From baa0024b41309f674b360e1f3570d07b1c0f3883 Mon Sep 17 00:00:00 2001
From: nazunalika <tucklesepk@gmail.com>
Date: Thu, 3 Mar 2022 22:59:35 -0700
Subject: [PATCH] Update bools, add vars, prep for cert issues

---
 role-gitea.yml                  |  5 +++++
 roles/roles.yml                 |  6 ++++++
 tasks/gitea/install.yml         |  6 +++---
 templates/config/tea/config.yml |  8 ++++++++
 vars/common.yml                 | 14 ++++++++++++++
 5 files changed, 36 insertions(+), 3 deletions(-)
 create mode 100644 roles/roles.yml
 create mode 100644 templates/config/tea/config.yml

diff --git a/role-gitea.yml b/role-gitea.yml
index 955aa55..c199d51 100644
--- a/role-gitea.yml
+++ b/role-gitea.yml
@@ -24,6 +24,11 @@
       check_mode: false
       changed_when: "1 != 1"
 
+  roles:
+    - role: rockylinux.ipagetcert
+      state: present
+      when: gitea_web_config_certs|bool
+
   tasks:
     - name: Install and Configure Gitea
       import_tasks: "tasks/gitea.yml"
diff --git a/roles/roles.yml b/roles/roles.yml
new file mode 100644
index 0000000..fe0c933
--- /dev/null
+++ b/roles/roles.yml
@@ -0,0 +1,6 @@
+---
+roles:
+  - name: rockylinux.ipagetcert
+    src: https://github.com/rocky-linux/ansible-role-ipa-getcert
+    version: main
+...
diff --git a/tasks/gitea/install.yml b/tasks/gitea/install.yml
index e23a259..0fb1d5f 100644
--- a/tasks/gitea/install.yml
+++ b/tasks/gitea/install.yml
@@ -12,7 +12,7 @@
     state: present
   when:
     - gitea_web_install == "httpd"
-    - gitea_web_config
+    - gitea_web_config|bool
 
 - name: "Installing nginx package and configuration"
   dnf:
@@ -20,7 +20,7 @@
     state: present
   when:
     - gitea_web_install == "nginx"
-    - gitea_web_config
+    - gitea_web_config|bool
 
 - name: "Installing caddy package and configuration"
   dnf:
@@ -28,7 +28,7 @@
     state: present
   when:
     - gitea_web_install == "caddy"
-    - gitea_web_config
+    - gitea_web_config|bool
 
 # Setup CSS Themes
 - name:
diff --git a/templates/config/tea/config.yml b/templates/config/tea/config.yml
new file mode 100644
index 0000000..d68175c
--- /dev/null
+++ b/templates/config/tea/config.yml
@@ -0,0 +1,8 @@
+logins:
+- name: "{{ gitea_basename }}"
+  url: "https://{{ gitea_basename }}"
+  token: "{{ gitea_token }}"
+  default: true
+  insecure: false
+  user: "{{ gitea_automation_user }}"
+  created: 1644820631
diff --git a/vars/common.yml b/vars/common.yml
index 4d14073..a897bf4 100644
--- a/vars/common.yml
+++ b/vars/common.yml
@@ -1,5 +1,19 @@
 ---
 gitea_web_install: "httpd"
+gitea_web_username: "{% if gitea_web_install == 'httpd' %}apache{% else %}{{ gitea_web_install }}{% endif %}"
 gitea_web_config: "true"
+gitea_web_config_certs: "false"
 gitea_themes: "auto,gitea,arc-green,gitea-blue,gitea-modern,carbonred,darkred,pitchblack"
+gitea_basename: "git.resf.org"
+gitea_automation_user: "rockyautomation"
+
+# Certs issued by FreeIPA Only
+ipa_getcert_requested_hostnames:
+  - name: "{{ ansible_fqdn }}"
+    owner: "{{ gitea_web_username }}"
+    key_location: "/etc/pki/tls/private/{{ gitea_basename }}.key"
+    cert_location: "/etc/pki/tls/certs/{{ gitea_basename }}.crt"
+    postcmd: "/bin/systemctl reload httpd"
+    cnames:
+      - "{{ gitea_basename }}"
 ...