this repo has no description
feat(forgejo): enable SSO
+14
-9
+14
-9
platform/staging/forgejo.yaml
+14
-9
platform/staging/forgejo.yaml
···
28
28
values:
29
29
strategy:
30
30
type: Recreate
31
+
deployment:
32
+
env:
33
+
- name: FORGEJO_OAUTH_SECRET
34
+
value: vault:secret/data/forgejo/oauth#secret
31
35
gitea:
32
36
config:
33
37
database:
···
51
55
OPENID_CONNECT_SCOPES: "email profile"
52
56
USERNAME: username
53
57
service:
54
-
ENABLE_INTERNAL_SIGNIN: true
55
-
DISABLE_REGISTRATION: true
58
+
ENABLE_INTERNAL_SIGNIN: false
59
+
ALLOW_ONLY_EXTERNAL_REGISTRATION: true
56
60
"service.explore":
57
61
DISABLE_USERS_PAGE: true
58
62
actions:
···
63
67
SHOW_FOOTER_VERSION: false
64
68
SHOW_FOOTER_TEMPLATE_LOAD_TIME: false
65
69
SHOW_FOOTER_POWERED_BY: false
66
-
# Staging does not currently run Dex, so keep Forgejo self-contained.
67
-
# oauth:
68
-
# - name: SSO
69
-
# provider: 'openidConnect'
70
-
# autoDiscoverUrl: https://dex.cloudlab.khuedoan.com/.well-known/openid-configuration
71
-
# key: vault:secret/data/forgejo/oauth#key
72
-
# secret: vault:secret/data/forgejo/oauth#secret
70
+
oauth:
71
+
- name: SSO
72
+
provider: "openidConnect"
73
+
autoDiscoverUrl: https://dex.staging.khuedoan.com/.well-known/openid-configuration
74
+
key: forgejo
75
+
# Can't use Vault syntax directly here, because it will be templated
76
+
# into a secret, so we need to define a separate environment variable
77
+
secret: ${FORGEJO_OAUTH_SECRET}
73
78
admin:
74
79
email: admin@cloudlab.khuedoan.com
75
80
username: forgejo_admin