* autogenerate JWT_SECRETS
Based on https://docs.gitea.io/en-us/command-line/#generate we will now autogenerate JWT_SECRETS if they are not defined.
In my opinion a much better idea than writing a value in the default config.
The check if the variables for the secrets are now 43 characters long i took out. Gitea generates itself suitable secrets, if the user given ones do not fit.
* drop ansible.builtin. syntax
* delete trailing whitespace
* Add gitea_group
This will add the `gitea_group: gitea` and will probably
RESOLVE https://github.com/thomas-maurice/ansible-role-gitea/issues/70
* update variable length
update variable length to make this role idempotent
* vars should not include special character
There is this linting message:
```
[208] File permissions unset or incorrect
tasks/main.yml:27
Task/Handler: Create config and data directory
```
I fixed it in this commit and added a github action
to run the official™ ansible linting check!
gitea 1.13.0 was released which fixes security issues
some breaking changes were reported in the release notes but I didn't find any issues with them on my system, caution is advised
Support Gitea development, we now have a shop for Swag
SECURITY
Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
Prevent git operations for inactive users (#13527) (#13536)
Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13524)
Mitigate Security vulnerability in the git hook feature (#13058)
Disable DSA ssh keys by default (#13056)
Set TLS minimum version to 1.2 (#12689)
Use argon as default password hash algorithm (#12688)
BREAKING
Set RUN_MODE prod by default (#13765) (#13767)
Don't replace underscores in auto-generated IDs in goldmark (#12805)
Add Primary Key to Topic and RepoTopic tables (#12639)
Disable password complexity check default (#12557)
Change PIDFile default from /var/run/gitea.pid to /run/gitea.pid (#12500)
Add extension Support to Attachments (allow all types for releases) (#12465)
Remove IE11 Support (#11470)
Recursively set the gitea user as owner of all it's directories (and create /indexers and /logs directories.
This is needed if one tried to start gitea as root before.
This is due the fact that Ansible often takes another default shell
to execute its commands, e.g., /bin/sh.
Solution is to require /bin/bash for the particular command.
In check_mode, the binary download task depends on the execution of the
previous one, which uses the module shell to fill in a variable. In the
download binary task we use a field on that variable that does not exist
in check_mode, so the task fails.
Signed-off-by: L. Alberto Giménez <agimenez@sysvalve.es>