From 2ca9d2897d8ca741d483d8c5fb5149bfe7f8c481 Mon Sep 17 00:00:00 2001 From: Histausse Date: Mon, 24 Apr 2023 21:55:30 +0200 Subject: [PATCH] test openid redirection --- pp-gitea.nix | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/pp-gitea.nix b/pp-gitea.nix index ad28d2d..b5fa0f7 100644 --- a/pp-gitea.nix +++ b/pp-gitea.nix @@ -12,10 +12,15 @@ in example = "git.example.com"; description = "The domain of the server"; }; - disableRegistration = mkOption { + openIdEnable = mkOption { type = types.bool; - default = true; - description = "Must be set to `false` for the initial deployement"; + default = false; + description = "If OpenId provider is setup and should be used exclusively."; + }; + openIdClientName = mkOption { + type = types.str; + default = ""; + description = "The name (id) of the openId client to use exclusively."; }; customPackage = mkOption { type = types.package; @@ -38,8 +43,10 @@ in services.gitea.stateDir = "/var/lib/gitea"; # default value services.gitea.enable = true; services.gitea.rootUrl = "https://${cfg.domain}/"; - services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce cfg.disableRegistration; # Only set after initial deploy services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this??? + services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable); + services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable; + services.gitea.settings.openid.ENABLE_OPENID_SIGNUP = cfg.openIdEnable; services.gitea.lfs.enable = true; services.gitea.domain = cfg.domain; # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance @@ -92,6 +99,9 @@ in proxy_pass_request_headers on; ''; }; + lib.mkIf (cfg.openIdEnable) { + locations."/user/login".globalRedirect = "$host/${cfg.openIdClientName}"; + }; }; }; };