---
- name: generate gitea SECRET_KEY if not provided
  become: true
  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret SECRET_KEY > /etc/gitea/gitea_secret_key'
  args:
    creates: '/etc/gitea/gitea_secret_key'
  when: gitea_secret_key | string | length == 0

- name: read gitea SECRET_KEY from file
  become: true
  ansible.builtin.slurp:
    src: '/etc/gitea/gitea_secret_key'
  register: remote_secret_key
  when: gitea_secret_key | string | length == 0

- name: set fact gitea_secret_key
  ansible.builtin.set_fact:
    gitea_secret_key: "{{ remote_secret_key['content'] | b64decode }}"
  when: gitea_secret_key | string |  length == 0

- name: generate gitea INTERNAL_TOKEN if not provided
  become: true
  ansible.builtin.shell: 'umask 077; /usr/local/bin/gitea generate secret INTERNAL_TOKEN > /etc/gitea/gitea_internal_token'
  args:
    creates: '/etc/gitea/gitea_internal_token'
  when: gitea_internal_token | string | length == 0

- name: read gitea INTERNAL_TOKEN from file
  become: true
  ansible.builtin.slurp:
    src: '/etc/gitea/gitea_internal_token'
  register: remote_internal_token
  when: gitea_internal_token | string | length == 0

- name: set fact gitea_internal_token
  ansible.builtin.set_fact:
    gitea_internal_token: "{{ remote_internal_token['content'] | b64decode }}"
  when: gitea_internal_token | string | length == 0