add gitea to authelia

2023-08-17 03:12:33 +02:00
parent 232ce326a5
commit 26e20340d3
2 changed files with 49 additions and 3 deletions
--- a/utils/modules/authelia/default.nix
+++ b/utils/modules/authelia/default.nix
@@ -48,8 +48,8 @@
          url = "ldaps://ldap.cloonar.com";
          base_dn = "DC=cloonar,DC=com";
          additional_users_dn = "OU=users";
-          users_filter = "(&({mail}={input})(objectClass=person))";
-          username_attribute = "uid";
+          users_filter = "(&({username_attribute}={input})(objectClass=person))";
+          username_attribute = "mail";
          mail_attribute = "mail";
          display_name_attribute = "displayName";
          additional_groups_dn = "OU=groups";
@@ -109,6 +109,43 @@
          filename = "/var/lib/authelia-main/notification.txt";
        };
      };
+      identity_providers = {
+        oidc = {
+          ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
+          ## See: https://www.authelia.com/c/oidc
+          clients = [
+            {
+              id = "nextcloud";
+              description = "NextCloud";
+              secret = "$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng";
+              public = false;
+              authorization_policy = "one_factor";
+              redirect_uris = [ "https://nextcloud.example.com/apps/oidc_login/oidc" ];
+              scopes = [
+                "openid"
+                "profile"
+                "email"
+                "groups"
+              ];
+              userinfo_signing_algorithm = "none";
+            }
+            {
+              id = "gitea";
+              description = "Gitea";
+              secret = "$6$8CO08RKzsB2e47SY$oZCadmL5nz8HDaZ6miPKmcGNIefUW8qCjHxkn52G1kyKSzZBkKHkCzvlyOU3TXWBY/OpWlqWAHJ4ORtpOkocz/";
+              public = false;
+              authorization_policy = "one_factor";
+              redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ];
+              scopes = [
+                "openid"
+                "profile"
+                "email"
+              ];
+              userinfo_signing_algorithm = "none";
+            }
+          ];
+        };
+      };
    };
  };
  services.nginx.virtualHosts."auth.cloonar.com" = {
--- a/utils/modules/gitea.nix
+++ b/utils/modules/gitea.nix
@@ -20,7 +20,16 @@ in
        HTTP_PORT = 3001;
        DOMAIN = domain;
      };
-      service.DISABLE_REGISTRATION = true;
+      openid = {
+        ENABLE_OPENID_SIGNIN = false;
+        ENABLE_OPENID_SIGNUP = true;
+        WHITELISTED_URIS     = "auth.example.com";
+      };
+      service = {
+        DISABLE_REGISTRATION                          = false;
+        ALLOW_ONLY_EXTERNAL_REGISTRATION              = true;
+        SHOW_REGISTRATION_BUTTON                      = false;
+      };
      webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
    };
  };