From b4447064f77fefcc184a9514a439b336b281f786 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Fri, 22 Nov 2019 13:40:43 +0100
Subject: [PATCH] add selinux handling

---
 tasks/main.yml    |  2 ++
 tasks/selinux.yml | 15 +++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 tasks/selinux.yml

diff --git a/tasks/main.yml b/tasks/main.yml
index edd21ae..365f1fa 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,6 +1,8 @@
 ---
 - include_tasks: prepare.yml
 - include_tasks: install.yml
+- include_tasks: selinux.yml
+  when: ansible_selinux.status == "enabled"
 - import_tasks: tls.yml
   when: gitea_tls_enabled | bool
   tags: tls_renewal
diff --git a/tasks/selinux.yml b/tasks/selinux.yml
new file mode 100644
index 0000000..ac43753
--- /dev/null
+++ b/tasks/selinux.yml
@@ -0,0 +1,15 @@
+---
+- block:
+    - name: Add SELinux file context mapping definitions
+      sefcontext:
+        target: "{{ item.target }}"
+        setype: "{{ item.setype }}"
+        state: present
+      loop: "{{ gitea_selinux_fcontext }}"
+
+    - name: Apply new SELinux file context to filesystem
+      command: "restorecon {{ item }}"
+      loop: "{{ gitea_selinux_restorecon }}"
+      changed_when: False
+  become: True
+  become_user: root