roles/gitea: Add Oauth2 JWT Secret

Newer versions of Gitea need a JWT secret for Oauth2.  Gitea will
attempt to generate one at startup if it is not already specified in the
configuration file, but this will fail since the file is not writable by
the user running the service.  As such, it must be set via configuration
policy.

roles/gitea/tasks/main.yml

@@ -33,3 +33,8 @@
     dest=/etc/httpd/conf.d/gitea.conf
     mode=0644
   notify: reload httpd
+- name: ensure selinux allows apache to proxy for gitea
+  seboolean:
+    name=httpd_can_network_connect
+    persistent=yes
+    state=yes

roles/gitea/templates/app.ini.j2

@@ -61,3 +61,6 @@ PROVIDER = file
 MODE      = file
 LEVEL     = Info
 ROOT_PATH = /var/log/gitea
+
+[oauth2]
+JWT_SECRET = {{ gitea_oauth2_jwt_secret }}

vault/gitea

@@ -1,17 +1,21 @@
 $ANSIBLE_VAULT;1.1;AES256
-65336336376166313934326331326135343931653939636261356665626364323033323063353639
-3538653963373838623139643331383339383533353337650a323262346464643732353162623533
-64613062373063643861363762616635346436633532623135353065623537373564613734313039
-3132353933303333300a366565333131326464333863353639303434316361663735326562623233
-64323833666333666635383435323364376430633635666437623138306535666434373238313165
-30333763616137643665383835393933643638383362343134376264663532306330373632363739
-38616631376438323165383761626235346630653861383039386261643665383234663432363762
-38666163633136383434313938323065323838626235316362643432386465613664356334396161
-32633161383731343363383339663831343438323338646238343061373530366464313235316236
-30313530326264376564633965656135333635666164383434643930306331346333363532386561
-30643464383435393931363631613633613262656531663666613639616637316533643731663239
-37346331666162633961313939396634353332373937326338316365303362333131363838323164
-61356633396662623635366565393134616562383261653562373038666131666433313732346233
-65616663626639623433616136666661303166313463393562343365663032613733303161336339
-65353538363637666562323438616233623735643363323334356161666135643637323231363533
-32323538646433353034
+32653538383862343639643264643761633639613631313831643431313230356330303433393238
+3435663131616166663066363365663233336630646432350a366339633934636230353865346630
+35336562653765666136313865623237366162656261646562343263353134333236323665386632
+3565653966306663370a376439633362373863636538666266316637643130356539366336393564
+33316538613030383735383262393638333666623233393463623537396431663738323839306466
+65393038366630656533636139376639393766333837613963613230653731386665633663326261
+32343736343662363836613763646264383364653333323838366638666339386139373130613733
+36663238393131613135633335646266666231656230303835353262386234633130633731373537
+34313836393732643239386364376235356636626632383935313263623539323432656637353833
+37363037663762646434313264646235386434336437626233376137663062626231323337633565
+64653964626264613334306330383364326537643862376262393331346665393135336130353361
+37376431633266343433366438623365346536613433393935613665376332313532646232313665
+34393564656236313132303838626564383939666233613338616462333933646337393665333137
+61613063353436313761303838353032663439323563396266373133323861326438663732333961
+64343131643032663435613532306634633331616135656537303063626339326631623063626665
+62383738396139633932376162656335663136373738623134346539366663323931333534653766
+33323263306561316232323335383562343930656236306330343466373933633364396637366639
+35373164316539636230316663386536633934303065643237376635623863316466633065643937
+33386164373165353236303162353535343036376133393162313962623437383063396434656433
+31326430646263353363