test openid redirection

This commit is contained in:
Histausse 2023-04-24 21:55:30 +02:00
parent fa4f5c2d75
commit 43d2f45fd8

View file

@ -12,10 +12,15 @@ in
example = "git.example.com"; example = "git.example.com";
description = "The domain of the server"; description = "The domain of the server";
}; };
disableRegistration = mkOption { openIdEnable = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = "Must be set to `false` for the initial deployement"; description = "If OpenId provider is setup and should be used exclusively.";
};
openIdClientName = mkOption {
type = types.str;
default = "";
description = "The name (id) of the openId client to use exclusively.";
}; };
customPackage = mkOption { customPackage = mkOption {
type = types.package; type = types.package;
@ -38,8 +43,10 @@ in
services.gitea.stateDir = "/var/lib/gitea"; # default value services.gitea.stateDir = "/var/lib/gitea"; # default value
services.gitea.enable = true; services.gitea.enable = true;
services.gitea.rootUrl = "https://${cfg.domain}/"; services.gitea.rootUrl = "https://${cfg.domain}/";
services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce cfg.disableRegistration; # Only set after initial deploy
services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this??? services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this???
services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable);
services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
services.gitea.settings.openid.ENABLE_OPENID_SIGNUP = cfg.openIdEnable;
services.gitea.lfs.enable = true; services.gitea.lfs.enable = true;
services.gitea.domain = cfg.domain; services.gitea.domain = cfg.domain;
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
@ -80,18 +87,23 @@ in
"${cfg.domain}" = { "${cfg.domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations = lib.mkMerge [
proxyPass = "http://127.0.0.1:3000"; ("/" = {
extraConfig = '' proxyPass = "http://127.0.0.1:3000";
proxy_set_header X-Forwarded-Host $host; extraConfig = ''
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_request_headers on; proxy_set_header Host $host;
''; proxy_pass_request_headers on;
}; '';
})
(lib.mkIf (cfg.openIdEnable) {
"/user/login" = { globalRedirect = "$host/${cfg.openIdClientName}"; };
})
];
}; };
}; };
}; };