From 24ec20fb5bf2722b7e709ff8f2b1e6445b86b4cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 9 Jul 2024 17:10:54 +0200
Subject: [PATCH] [fix] role:gitea:authelia

---
 roles/gitea/defaults/main.json        |  4 +++-
 roles/gitea/tasks/main.json           | 14 ++++++++++++--
 roles/gitea/templates/config.ini.j2   | 14 +++++++-------
 roles/gitea/templates/systemd-unit.j2 |  2 +-
 roles/gitea/vardef.json               | 10 +++++++++-
 5 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/roles/gitea/defaults/main.json b/roles/gitea/defaults/main.json
index b5fe3ac..49a53fc 100644
--- a/roles/gitea/defaults/main.json
+++ b/roles/gitea/defaults/main.json
@@ -16,7 +16,9 @@
 	"var_gitea_database_data_postgresql_password": "REPLACE_ME",
 	"var_gitea_database_data_postgresql_scheme": "gitea",
 	"var_gitea_authentication_kind": "internal",
-	"var_gitea_authentication_data_authelia_url": "authelia.example.org",
+	"var_gitea_authentication_data_authelia_url_base": "https://authelia.example.org",
+	"var_gitea_authentication_data_authelia_client_id": "gitea",
+	"var_gitea_authentication_data_authelia_client_secret": "REPLACE_ME",
 	"var_gitea_smtp_host": "smtp.example.org",
 	"var_gitea_smtp_port": 465,
 	"var_gitea_smtp_username": "REPLACE_ME",
diff --git a/roles/gitea/tasks/main.json b/roles/gitea/tasks/main.json
index 1cf16dc..45e3187 100644
--- a/roles/gitea/tasks/main.json
+++ b/roles/gitea/tasks/main.json
@@ -52,12 +52,22 @@
 		}
 	},
 	{
-		"name": "config",
+		"name": "config | base",
 		"become": true,
 		"become_user": "{{var_gitea_user}}",
 		"ansible.builtin.template": {
 			"src": "config.ini.j2",
-			"dest": "{{var_gitea_directory}}/custom/config/app.ini"
+			"dest": "{{var_gitea_directory}}/custom/conf/app.ini"
+		}
+	},
+	{
+		"config | authelia",
+		"when": "var_gitea_authentication_kind == 'authelia'",
+		"become": true,
+		"become_user": "{{var_gitea_user}}",
+		"ansible.builtin.command": {
+			"chdir": "{{var_gitea_directory}}",
+			"cmd": "./gitea admin auth add-oauth --provider=6 --name='authelia' --key={{var_gitea_authentication_data_authelia_client_id}} --secret={{var_gitea_authentication_data_authelia_client_secret}} --auto-discover-url={{var_gitea_authentication_data_authelia_url_base}}/.well-known/openid-configuration --scopes='openid email profile'"
 		}
 	},
 	{
diff --git a/roles/gitea/templates/config.ini.j2 b/roles/gitea/templates/config.ini.j2
index 804e313..c47eb40 100644
--- a/roles/gitea/templates/config.ini.j2
+++ b/roles/gitea/templates/config.ini.j2
@@ -4,7 +4,7 @@ RUN_MODE = prod
 
 [server]
 DOMAIN = {{var_gitea_domain}}
-;ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+ROOT_URL = https://{{var_gitea_domain}}
 ;HTTP_ADDR = {{var_gitea_listen_address}}
 HTTP_PORT = {{var_gitea_listen_port | string}}
 ;LANDING_PAGE = home
@@ -16,7 +16,7 @@ PATH = {{var_gitea_database_data_sqlite_path}}
 {% endif %}
 {% if var_gitea_database_kind == 'postgresql' %}
 DB_TYPE = postgres
-HOST = {{var_gitea_database_data_postgresql_host}}:{{var_gitea_database_data_postgresql_host | string}}
+HOST = {{var_gitea_database_data_postgresql_host}}:{{var_gitea_database_data_postgresql_port | string}}
 USER = {{var_gitea_database_data_postgresql_username}}
 PASSWD = {{var_gitea_database_data_postgresql_password}}
 NAME = {{var_gitea_database_data_postgresql_scheme}}
@@ -45,10 +45,12 @@ REGISTER_EMAIL_CONFIRM = false
 DISABLE_REGISTRATION = false
 ALLOW_ONLY_INTERNAL_REGISTRATION = true
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+SHOW_REGISTRATION_BUTTON = true
 {% else %}
-DISABLE_REGISTRATION = true
+DISABLE_REGISTRATION = false
 ALLOW_ONLY_INTERNAL_REGISTRATION = false
 ALLOW_ONLY_EXTERNAL_REGISTRATION = true
+SHOW_REGISTRATION_BUTTON = false
 {% endif %}
 
 ;REQUIRE_SIGNIN_VIEW = false
@@ -87,13 +89,11 @@ AUTO_WATCH_ON_CHANGES = false
 [openid]
 ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = false
-{% endif %}
-
-{% if var_gitea_authentication_kind == 'authelia' %}
+{% else %}
 [openid]
 ENABLE_OPENID_SIGNIN = false
 ENABLE_OPENID_SIGNUP = true
-WHITELISTED_URIS = {{var_gitea_authentication_data_authelia_url}}
+WHITELISTED_URIS = {{var_gitea_authentication_data_authelia_url_base}}
 
 [oauth2_client]
 REGISTER_EMAIL_CONFIRM = false
diff --git a/roles/gitea/templates/systemd-unit.j2 b/roles/gitea/templates/systemd-unit.j2
index b460565..a961e0f 100644
--- a/roles/gitea/templates/systemd-unit.j2
+++ b/roles/gitea/templates/systemd-unit.j2
@@ -12,7 +12,7 @@ Type=simple
 User={{var_gitea_user}}
 Group={{var_gitea_user}}
 WorkingDirectory={{var_gitea_directory}}
-ExecStart={{var_gitea_directory}}/gitea web --config {{var_gitea_directory}}/custom/config/app.ini
+ExecStart={{var_gitea_directory}}/gitea web --config {{var_gitea_directory}}/custom/conf/app.ini
 Restart=always
 # Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 # Environment=PATH=/path/to/git/bin:/bin:/sbin:/usr/bin:/usr/sbin
diff --git a/roles/gitea/vardef.json b/roles/gitea/vardef.json
index 5e27b35..84668a8 100644
--- a/roles/gitea/vardef.json
+++ b/roles/gitea/vardef.json
@@ -75,7 +75,15 @@
 			"authelia"
 		]
 	},
-	"authentication_data_authelia_url": {
+	"authentication_data_authelia_url_base": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"authentication_data_authelia_client_id": {
+		"mandatory": false,
+		"type": "string"
+	},
+	"authentication_data_authelia_client_secret": {
 		"mandatory": false,
 		"type": "string"
 	},