fix(forgejo): Add OIDC login

2026-01-09 15:04:38 +01:00
parent 773550df56
commit eb141a7efe
1 changed files with 26 additions and 4 deletions
@@ -38,6 +38,21 @@ gitea:
    server:
      DOMAIN: git.svc.hel1.obx
      ROOT_URL: https://git.svc.hel1.obx
+      SSH_DOMAIN: git.svc.hel1.obx
+      SSH_PORT: 22
+    oauth2_client:
+      ENABLE_AUTO_REGISTRATION: true
+      UPDATE_AVATAR: true
+      ACCOUNT_LINKING: auto
+  oauth:
+    - name: 'Oceanbox'
+      provider: 'openidConnect'
+      existingSecret: forgejo-oauth-oceanbox
+      autoDiscoverUrl: 'https://auth.oceanbox.io/realms/oceanbox/.well-known/openid-configuration'
+      scopes: 'openid profile email groups'
+      groupClaimName: 'groups'
+      adminGroup: '/oceanbox/admin'
+      restrictedGroup: ''
  additionalConfigFromEnvs:
    - name: FORGEJO__DATABASE__PASSWD
      valueFrom:
@@ -61,6 +76,10 @@ gitea:
          key: host
    - name: FORGEJO__DATABASE__DB_TYPE
      value: postgres
+    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNIN
+      value: "true"
+    - name: FORGEJO__OPENID__ENABLE_OPENID_SIGNUP
+      value: "true"

 ingress:
  enabled: true
@@ -80,10 +99,13 @@ ingress:
      hosts:
        - git.svc.hel1.obx

-# service:
-  # ssh:
-    # type: LoadBalancer
-    # port: 22
+service:
+  ssh:
+    type: LoadBalancer
+    port: 22
+    annotations:
+      load-balancer.hetzner.cloud/location: hel1
+      load-balancer.hetzner.cloud/uses-proxyprotocol: 'false'

 persistence:
  enabled: true