From 9de97250c6c7421f12341b0823ba5d8ed500b62c Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 7 Apr 2024 21:48:40 +0200
Subject: [PATCH 1/2] Create option to delete local git user

---
 defaults/main.yml         |  1 +
 tasks/directory.yml       | 29 ++++++++++++++++++++---------
 tasks/local_git_users.yml | 16 +++++++++++++++-
 3 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 41e4c6c..d7483ec 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -33,6 +33,7 @@ gitea_users: []
 #    email: "johndoe@example.com"
 #    admin: false
 #    must_change_password: true
+#    state: present
 
 # Overall (DEFAULT)
 # -> https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default
diff --git a/tasks/directory.yml b/tasks/directory.yml
index 0f5fc8b..a0bf2db 100644
--- a/tasks/directory.yml
+++ b/tasks/directory.yml
@@ -1,4 +1,24 @@
 ---
+- name: "Create config and data directory"
+  become: true
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ gitea_user }}"
+    group: "{{ gitea_group }}"
+    mode: "u=rwX,g=rX"
+    recurse: true
+  loop:
+    - "{{ gitea_user_home }}"
+    - "{{ gitea_home }}"
+    - "{{ gitea_home }}/data"
+    - "{{ gitea_custom }}"
+    - "{{ gitea_custom }}/https"
+    - "{{ gitea_custom }}/mailer"
+    - "{{ gitea_home }}/indexers"
+    - "{{ gitea_home }}/log"
+    - "{{ gitea_repository_root }}"
+
 - name: "Create config and data directory"
   become: true
   ansible.builtin.file:
@@ -10,12 +30,3 @@
     recurse: true
   loop:
     - "{{ gitea_configuration_path }}"
-    - "{{ gitea_user_home }}"
-    - "{{ gitea_home }}"
-    - "{{ gitea_home }}/data"
-    - "{{ gitea_custom }}"
-    - "{{ gitea_custom }}/https"
-    - "{{ gitea_custom }}/mailer"
-    - "{{ gitea_home }}/indexers"
-    - "{{ gitea_home }}/log"
-    - "{{ gitea_repository_root }}"
diff --git a/tasks/local_git_users.yml b/tasks/local_git_users.yml
index a8d9109..6c1e658 100644
--- a/tasks/local_git_users.yml
+++ b/tasks/local_git_users.yml
@@ -18,5 +18,19 @@
     - '"successfully created" not in _gitearesult.stdout'
   changed_when:
     - '"successfully created!" in _gitearesult.stdout'
-  when: "_giteausers is defined and item.name not in _giteausers.stdout"
+  when: "_giteausers is defined and item.name not in _giteausers.stdout and item.state | default('present') == 'present'"
+  loop: "{{ gitea_users }}"
+
+- name: Use gitea cli to delete user
+  become: true
+  ansible.builtin.command: |
+    su - {{ gitea_user }} -c \
+    '{{ gitea_full_executable_path }} -c {{ gitea_configuration_path }}/gitea.ini \
+    admin user delete --username "{{ item.name }}"'
+  register: _giteadelresult
+  failed_when:
+    - '"error" in _giteadelresult.stdout'
+  changed_when:
+    "_giteausers is defined and item.name in _giteausers.stdout"
+  when: "_giteausers is defined and item.name in _giteausers.stdout and item.state | default('present') == 'absent'"
   loop: "{{ gitea_users }}"

From 8f5798ff133d0e7807520adab3e271204061a1c8 Mon Sep 17 00:00:00 2001
From: L3D <l3d@c3woc.de>
Date: Sun, 7 Apr 2024 21:49:23 +0200
Subject: [PATCH 2/2] Create documentation about local user

---
 README.md     | 11 +++++++++++
 vars/main.yml |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6fec0e9..4f56b60 100644
--- a/README.md
+++ b/README.md
@@ -378,6 +378,17 @@ As this will only deploy config files, fail2ban already has to be installed or o
 | `gitea_fail2ban_jail_bantime` | `900` | fail2ban jail `bantime` setting. |
 | `gitea_fail2ban_jail_action` | `iptables-allports` | fail2ban jail `action` setting. |
 
+### local gitea Users
+| variable | option | description |
+| -------- | ------ | ----------- |
+| ``gitea_users`` | | dict to create local gitea or forgejo users |
+| | ``name`` | name for local gitea/forgejo user |
+| | ``password`` | user for local git user |
+| | ``email`` | email for local git user |
+| | ``admin`` | give user admin permissions |
+| | ``must_change_password`` | user should change password after first login |
+| | ``state`` | set to ``absent`` to delete user |
+
 ### optional customisation
 You can optionally customize your gitea using this ansible role. We got our information about customisation from [docs.gitea.io/en-us/customizing-gitea](https://docs.gitea.io/en-us/customizing-gitea/).
 To deploy multiple files we created the ``gitea_custom_search`` variable, that can point to the path where you put the custom gitea files *( default ``"files/host_files/{{ inventory_hostname }}/gitea"``)*.
diff --git a/vars/main.yml b/vars/main.yml
index 77f92d1..75ad1a7 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -63,5 +63,5 @@ transfer_custom_footer:
     - 'files/gitea_footer/extra_links_footer.tmpl'
     - 'files/extra_links_footer.tmpl'
 
-playbook_version_number: 58
+playbook_version_number: 59
 playbook_version_path: 'do1jlr.gitea.version'