---
- name: Generate OAuth2 JWT_SECRET if not provided
  become: true
  ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuration_path }}/gitea_oauth_jwt_secret'
  args:
    creates: '{{ gitea_configuration_path }}/gitea_oauth_jwt_secret'
  when: gitea_oauth2_jwt_secret | length == 0

- name: Read OAuth2 JWT_SECRET from file
  become: true
  ansible.builtin.slurp:
    src: '{{ gitea_configuration_path }}/gitea_oauth_jwt_secret'
  register: oauth_jwt_secret
  when: gitea_oauth2_jwt_secret | length == 0

- name: Set fact gitea_oauth2_jwt_secret
  ansible.builtin.set_fact:
    gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
  when: gitea_oauth2_jwt_secret | length == 0

- name: Generate LFS JWT_SECRET if not provided
  become: true
  ansible.builtin.shell: 'umask 077; {{ gitea_full_executable_path }} generate secret JWT_SECRET > {{ gitea_configuration_path }}/gitea_lfs_jwt_secret'
  args:
    creates: '{{ gitea_configuration_path }}/gitea_lfs_jwt_secret'
  when: gitea_lfs_jwt_secret | length == 0

- name: Read LFS JWT_SECRET from file
  become: true
  ansible.builtin.slurp:
    src: '{{ gitea_configuration_path }}/gitea_lfs_jwt_secret'
  register: lfs_jwt_secret
  when: gitea_lfs_jwt_secret | length == 0

- name: Set fact gitea_lfs_jwt_secret
  ansible.builtin.set_fact:
    gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
  when: gitea_lfs_jwt_secret | length == 0