuraion_path }}/gitea_oauth_jwt_secret'
   register: oauth_jwt_secret
   when: gitea_oauth2_jwt_secret | length == 0
 
@@ -20,15 +20,15 @@
 
 - name: generate LFS JWT_SECRET if not provided
   become: true
-  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_lfs_jwt_secret'
+  ansible.builtin.shell: 'umask 077; {{ gitea_executable_path }} generate secret JWT_SECRET > {{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
   args:
-    creates: '/etc/gitea/gitea_lfs_jwt_secret'
+    creates: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
   when: gitea_lfs_jwt_secret | length == 0
 
 - name: read LFS JWT_SECRET from file
   become: true
   ansible.builtin.slurp:
-    src: '/etc/gitea/gitea_lfs_jwt_secret'
+    src: '{{ gitea_configuraion_path }}/gitea_lfs_jwt_secret'
   register: lfs_jwt_secret
   when: gitea_lfs_jwt_secret | length == 0
 
diff --git a/tasks/set_version.yml b/tasks/set_version.yml
index 20810cb..cf65a99 100644
--- a/tasks/set_version.yml
+++ b/tasks/set_version.yml
@@ -1,6 +1,6 @@
 ---
 - name: "Check gitea installed version"
-  ansible.builtin.shell: "set -eo pipefail; /usr/local/bin/gitea -v | cut -d' ' -f 3"
+  ansible.builtin.shell: "set -eo pipefail; {{ gitea_executable_path }} -v | cut -d' ' -f 3"
   args:
     executable: /bin/bash
   register: gitea_active_version
diff --git a/templates/gitea.service.j2 b/templates/gitea.service.j2
index ebdf810..a14a422 100644
--- a/templates/gitea.service.j2
+++ b/templates/gitea.service.j2
@@ -5,7 +5,7 @@ After=network.target
 [Service]
 User={{ gitea_user }}
 Group={{ gitea_group }}
-ExecStart=/usr/local/bin/gitea web -c /etc/gitea/gitea.ini --custom-path {{ gitea_custom }}/
+ExecStart={{ gitea_executable_path }} web -c {{ gitea_configuraion_path }}/gitea.ini --custom-path {{ gitea_custom }}/
 Restart=on-failure
 WorkingDirectory={{ gitea_home }}
 {% if gitea_systemd_cap_net_bind_service %}