homeserver/roles/mgrote_gitea_setup/tasks/main.yml


---
- name: Ensure LDAP config is set up
  ansible.builtin.command: |
    forgejo admin auth add-ldap \
      --config "/etc/gitea/gitea.ini" \
      --name "lldap" \
      --security-protocol "unencrypted" \
      --host "ldap.mgrote.net" \
      --port "3890" \
      --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \
      --bind-password GEHEIM \
      --user-search-base "ou=people,dc=mgrote,dc=net" \
      --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
      --username-attribute "uid" \
      --email-attribute "mail" \
      --firstname-attribute "givenName" \
      --surname-attribute "sn" \
      --avatar-attribute "jpegPhoto" \
      --synchronize-users
  register: setup
  ignore_errors: true
  failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist
  become_user: gitea
  changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet

- name: debug
  ansible.builtin.debug:
    msg: "{{ setup }}"

- name: Modify LDAP config
  ansible.builtin.command: |
    forgejo admin auth update-ldap \
      --config "/etc/gitea/gitea.ini" \
      --id "1" \
      --security-protocol "unencrypted" \
      --host "ldap.mgrote.net" \
      --port "3890" \
      --bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \
      --bind-password GEHEIM \
      --user-search-base "ou=people,dc=mgrote,dc=net" \
      --user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(|(uid=%[1]s)(mail=%[1]s)))" \
      --username-attribute "uid" \
      --email-attribute "mail" \
      --firstname-attribute "givennName" \
      --surname-attribute "sn" \
      --avatar-attribute "jpegPhoto" \
      --synchronize-users
  when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist
  become_user: gitea
  register: zwei
  changed_when: "setup.stdout | length > 0" # changed wenn stdout nciht lerr ist

- name: debug
  ansible.builtin.debug:
    msg: "{{ zwei }}"

...
setup 2024-04-03 23:00:58 +02:00
			`---`
f 2024-04-03 23:20:59 +02:00			`- name: Ensure LDAP config is set up`
setup 2024-04-03 23:00:58 +02:00			`ansible.builtin.command: \|`
			`forgejo admin auth add-ldap \`
			`--config "/etc/gitea/gitea.ini" \`
			`--name "lldap" \`
			`--security-protocol "unencrypted" \`
			`--host "ldap.mgrote.net" \`
			`--port "3890" \`
			`--bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \`
			`--bind-password GEHEIM \`
			`--user-search-base "ou=people,dc=mgrote,dc=net" \`
			`--user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(\|(uid=%[1]s)(mail=%[1]s)))" \`
			`--username-attribute "uid" \`
			`--email-attribute "mail" \`
			`--firstname-attribute "givenName" \`
			`--surname-attribute "sn" \`
			`--avatar-attribute "jpegPhoto" \`
			`--synchronize-users`
f 2024-04-03 23:20:59 +02:00			`register: setup`
setup 2024-04-03 23:00:58 +02:00			`ignore_errors: true`
f 2024-04-03 23:20:59 +02:00			`failed_when: 'not "Command error: login source already exists [name: lldap]" in setup.stderr' # fail Task wenn LDAP schon konfiguriert ist`
d 2024-04-03 23:03:37 +02:00			`become_user: gitea`
f 2024-04-03 23:20:59 +02:00			`changed_when: "setup.rc == 0" # chnaged nur wenn Task rc 0 hat, sollte nur beim ersten lauf vorkommen; ungetestet`
setup 2024-04-03 23:00:58 +02:00
dd 2024-04-03 23:07:25 +02:00			`- name: debug`
			`ansible.builtin.debug:`
f 2024-04-03 23:20:59 +02:00			`msg: "{{ setup }}"`
setup 2024-04-03 23:00:58 +02:00
			`- name: Modify LDAP config`
dd 2024-04-03 23:06:38 +02:00			`ansible.builtin.command: \|`
			`forgejo admin auth update-ldap \`
			`--config "/etc/gitea/gitea.ini" \`
			`--id "1" \`
			`--security-protocol "unencrypted" \`
			`--host "ldap.mgrote.net" \`
			`--port "3890" \`
			`--bind-dn "uid=ladmin,ou=people,dc=mgrote,dc=net" \`
			`--bind-password GEHEIM \`
			`--user-search-base "ou=people,dc=mgrote,dc=net" \`
			`--user-filter "(&(memberof=cn=gitea,ou=groups,dc=mgrote,dc=net)(\|(uid=%[1]s)(mail=%[1]s)))" \`
			`--username-attribute "uid" \`
			`--email-attribute "mail" \`
ff 2024-04-03 23:21:19 +02:00			`--firstname-attribute "givennName" \`
dd 2024-04-03 23:06:38 +02:00			`--surname-attribute "sn" \`
			`--avatar-attribute "jpegPhoto" \`
			`--synchronize-users`
f 2024-04-03 23:20:59 +02:00			`when: '"Command error: login source already exists [name: lldap]" in setup.stderr' # führe nur aus wenn erster Task fehlgeschlagen ist`
d 2024-04-03 23:03:37 +02:00			`become_user: gitea`
d 2024-04-03 23:17:26 +02:00			`register: zwei`
f 2024-04-03 23:20:59 +02:00			`changed_when: "setup.stdout \| length > 0" # changed wenn stdout nciht lerr ist`
d 2024-04-03 23:17:26 +02:00
			`- name: debug`
			`ansible.builtin.debug:`
			`msg: "{{ zwei }}"`
setup 2024-04-03 23:00:58 +02:00
			`...`