create initial secrets before app.ini removal

templates/gitea/config.yaml

@@ -20,6 +20,23 @@ stringData:
     #!/usr/bin/env bash
     set -euo pipefail
 
+    ### initial creation of persistent secrets
+    if ![ -f ${GITEA_APP_INI} ]; then
+      function env2ini::generate_initial_secrets() {
+        # These environment variables will either be
+        #   - overwritten with user defined values,
+        #   - initially used to set up Gitea
+        # Anyway, they won't harm existing app.ini files
+
+        export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
+        export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
+        export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
+        export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
+
+        env2ini::log "...Initial secrets generated\n"
+      }
+    fi
+
     # ensure a clean start
     if [ -f ${GITEA_APP_INI} ]; then
       rm $GITEA_APP_INI
@@ -133,20 +150,6 @@ stringData:
       fi
     }
 
-    function env2ini::generate_initial_secrets() {
-      # These environment variables will either be
-      #   - overwritten with user defined values,
-      #   - initially used to set up Gitea
-      # Anyway, they won't harm existing app.ini files
-
-      export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN)
-      export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY)
-      export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET)
-      export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET)
-
-      env2ini::log "...Initial secrets generated\n"
-    }
-
     env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs
     
     # MUST BE CALLED BEFORE OTHER CONFIGURATION