From f516107df67c64bcd4037b567ebe72dbf46047cb Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Wed, 4 Feb 2026 10:55:41 +0100
Subject: [PATCH] OP#414 add user control

---
 README.md                      |  1 +
 manifests/firewall/iptables.pp |  2 +-
 manifests/main/dirs.pp         |  2 +-
 manifests/main/files.pp        | 12 +++++++++++-
 manifests/main/install.pp      |  9 ---------
 manifests/main/service.pp      |  6 ++++--
 manifests/main/user.pp         |  9 ++++++++-
 manifests/params.pp            | 12 ++++++++++++
 8 files changed, 38 insertions(+), 15 deletions(-)
 delete mode 100644 manifests/main/install.pp

diff --git a/README.md b/README.md
index eb78a13..5a101b6 100644
--- a/README.md
+++ b/README.md
@@ -23,6 +23,7 @@ Installation
 
 Configuration
 
+- install required system user
 - manage directory structure 
 - manage configuration files 
   - file system permissions
diff --git a/manifests/firewall/iptables.pp b/manifests/firewall/iptables.pp
index 8e465eb..0e5c5fc 100644
--- a/manifests/firewall/iptables.pp
+++ b/manifests/firewall/iptables.pp
@@ -6,7 +6,7 @@
 class confdroid_gitea::firewall::iptables (
 
 ) inherits confdroid_gitea::params {
-  if $ga_use_firewall == true {
+  if ($ga_use_firewall == true) and ($ga_host_fqdn == $fqdn) {
     firewall { "${ga_order_prefix}${ga_http_port} allow gitea http port ${ga_http_port}":
       proto => 'tcp',
       dport => $ga_http_port,
diff --git a/manifests/main/dirs.pp b/manifests/main/dirs.pp
index 746a71e..5383ff7 100644
--- a/manifests/main/dirs.pp
+++ b/manifests/main/dirs.pp
@@ -6,5 +6,5 @@
 class confdroid_gitea::main::dirs (
 
 ) inherits confdroid_gitea::params {
-  require confdroid_gitea::main::files
+  require confdroid_gitea::main::user
 }
diff --git a/manifests/main/files.pp b/manifests/main/files.pp
index 91769b9..bec9739 100644
--- a/manifests/main/files.pp
+++ b/manifests/main/files.pp
@@ -6,5 +6,15 @@
 class confdroid_gitea::main::files (
 
 ) inherits confdroid_gitea::params {
-  require confdroid_gitea::main::user
+  if $ga_host_fqdn == $fqdn {
+    require confdroid_gitea::main::dirs
+
+    file { "${ga_working_dir}/gitea":
+      ensure => 'file',
+      mode   => '0755',
+      owner  => $ga_user,
+      group  => $ga_user,
+      source => "${ga_dl_url}/gitea/${ga_dl_version}/gitea-${ga_dl_version}-linux-amd64",
+    }
+  }
 }
diff --git a/manifests/main/install.pp b/manifests/main/install.pp
deleted file mode 100644
index 83ef809..0000000
--- a/manifests/main/install.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-## confdroid_gitea::main::install.pp
-# Module name: confdroid_gitea
-# Author: 12ww1160 (12ww1160@confdroid.com)
-# @summary manages the installation for the confdroid_gitea Puppet module.
-##############################################################################
-class confdroid_gitea::main::install (
-
-) inherits confdroid_gitea::params {
-}
diff --git a/manifests/main/service.pp b/manifests/main/service.pp
index 6a4e740..aa9782b 100644
--- a/manifests/main/service.pp
+++ b/manifests/main/service.pp
@@ -6,6 +6,8 @@
 class confdroid_gitea::main::service (
 
 ) inherits confdroid_gitea::params {
-  require confdroid_gitea::firewall::iptables
-  require confdroid_gitea::main::dirs
+  if  $ga_host_fqdn == $fqdn {
+    require confdroid_gitea::firewall::iptables
+    require confdroid_gitea::main::files
+  }
 }
diff --git a/manifests/main/user.pp b/manifests/main/user.pp
index 2ffaec7..cab27d1 100644
--- a/manifests/main/user.pp
+++ b/manifests/main/user.pp
@@ -6,5 +6,12 @@
 class confdroid_gitea::main::user (
 
 ) inherits confdroid_gitea::params {
-  require confdroid_gitea::main::install
+  if $ga_host_fqdn == $fqdn {
+    user { $ga_user:
+      ensure     => 'present',
+      managehome => true,
+      shell      => '/bin/false',
+      system     => true,
+    }
+  }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index 06ad4e3..22f43a7 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -6,9 +6,21 @@
 # @param [String] ga_http_port The main port number for Gitea.
 # @param [String] ga_ssh_port The SSH port number for Gitea.
 # @param [String] ga_order_prefix The order prefix for firewall rules.
+# @param [String] ga_host_fqdn The FQDN for the Gitea host. 
+# @param [String] ga_working_dir The working directory for Gitea.
+# @param [String] ga_dl_url The download URL for Gitea.
+# @param [String] ga_dl_version The version of Gitea to download.
+# @param [String] ga_user The system user for Gitea.
 ##############################################################################
 class confdroid_gitea::params (
 
+  # main
+  String $ga_host_fqdn    = 'gitea.example.net',
+  String $ga_working_dir  = '/opt/gitea',
+  String $ga_dl_url       = 'https://dl.gitea.com/gitea',
+  String $ga_dl_version   = '1.25.4',
+  String $ga_user         = 'git',
+
   # firewall
   Boolean $ga_use_firewall  = true,
   String $ga_http_port      = '3000',