oauth for gitea

infrastructure/gitea/gitea.values.yaml

@@ -81,6 +81,7 @@ persistence:
 signing:
   enabled: false
 
+    
 ## @section Gitea
 #
 gitea:
@@ -115,11 +116,23 @@ gitea:
     indexer:
       ISSUE_INDEXER_TYPE: bleve
       REPO_INDEXER_ENABLED: false
+
+  oauth:
+    - name: authelia
+      provider: openidConnect
+      autoDiscoverUrl: https://auth.kluster.moll.re/.well-known/openid-configuration
+      scopes: openid email profile groups
+      existingSecret: gitea-oauth
+      required-claim-name: groups
+      required-claim-value: gitea
+      admin-group: apps_admin
+
   
-  additionalConfigSources:
-    - secret:
-        secretName: gitea-oauth
-  # since we want to reuse the posgres secret, we cannot directly use it here, but instead set the ENV variables
+  # since we want to reuse the postgres secret, we cannot directly use it in
+  # additionalConfigSources:
+  #   - secret:
+  #       secretName: postgres-password
+  # but instead set the ENV variables
   additionalConfigFromEnvs:
     - name: GITEA__DATABASE__DB_TYPE
       value: postgres