From 1617061f5170da9579053923ffbadf93bcd55a81 Mon Sep 17 00:00:00 2001
From: Nemo <me@captnemo.in>
Date: Sun, 02 Jun 2019 15:41:06 +0530
Subject: [PATCH] [gitea] New release forces oauth2 on everyone

---
 main.tf                 | 17 ++++++++++++-----
 secrets.tf              |  4 ++++
 gitea/data.tf           | 11 +++++++----
 gitea/variables.tf      |  1 +
 gitea/conf/conf.ini.tpl |  9 ++++++++-
 5 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/main.tf b/main.tf
index 35608b8..2e74634 100644
--- a/main.tf
+++ a/main.tf
@@ -34,14 +34,15 @@
 }
 
 module "gitea" {
-  source         = "gitea"
-  domain         = "git.captnemo.in"
-  traefik-labels = "${var.traefik-common-labels}"
-  ips            = "${var.ips}"
-  secret-key     = "${data.pass_password.gitea-secret-key.password}"
-  internal-token = "${data.pass_password.gitea-internal-token.password}"
-  smtp-password  = "${data.pass_password.gitea-smtp-password.password}"
-  lfs-jwt-secret = "${data.pass_password.gitea-lfs-jwt-secret.password}"
+  source            = "gitea"
+  domain            = "git.captnemo.in"
+  traefik-labels    = "${var.traefik-common-labels}"
+  ips               = "${var.ips}"
+  secret-key        = "${data.pass_password.gitea-secret-key.password}"
+  internal-token    = "${data.pass_password.gitea-internal-token.password}"
+  smtp-password     = "${data.pass_password.gitea-smtp-password.password}"
+  lfs-jwt-secret    = "${data.pass_password.gitea-lfs-jwt-secret.password}"
+  oauth2-jwt-secret = "${data.pass_password.gitea-oauth2-jwt-secret.password}"
 
   //passed, but not used
   mysql-password = ""
diff --git a/secrets.tf b/secrets.tf
index c312eef..7511d6d 100644
--- a/secrets.tf
+++ a/secrets.tf
@@ -18,6 +18,10 @@
   path = "GITEA_SECRET_KEY"
 }
 
+data "pass_password" "gitea-oauth2-jwt-secret" {
+  path = "GITEA_OAUTH2_JWT_SECRET"
+}
+
 data "pass_password" "gf-security-admin-password" {
   path = "GRAFANA_ADMIN_PASSWORD"
 }
diff --git a/gitea/data.tf b/gitea/data.tf
index aa45624..460f9f9 100644
--- a/gitea/data.tf
+++ a/gitea/data.tf
@@ -12,10 +12,11 @@
   template = "${file("${path.module}/conf/conf.ini.tpl")}"
 
   vars {
-    secret_key     = "${var.secret-key}"
-    internal_token = "${var.internal-token}"
-    smtp_password  = "${var.smtp-password}"
-    lfs-jwt-secret = "${var.lfs-jwt-secret}"
-    mysql-password = "${var.mysql-password}"
+    secret_key        = "${var.secret-key}"
+    internal_token    = "${var.internal-token}"
+    smtp_password     = "${var.smtp-password}"
+    lfs-jwt-secret    = "${var.lfs-jwt-secret}"
+    mysql-password    = "${var.mysql-password}"
+    oauth2-jwt-secret = "${var.oauth2-jwt-secret}"
   }
 }
diff --git a/gitea/variables.tf b/gitea/variables.tf
index 093e8dc..5457f6f 100644
--- a/gitea/variables.tf
+++ a/gitea/variables.tf
@@ -12,6 +12,7 @@
 variable "internal-token" {}
 variable "smtp-password" {}
 variable "lfs-jwt-secret" {}
+variable "oauth2-jwt-secret" {}
 variable "mysql-password" {}
 
 variable "traefik-network-id" {}
diff --git a/gitea/conf/conf.ini.tpl b/gitea/conf/conf.ini.tpl
index e7a58c0..b931518 100644
--- a/gitea/conf/conf.ini.tpl
+++ a/gitea/conf/conf.ini.tpl
@@ -129,8 +129,8 @@
 MIN_PASSWORD_LENGTH = 10
 IMPORT_LOCAL_PATHS = true
 DISABLE_GIT_HOOKS = true
-SECRET_KEY     = ${secret_key}
-INTERNAL_TOKEN = ${internal_token}
+SECRET_KEY     = "${secret_key}"
+INTERNAL_TOKEN = "${internal_token}"
 
 [service]
 ; ; More detail: https://github.com/gogits/gogs/issues/165
@@ -297,3 +297,8 @@
 CLONE = 300
 PULL = 300
 GC = 60
+
+[oauth2]
+ENABLE = false
+; this is same as JWT secret above
+JWT_SECRET = "${oauth2-jwt-secret}"
--
rgit 0.1.5