1
1
Fork 0
mirror of https://github.com/roles-ansible/ansible_role_gitea.git synced 2024-08-16 11:39:50 +02:00
ansible_role_gitea/tasks/jwt_secrets.yml
L3D 9cd664d91f
autogenerate JWT_SECRETS (#77)
* autogenerate JWT_SECRETS

Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.

The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.

* drop ansible.builtin. syntax
2021-02-10 19:04:13 +00:00

38 lines
1.2 KiB
YAML

---
- name: generate OAuth2 JWT_SECRET if not provided
become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_oauth_jwt_secret'
args:
creates: '/etc/gitea/gitea_oauth_jwt_secret'
when: gitea_oauth2_jwt_secret | length == 0
- name: read OAuth2 JWT_SECRET from file
become: true
slurp:
src: '/etc/gitea/gitea_oauth_jwt_secret'
register: oauth_jwt_secret
when: gitea_oauth2_jwt_secret | length == 0
- name: set fact gitea_oauth2_jwt_secret
set_fact:
gitea_oauth2_jwt_secret: "{{ oauth_jwt_secret['content'] | b64decode }}"
when: gitea_oauth2_jwt_secret | length == 0
- name: generate LFS JWT_SECRET if not provided
become: true
shell: 'umask 077; /usr/local/bin/gitea generate secret JWT_SECRET > /etc/gitea/gitea_lfs_jwt_secret'
args:
creates: '/etc/gitea/gitea_lfs_jwt_secret'
when: gitea_lfs_jwt_secret | length == 0
- name: read LFS JWT_SECRET from file
become: true
slurp:
src: '/etc/gitea/gitea_lfs_jwt_secret'
register: lfs_jwt_secret
when: gitea_lfs_jwt_secret | length == 0
- name: set fact gitea_lfs_jwt_secret
set_fact:
gitea_lfs_jwt_secret: "{{ lfs_jwt_secret['content'] | b64decode }}"
when: gitea_lfs_jwt_secret | length == 0