configure vault oidc login and cicd jwt login

ansible/arcodange/factory/roles/gitea_repo/defaults/main.yml

@@ -6,4 +6,4 @@ gitea_username: arcodange
 gitea_organization: arcodange-org
 
 # URL de base du serveur Gitea
-gitea_base_url: http://{{ groups.gitea[0] }}:3000
+gitea_base_url: http://{{ groups.gitea[0] }}:3000

ansible/arcodange/factory/roles/gitea_repo/tasks/main.yml

@@ -1,8 +1,3 @@
-- name: Generate Gitea Token
-  when: gitea_api_token is undefined
-  include_role:
-    name: arcodange.factory.gitea_token
-
 - name: Vérifier si le dépôt existe dans Gitea
   uri:
     url: "{{ gitea_base_url }}/api/v1/repos/{{ gitea_organization }}/{{ gitea_repo_name }}"

ansible/arcodange/factory/roles/gitea_secret/tasks/main.yml

@@ -1,7 +1,3 @@
-- name: Generate Gitea Token
-  include_role:
-    name: arcodange.factory.gitea_token
-
 - name: Préparer l'URL de l'API pour mettre à jour ou ajouter un secret
   set_fact:
     gitea_api_url: |

ansible/arcodange/factory/roles/gitea_sync/defaults/main.yml

@@ -2,4 +2,6 @@ gitea_username: arcodange
 gitea_organization: arcodange-org
 
 # URL de base du serveur Gitea
-gitea_base_url: http://{{ groups.gitea[0] }}:3000
+gitea_base_url: http://{{ groups.gitea[0] }}:3000
+
+gitea_token_fact_name: arcodange_factory_gitea_sync_token

ansible/arcodange/factory/roles/gitea_sync/tasks/main.yml

@@ -16,10 +16,6 @@
     status_code: 200
   register: gitlab_repos
 
-- name: Generate Gitea Token
-  include_role:
-    name: arcodange.factory.gitea_token
-
 - name: Lister les dépôts de l'organisation Gitea
   uri:
     url: "{{ gitea_base_url }}/api/v1/orgs/{{ gitea_organization }}/repos"

ansible/arcodange/factory/roles/gitea_token/tasks/main.yml

@@ -1,7 +1,10 @@
 # to see generated tokens
 # go to https://gitea.arcodange.duckdns.org/user/settings/applications
 
-- when: lookup('ansible.builtin.varnames', '^' ~ gitea_token_fact_name ~ '$') | length == 0 or gitea_token_delete
+- when: >-
+    lookup('ansible.builtin.varnames', '^' ~ gitea_token_fact_name ~ '$') | length == 0
+    or lookup('vars', gitea_token_fact_name) == 'deleted'
+    or gitea_token_delete
   block:
     
     - &createTokenTask
@@ -46,5 +49,11 @@
         msg: 'WARN: gitea_api_token required when gitea_token_delete or gitea_token_replace is true'
 
     - ansible.builtin.set_fact:
-        '{{ gitea_token_fact_name }}': '{{ (gitea_api_token_cmd.rc == 0) | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout) }}'
-      when: not gitea_token_delete
+        '{{ gitea_token_fact_name }}': >-
+          {{
+            'deleted' if gitea_token_delete else
+            (
+              (gitea_api_token_cmd.rc == 0)
+              | ternary(gitea_api_token_cmd.stdout, gitea_api_token_cmd_bis.stdout)
+            )
+          }}

ansible/arcodange/factory/roles/traefik_certs/tasks/main.yml

@@ -0,0 +1,11 @@
+- when: traefik_certs_pem is not defined
+  block:
+    - shell: >-
+        kubectl -n kube-system exec
+        $(kubectl -n kube-system get pod -l app.kubernetes.io/name=traefik
+        -o jsonpath="{.items[0]['.metadata.name']}") --
+        cat /data/acme.json | jq '(.letsencrypt.Certificates | map(select(.domain.main=="arcodange.duckdns.org")))[0]'
+        | jq '.certificate' -r | base64 -d | openssl x509
+      register: traefik_certs_cmd
+    - set_fact:
+        traefik_cert_pem: '{{ traefik_certs_cmd.stdout }}'