---
- name: ensure gitea user exists
  become: true
  ansible.builtin.user:
    comment: gitea user
    home: /var/lib/gitea
    create_home: false
    group: git
    name: git
    state: present
    system: true

- name: install gitea binary
  become: true
  ansible.builtin.get_url:
    backup: true
    checksum: "sha256:https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64.sha256"
    decompress: false
    dest: /usr/local/bin/gitea
    mode: '755'
    url: https://dl.gitea.com/gitea/1.22.2/gitea-1.22.2-linux-amd64
    state: present

- name: ensure gitea paths exist
  become: true
  ansible.builtin.file:
    group: git
    owner: git
    mode: '750'
    path: '{{ item }}'
    state: directory
  loop:
    - /var/lib/gitea
    - /var/lib/gitea/custom
    - /var/lib/gitea/data
    - /var/lib/gitea/log

- name: ensure gitea configuration directory exists
  become: true
  ansible.builtin.file:
    group: git
    owner: root
    mode: '750'
    path: /etc/gitea
    state: directory

- name: install gitea configuration
  become: true
  ansible.builtin.template:
    backup: true
    group: git
    owner: root
    mode: '640'
    dest: /etc/gitea/app.ini
    src: gitea/app.ini.j2
  vars:
    # global settings
    app_name: 'Gitea: Git with a cup of tea'
    run_mode: prod
    workpath: /var/lib/gitea
    # repository settings
    repository_default_branch: main
    repository_disable_http_git: false
    repository_enable_push_create_user: true
    # server settings
    server_allow_graceful_restarts: true
    server_app_data_path: ''
    server_domain: git.staur.ca
    server_enable_gzip: true
    server_enable_pprof: false
    server_graceful_hammer_time: 1m0s
    server_http_addr: 0.0.0.0
    server_landing_page: home
    server_lfs_jwt_secret: dvyUMJ81VjfO_PuHJt_4W-b6S58-yU2oMfF0N8KqzNg
    server_lfs_start_server: true
    server_local_use_proxy: false
    server_minimum_key_size_check: true
    server_offline_mode: false
    server_per_write_kb_timeout: 10s
    server_per_write_timeout: 30s
    server_port: 3000
    server_protocol: http
    server_proxy_protocol_accept_unknown: false
    server_proxy_protocol_tls_bridging: false
    server_redirector_use_proxy_protocol: false
    server_ssh_domain: gitea.applications.staur.ca
    server_ssh_listen_port: 22
    server_ssh_port: 22
    server_startup_timeout: 0s
    server_static_cache_time: 1h0m0s
    server_static_root_path: /data
    server_use_proxy_protocol: false
    sever_proxy_protocol_header_timeout: 5s
    # database settings
    database_host: postgres01.applications.staur.ca
    database_log_sql: false
    database_name: gitea
    database_passwd: gitea
    database_ssl_mode: disable
    database_type: postgres
    database_user: gitea
    # session settings
    session_cookie_name: gitea_session
    session_cookie_secure: true
    session_provider: db
    session_provider_config: /sessions
    # security settings
    security_secret_key: L2tOg455yeumJDDUEdw1ma69ckdoKP1UMgVZ9bXJZkCKkhCjfQmngYXDllUzdTKG
    security_internal_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE2OTM2MjA3NDh9.NCqR3b7ZHTwTcGky9FtSEii4ams2rG3Y06Iqvorc65Y
    # service settings
    service_disable_registration: true
    service_require_signin_view: false
    service_enable_captcha: false
    service_register_email_confirm: true
    service_no_reply_address: noreply+git@stobbs.ca
    service_default_keep_email_private: true
    service_default_enable_timetracking: true
    service_allow_only_external_registration: false
    service_allow_enable_notify_mail: false
    service_default_allow_create_oranization: true
    # lfs minio settings
    lfs_minio_access_key_id: jvafijdsllesb5cuoj2s7eqe7zpq
    lfs_minio_bucket: git-lfs-stobbs-ca
    lfs_minio_endpoint: gateway.storjshare.io
    lfs_minio_location: ca-central-1
    lfs_minio_secret_access_key: jzl5ehrxpklz37cdafetar2ihcdldgfadpv5g5udsih7ujf6s2lq6
    mailer_passwd:
    mailer_protocol: