fix openid config for gitea

2023-04-26 22:08:43 +02:00 · 2023-04-26 22:08:43 +02:00 · d336ea124e
parent 251e32c76e
commit d336ea124e
1 changed files with 9 additions and 6 deletions
--- a/pp-gitea.nix
+++ b/pp-gitea.nix
@ -44,9 +44,12 @@ in
    services.gitea.enable = true;
    services.gitea.rootUrl = "https://${cfg.domain}/";
    services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true;        # Why do I need to override this???
    # If true, openid users cannot create new account
    #services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable);
-    #services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
+    services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce false;
-    #services.gitea.settings."openid".ENABLE_OPENID_SIGNUP = cfg.openIdEnable;
+    services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable;
    services.gitea.lfs.enable = true;
    services.gitea.domain = cfg.domain;
    # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
@ -83,7 +86,7 @@ in
    security.acme.defaults.email = cfgBase.adminEmail;
    services.nginx = {
        enable = true;
-        virtualHosts = lib.mkMerge {
+        virtualHosts = {
          "${cfg.domain}" = {
            forceSSL = true;
            enableACME = true;
@ -99,9 +102,9 @@ in
                proxy_pass_request_headers on;
              '';
            };
-#            locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
+            locations."/user/login" = lib.mkIf (cfg.openIdEnable) {
-#              globalRedirect = "$host/${cfg.openIdClientName}";
+              return = "301 https://$host/user/oauth2/${cfg.openIdClientName}";
-#            };
+            };
          };
        };
      };