test openid redirection WIP
This commit is contained in:
parent
fa4f5c2d75
commit
24fd7b8e30
20
pp-gitea.nix
20
pp-gitea.nix
|
@ -12,10 +12,15 @@ in
|
||||||
example = "git.example.com";
|
example = "git.example.com";
|
||||||
description = "The domain of the server";
|
description = "The domain of the server";
|
||||||
};
|
};
|
||||||
disableRegistration = mkOption {
|
openIdEnable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = true;
|
default = false;
|
||||||
description = "Must be set to `false` for the initial deployement";
|
description = "If OpenId provider is setup and should be used exclusively.";
|
||||||
|
};
|
||||||
|
openIdClientName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = "The name (id) of the openId client to use exclusively.";
|
||||||
};
|
};
|
||||||
customPackage = mkOption {
|
customPackage = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
|
@ -38,8 +43,10 @@ in
|
||||||
services.gitea.stateDir = "/var/lib/gitea"; # default value
|
services.gitea.stateDir = "/var/lib/gitea"; # default value
|
||||||
services.gitea.enable = true;
|
services.gitea.enable = true;
|
||||||
services.gitea.rootUrl = "https://${cfg.domain}/";
|
services.gitea.rootUrl = "https://${cfg.domain}/";
|
||||||
services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce cfg.disableRegistration; # Only set after initial deploy
|
|
||||||
services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this???
|
services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this???
|
||||||
|
services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable);
|
||||||
|
services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
|
||||||
|
services.gitea.settings."openid".ENABLE_OPENID_SIGNUP = cfg.openIdEnable;
|
||||||
services.gitea.lfs.enable = true;
|
services.gitea.lfs.enable = true;
|
||||||
services.gitea.domain = cfg.domain;
|
services.gitea.domain = cfg.domain;
|
||||||
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
|
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
|
||||||
|
@ -76,7 +83,7 @@ in
|
||||||
security.acme.defaults.email = cfgBase.adminEmail;
|
security.acme.defaults.email = cfgBase.adminEmail;
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts = {
|
virtualHosts = lib.mkMerge {
|
||||||
"${cfg.domain}" = {
|
"${cfg.domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
@ -92,6 +99,9 @@ in
|
||||||
proxy_pass_request_headers on;
|
proxy_pass_request_headers on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
# locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
|
||||||
|
# globalRedirect = "$host/${cfg.openIdClientName}";
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue