raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(sso/git): adding the kanidm connection to forgejo

Browse source
This commit is contained in:
Raphael 2025-12-25 01:23:58 +01:00
parent 94025116d0
commit 655235c6ba
No known key found for this signature in database
1 changed files with 39 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

39
services/self_host/sso.nix
View file

@ -70,6 +70,45 @@ in
}; };
}; };
systems.oauth2 = { systems.oauth2 = {
forgejo = {
present = true;
displayName = "Forjego";
originUrl = "https://git.enium.eu";
imageFile = kanidmLogo;
originLanding = "https://git.enium.eu/user/oauth2/Enium/callback";
basicSecretFile = config.age.secrets.forgejo-oidc-secret.path;
public = false;
enableLocalhostRedirects = false;
allowInsecureClientDisablePkce = true;
preferShortUsername = true;
scopeMaps = {
forgejo_admins = [
"email"
"openid"
"profile"
"groups"
];
forgejo_users = [
"email"
"openid"
"profile"
"groups"
];
};
claimMaps = {
groups = {
joinType = "array";
valuesByGroup = {
forgejo_admins = [
"forgejo_admins"
];
forgejo_users = [
"forgejo_users"
];
};
};
};
};
grafana = { grafana = {
present = true; present = true;
displayName = "Grafana"; displayName = "Grafana";