oauth for gitea

2024-10-06 12:44:08 +02:00
parent 3b4b9ae7c5
commit 968303ea38
3 changed files with 21 additions and 6 deletions
--- a/infrastructure/authelia/authelia-oidc.sealedsecret.yaml
+++ b/infrastructure/authelia/authelia-oidc.sealedsecret.yaml
--- a/infrastructure/gitea/gitea-oauth.sealedsecret.yaml
+++ b/infrastructure/gitea/gitea-oauth.sealedsecret.yaml
@@ -6,7 +6,9 @@ metadata:
  name: gitea-oauth
  namespace: gitea
 spec:
-  encryptedData: {}
+  encryptedData:
+    key: AgAXDv5WIcA8AFGT4Eb1spaXbtifwOIFaiqjMbEuDYNG43Me7evzgrWmHvUQsf3jzkElsAhC/ykhsMKTNIGdeLC15oVifqOKL+19fcuBPwt7ubaL/z35svluq3P87vTP4Yp+rag3SvN05E4xteOiqyYJWSIUmrOHwkLRco4QzgTk2FO594//ZsA2TJb9YdjhBLXl/Ywhjpnf36t5blgUZAwX1NY61QkBbzr3UV2McWBB5dU2t561bvyo9KcAXkMNG/okzlhE2OzQoHoQYRz8o+xpySlI1Z06TE4G6mtojxnexuwR4EDds0c21aA2i5CIesnybGD8Vzwd4123A00PlQd67PSQm8hj3UJMzB3eWGAQuIhWn3zp7r01GElA9JW+9yVbPEkxaXMWaT6yaH3Zo04emRKPqBwxFpEPgWqZ00H9PjZn+KDBVnMs5+BG1jaYAuF3acLfLmgnO81F1B/jNX8JDShty2oW1heB9YBxSK2lTCYN1f4ItYV6N6eoC/q/mRlJOe2nAiUW8V3oT4x2x2S7Jw5Fwnd4avSesahtHzr4YwSNtq8jB/BSicYp1BezmALvXU8RUMmI6kvXkABuEHB6+G0ugQ8RDdg2OggZ92e4yKqv6vazWopH4GJ0sgpjViRHU8ZdxEJSgWH34+KKoUcW9eE8ugOynXAtthkasazfahxTmMd5XK6IbYsnNN/Bf3MyOonq0A==
+    secret: AgBh0QjLGKbQLRsI8imDwlktlUP/kRD/nUQAYWIEkVy6hZU1OWAAexfcwJi6uVIu/s4Wfzlzl7i5ok5WeeVCWDSTFh5Xz8+SNQoio0/xubbNiYCC81y/ZDhwS9CBn74UX1St4eEFeIcRjey+cyeB7vYCRrYO1WvpZFHx8G9KZa8F4Ca9fy07A3HTGEFdm0Of8MfOM/TVGn8pgJLh2KL+VnYbmyAwQp9hd1NlMM2DC5nPW5kkdfMnz9YG7uAMyaL2MkxTynpKvEJeSCWtIXQSuj60+3IGXNAUWOgYVF46vqzsBbQErXCC67tf8TXOo/lCcDZSVluuo50uWqQceuZ2QujrjwSsQiM9ax29mnI9idu7zqT4q2MQ08+HZT0qNKqN/1jYTUwf7j3jLcANQX5VVuY6zDSZ/hDE4sBuuEoisYTFQH2RicElX73BCfXeOHTOmD4R4EiL/Cn546JG+7qjmBLnljqdNwp0Tug0iLAp25IWhsz9FsNhVwEozil6Es5RGjVHrmIp7z61OwQPqyBOxvBXjIKfQjPY9rykl00UF/X34YWltob2qilUVfYnDGQcA/OZ6UNqN2IC6Pj+vlzAqdbElGapGvqhg2w+ErnL1vAl40HLfRiDCmK5s6dOE2eHdvi6lbbwVWtlpeB7BNuFRuf8npZiMfQmtA3x3FF7dcMXiFsPJ8RbTJRQDO9VeaVTAFDnql3eBhUssVKIehywj9m39dfLvDtdRA0=
  template:
    metadata:
      creationTimestamp: null
--- a/infrastructure/gitea/gitea.values.yaml
+++ b/infrastructure/gitea/gitea.values.yaml
@@ -81,6 +81,7 @@ persistence:
 signing:
  enabled: false

+    
 ## @section Gitea
 #
 gitea:
@@ -115,11 +116,23 @@ gitea:
    indexer:
      ISSUE_INDEXER_TYPE: bleve
      REPO_INDEXER_ENABLED: false
+
+  oauth:
+    - name: authelia
+      provider: openidConnect
+      autoDiscoverUrl: https://auth.kluster.moll.re/.well-known/openid-configuration
+      scopes: openid email profile groups
+      existingSecret: gitea-oauth
+      required-claim-name: groups
+      required-claim-value: gitea
+      admin-group: apps_admin
+
  
-  additionalConfigSources:
-    - secret:
-        secretName: gitea-oauth
-  # since we want to reuse the posgres secret, we cannot directly use it here, but instead set the ENV variables
+  # since we want to reuse the postgres secret, we cannot directly use it in
+  # additionalConfigSources:
+  #   - secret:
+  #       secretName: postgres-password
+  # but instead set the ENV variables
  additionalConfigFromEnvs:
    - name: GITEA__DATABASE__DB_TYPE
      value: postgres