diff --git a/roles/gitea/tasks/main.yml b/roles/gitea/tasks/main.yml
index 2be10df..b0bf9a9 100644
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@@ -33,3 +33,8 @@
     dest=/etc/httpd/conf.d/gitea.conf
     mode=0644
   notify: reload httpd
+- name: ensure selinux allows apache to proxy for gitea
+  seboolean:
+    name=httpd_can_network_connect
+    persistent=yes
+    state=yes
diff --git a/roles/gitea/templates/app.ini.j2 b/roles/gitea/templates/app.ini.j2
index b02d63c..d1bdfa6 100644
--- a/roles/gitea/templates/app.ini.j2
+++ b/roles/gitea/templates/app.ini.j2
@@ -61,3 +61,6 @@ PROVIDER = file
 MODE      = file
 LEVEL     = Info
 ROOT_PATH = /var/log/gitea
+
+[oauth2]
+JWT_SECRET = {{ gitea_oauth2_jwt_secret }}
diff --git a/vault/gitea b/vault/gitea
index 4d9d6f9..18540dd 100644
--- a/vault/gitea
+++ b/vault/gitea
@@ -1,17 +1,21 @@
 $ANSIBLE_VAULT;1.1;AES256
-65336336376166313934326331326135343931653939636261356665626364323033323063353639
-3538653963373838623139643331383339383533353337650a323262346464643732353162623533
-64613062373063643861363762616635346436633532623135353065623537373564613734313039
-3132353933303333300a366565333131326464333863353639303434316361663735326562623233
-64323833666333666635383435323364376430633635666437623138306535666434373238313165
-30333763616137643665383835393933643638383362343134376264663532306330373632363739
-38616631376438323165383761626235346630653861383039386261643665383234663432363762
-38666163633136383434313938323065323838626235316362643432386465613664356334396161
-32633161383731343363383339663831343438323338646238343061373530366464313235316236
-30313530326264376564633965656135333635666164383434643930306331346333363532386561
-30643464383435393931363631613633613262656531663666613639616637316533643731663239
-37346331666162633961313939396634353332373937326338316365303362333131363838323164
-61356633396662623635366565393134616562383261653562373038666131666433313732346233
-65616663626639623433616136666661303166313463393562343365663032613733303161336339
-65353538363637666562323438616233623735643363323334356161666135643637323231363533
-32323538646433353034
+32653538383862343639643264643761633639613631313831643431313230356330303433393238
+3435663131616166663066363365663233336630646432350a366339633934636230353865346630
+35336562653765666136313865623237366162656261646562343263353134333236323665386632
+3565653966306663370a376439633362373863636538666266316637643130356539366336393564
+33316538613030383735383262393638333666623233393463623537396431663738323839306466
+65393038366630656533636139376639393766333837613963613230653731386665633663326261
+32343736343662363836613763646264383364653333323838366638666339386139373130613733
+36663238393131613135633335646266666231656230303835353262386234633130633731373537
+34313836393732643239386364376235356636626632383935313263623539323432656637353833
+37363037663762646434313264646235386434336437626233376137663062626231323337633565
+64653964626264613334306330383364326537643862376262393331346665393135336130353361
+37376431633266343433366438623365346536613433393935613665376332313532646232313665
+34393564656236313132303838626564383939666233613338616462333933646337393665333137
+61613063353436313761303838353032663439323563396266373133323861326438663732333961
+64343131643032663435613532306634633331616135656537303063626339326631623063626665
+62383738396139633932376162656335663136373738623134346539366663323931333534653766
+33323263306561316232323335383562343930656236306330343466373933633364396637366639
+35373164316539636230316663386536633934303065643237376635623863316466633065643937
+33386164373165353236303162353535343036376133393162313962623437383063396434656433
+31326430646263353363