Update bools, add vars, prep for cert issues

2022-03-03 22:59:35 -07:00 · 2022-03-03 22:59:35 -07:00 · baa0024b41
commit baa0024b41
parent 763f6183a5
5 changed files with 36 additions and 3 deletions
--- a/role-gitea.yml
+++ b/role-gitea.yml
@ -24,6 +24,11 @@
      check_mode: false
      changed_when: "1 != 1"

+  roles:
+    - role: rockylinux.ipagetcert
+      state: present
+      when: gitea_web_config_certs|bool
+
  tasks:
    - name: Install and Configure Gitea
      import_tasks: "tasks/gitea.yml"
--- a/roles/roles.yml
+++ b/roles/roles.yml
@ -0,0 +1,6 @@
+---
+roles:
+  - name: rockylinux.ipagetcert
+    src: https://github.com/rocky-linux/ansible-role-ipa-getcert
+    version: main
+...
--- a/tasks/gitea/install.yml
+++ b/tasks/gitea/install.yml
@ -12,7 +12,7 @@
    state: present
  when:
    - gitea_web_install == "httpd"
-    - gitea_web_config
+    - gitea_web_config|bool

 - name: "Installing nginx package and configuration"
  dnf:
@ -20,7 +20,7 @@
    state: present
  when:
    - gitea_web_install == "nginx"
-    - gitea_web_config
+    - gitea_web_config|bool

 - name: "Installing caddy package and configuration"
  dnf:
@ -28,7 +28,7 @@
    state: present
  when:
    - gitea_web_install == "caddy"
-    - gitea_web_config
+    - gitea_web_config|bool

 # Setup CSS Themes
 - name:
--- a/templates/config/tea/config.yml
+++ b/templates/config/tea/config.yml
@ -0,0 +1,8 @@
+logins:
+- name: "{{ gitea_basename }}"
+  url: "https://{{ gitea_basename }}"
+  token: "{{ gitea_token }}"
+  default: true
+  insecure: false
+  user: "{{ gitea_automation_user }}"
+  created: 1644820631
--- a/vars/common.yml
+++ b/vars/common.yml
@ -1,5 +1,19 @@
 ---
 gitea_web_install: "httpd"
+gitea_web_username: "{% if gitea_web_install == 'httpd' %}apache{% else %}{{ gitea_web_install }}{% endif %}"
 gitea_web_config: "true"
+gitea_web_config_certs: "false"
 gitea_themes: "auto,gitea,arc-green,gitea-blue,gitea-modern,carbonred,darkred,pitchblack"
+gitea_basename: "git.resf.org"
+gitea_automation_user: "rockyautomation"
+
+# Certs issued by FreeIPA Only
+ipa_getcert_requested_hostnames:
+  - name: "{{ ansible_fqdn }}"
+    owner: "{{ gitea_web_username }}"
+    key_location: "/etc/pki/tls/private/{{ gitea_basename }}.key"
+    cert_location: "/etc/pki/tls/certs/{{ gitea_basename }}.crt"
+    postcmd: "/bin/systemctl reload httpd"
+    cnames:
+      - "{{ gitea_basename }}"
 ...