From d336ea124ed7da2a9ebbef91c7b26d689f8c9cbf Mon Sep 17 00:00:00 2001 From: Histausse Date: Wed, 26 Apr 2023 22:08:43 +0200 Subject: [PATCH] fix openid config for gitea --- pp-gitea.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pp-gitea.nix b/pp-gitea.nix index 7fd47e8..f19b8d9 100644 --- a/pp-gitea.nix +++ b/pp-gitea.nix @@ -44,9 +44,12 @@ in services.gitea.enable = true; services.gitea.rootUrl = "https://${cfg.domain}/"; services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this??? + + # If true, openid users cannot create new account #services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable); - #services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable; - #services.gitea.settings."openid".ENABLE_OPENID_SIGNUP = cfg.openIdEnable; + services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce false; + services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable; + services.gitea.lfs.enable = true; services.gitea.domain = cfg.domain; # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance @@ -83,7 +86,7 @@ in security.acme.defaults.email = cfgBase.adminEmail; services.nginx = { enable = true; - virtualHosts = lib.mkMerge { + virtualHosts = { "${cfg.domain}" = { forceSSL = true; enableACME = true; @@ -99,9 +102,9 @@ in proxy_pass_request_headers on; ''; }; -# locations."/user/login" = lib.mkIf (cfg.openIdEnable) { -# globalRedirect = "$host/${cfg.openIdClientName}"; -# }; + locations."/user/login" = lib.mkIf (cfg.openIdEnable) { + return = "301 https://$host/user/oauth2/${cfg.openIdClientName}"; + }; }; }; };