this repo has no description
feat(forgejo): setup SSO
+36
+3
infra/production/oracle/secrets/.terraform.lock.hcl
+3
infra/production/oracle/secrets/.terraform.lock.hcl
···
6
6
constraints = "~> 2.37.1"
7
7
hashes = [
8
8
"h1:UWJPvQZxW9Q6mxtUvIdnapPE8s8o4a2HUo53OInq9p4=",
9
+
"h1:uQ6QiHEMu5dm39sbMNE3ANFUeqTjrqb2P/lxHtfkctE=",
9
10
"zh:22031e9995b3dc7ae497305dc6c5b7bf1a585c378d46446e724601f992cd9e11",
10
11
"zh:3614bc188ae5040d892671009c66f56cfcb3859e11f42ed7ffc1cee384b1275b",
11
12
"zh:5d925944ac961bbe5fb4917a3e7e6d9bc0bef2f3198f26e8d4cd1793d5eadde3",
···
21
22
provider "registry.opentofu.org/hashicorp/oci" {
22
23
version = "7.10.0"
23
24
hashes = [
25
+
"h1:XMhePV+ntXrfaI0Yq7mTCgziQ2YJzvt4x1SzcjDh754=",
24
26
"h1:fte2iarPJxuqm8S5AJTgY/eEQnH6LS/qVRxmDkBie4s=",
25
27
"zh:03ad7ab20c4aa4a496cedb29cc439cb6e6c6eadcce964a44c227d605a30aec0f",
26
28
"zh:08184bf3df20ab6f2bc764f28cefc356090d34bdf02c41ab91939d91f7462c3c",
···
44
46
version = "3.7.2"
45
47
hashes = [
46
48
"h1:cFGCdxTlsrteTiaOV/iOQdql7eJkD3F/vtJxenkj9IE=",
49
+
"h1:yHMBbZOIHlXUuBQ8Mhioe0hwmhermuboq2eNNoCJaf8=",
47
50
"zh:2ffeb1058bd7b21a9e15a5301abb863053a2d42dffa3f6cf654a1667e10f4727",
48
51
"zh:519319ed8f4312ed76519652ad6cd9f98bc75cf4ec7990a5684c072cf5dd0a5d",
49
52
"zh:7371c2cc28c94deb9dba62fbac2685f7dde47f93019273a758dd5a2794f72919",
+17
infra/production/oracle/secrets/terragrunt.hcl
+17
infra/production/oracle/secrets/terragrunt.hcl
···
25
25
dex_grafana_client_secret = { random = true }
26
26
dex_kiali_client_secret = { random = true }
27
27
dex_temporal_client_secret = { random = true }
28
+
dex_forgejo_client_key = { value = "forgejo" }
29
+
dex_forgejo_client_secret = { random = true }
30
+
forgejo_admin_username = { value = "forgejo_admin" }
31
+
forgejo_admin_password = { random = true }
28
32
silverbullet_user = { value = include.root.locals.secrets.silverbullet_user }
29
33
wireguard_config = { value = include.root.locals.secrets.wireguard_config }
30
34
}
···
36
40
"GRAFANA_CLIENT_SECRET" = "dex_grafana_client_secret"
37
41
"KIALI_CLIENT_SECRET" = "dex_kiali_client_secret"
38
42
"TEMPORAL_CLIENT_SECRET" = "dex_temporal_client_secret"
43
+
"FORGEJO_CLIENT_SECRET" = "dex_forgejo_client_secret"
39
44
"ADMIN_PASSWORD_HASH" = "dex_admin_password_hash"
40
45
}
41
46
}
···
67
72
"wireguard/wireguard-secret" = {
68
73
data = {
69
74
"wg0.conf" = "wireguard_config"
75
+
}
76
+
}
77
+
"forgejo/forgejo-admin" = {
78
+
data = {
79
+
"username" = "forgejo_admin_username"
80
+
"password" = "forgejo_admin_password"
81
+
}
82
+
}
83
+
"forgejo/forgejo-oauth" = {
84
+
data = {
85
+
"key" = "dex_forgejo_client_key"
86
+
"secret" = "dex_forgejo_client_secret"
70
87
}
71
88
}
72
89
}
+5
platform/production/dex.yaml
+5
platform/production/dex.yaml
···
59
59
redirectURIs:
60
60
- 'https://temporal.cloudlab.khuedoan.com/auth/sso/callback'
61
61
secretEnv: TEMPORAL_CLIENT_SECRET
62
+
- id: forgejo
63
+
name: Forgejo
64
+
redirectURIs:
65
+
- 'https://code.khuedoan.com/user/oauth2/SSO/callback'
66
+
secretEnv: FORGEJO_CLIENT_SECRET
62
67
envFrom:
63
68
- secretRef:
64
69
name: dex-secrets
+11
platform/production/forgejo.yaml
+11
platform/production/forgejo.yaml
···
47
47
ENABLE_AUTO_REGISTRATION: true
48
48
OPENID_CONNECT_SCOPES: "email profile"
49
49
USERNAME: username
50
+
service:
51
+
ENABLE_INTERNAL_SIGNIN: false
52
+
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
50
53
"service.explore":
51
54
DISABLE_USERS_PAGE: true
52
55
actions:
···
57
60
SHOW_FOOTER_VERSION: false
58
61
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
59
62
SHOW_FOOTER_POWERED_BY: false
63
+
oauth:
64
+
- name: SSO
65
+
provider: 'openidConnect'
66
+
autoDiscoverUrl: https://dex.cloudlab.khuedoan.com/.well-known/openid-configuration
67
+
existingSecret: forgejo-oauth
68
+
admin:
69
+
email: admin@cloudlab.khuedoan.com
70
+
existingSecret: forgejo-admin
60
71
podAnnotations:
61
72
"istio.io/dataplane-mode": "ambient"
62
73
ingress: