Dustin C. Hatch
f368938550
Newer versions of Gitea need a JWT secret for Oauth2. Gitea will attempt to generate one at startup if it is not already specified in the configuration file, but this will fail since the file is not writable by the user running the service. As such, it must be set via configuration policy.
41 lines
797 B
YAML
41 lines
797 B
YAML
- name: load gitea secrets
|
|
include_vars: vault/gitea
|
|
|
|
- name: ensure gitea is installed
|
|
package:
|
|
name=gitea
|
|
state=present
|
|
tags:
|
|
- install
|
|
|
|
- name: ensure gitea is configured
|
|
template:
|
|
src=app.ini.j2
|
|
dest=/etc/gitea/app.ini
|
|
mode=0640
|
|
owner=root
|
|
group=gitea
|
|
notify: restart gitea
|
|
|
|
- meta: flush_handlers
|
|
- name: ensure gitea is running
|
|
service:
|
|
name=gitea
|
|
state=started
|
|
- name: ensure gitea starts at boot
|
|
service:
|
|
name=gitea
|
|
enabled=yes
|
|
|
|
- name: ensure apache is configured to proxy for gitea
|
|
copy:
|
|
src=gitea.httpd.conf
|
|
dest=/etc/httpd/conf.d/gitea.conf
|
|
mode=0644
|
|
notify: reload httpd
|
|
- name: ensure selinux allows apache to proxy for gitea
|
|
seboolean:
|
|
name=httpd_can_network_connect
|
|
persistent=yes
|
|
state=yes
|