kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-06 02:11:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Implemented OIDC für LDAP

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-06-26 21:16:07 +02:00
parent f86568fb85
commit 6d4723b321
18 changed files with 187 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
roles/docker-gitea/templates/env.j2
View File

@@ -14,6 +14,7 @@ DOMAIN={{domains | get_domain(application_id)}}
SSH_DOMAIN={{domains | get_domain(application_id)}}
RUN_MODE="{{ 'dev' if (CYMAIS_ENVIRONMENT | lower) == 'development' else 'prod' }}"
ROOT_URL="{{ web_protocol }}://{{domains | get_domain(application_id)}}/"
APP_NAME="{{ applications[application_id].title }}"
# Mail Configuration
# @see https://docs.gitea.com/next/installation/install-with-docker#managing-deployments-with-environment-variables
@@ -30,4 +31,47 @@ GITEA__mailer__PASSWD={{ users['no-reply'].mailu_token }}
# @see https://github.com/go-gitea/gitea/issues/17619
GITEA__REPOSITORY__ENABLE_PUSH_CREATE_USER={{ applications[application_id].configuration.repository.enable_push_create_user | lower }}
GITEA__REPOSITORY__DEFAULT_PRIVATE={{ applications[application_id].configuration.repository.default_private | lower }}
GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications[application_id].configuration.repository.default_push_create_private | lower }}
GITEA__REPOSITORY__DEFAULT_PUSH_CREATE_PRIVATE={{ applications[application_id].configuration.repository.default_push_create_private | lower }}
GITEA__security__INSTALL_LOCK=true # Locks the installation page
{% if applications | is_feature_enabled('oidc',application_id) %}
GITEA__openid__ENABLE_OPENID_SIGNUP=true
GITEA__openid__ENABLE_OPENID_SIGNUP=true
{% endif %}
{% if applications | is_feature_enabled('ldap',application_id) %}
# ------------------------------------------------
# LDAP Authentication (via BindDN)
# ------------------------------------------------
GITEA__auth__LDAP__ENABLED={{ applications | is_feature_enabled('ldap',application_id) | string | lower }}
GITEA__auth__LDAP__HOST={{ ldap.server.domain }}
GITEA__auth__LDAP__PORT={{ ldap.server.port }}
# security protocol: "", "SSL" or "TLS"
GITEA__auth__LDAP__SECURITY={{ ldap.server.security | trim or "unencrypted" }}
GITEA__auth__LDAP__BIND_DN={{ ldap.dn.administrator }}
GITEA__auth__LDAP__BIND_PASSWORD={{ ldap.bind_credential }}
GITEA__auth__LDAP__USER_SEARCH_BASE={{ ldap.dn.users }}
GITEA__auth__LDAP__USER_FILTER={{ ldap.filters.user_filter }}
# map LDAP attributes to Gitea fields
GITEA__auth__LDAP__ATTRIBUTE_USERNAME={{ ldap.attributes.user_id }}
GITEA__auth__LDAP__ATTRIBUTE_FULL_NAME={{ ldap.attributes.name }}
GITEA__auth__LDAP__ATTRIBUTE_MAIL={{ ldap.attributes.mail }}
# ------------------------------------------------
# Periodic sync for external LDAP users
# ------------------------------------------------
GITEA__cron__SYNC_EXTERNAL_USERS_ENABLED=true
# default: sync daily at midnight
GITEA__cron__SYNC_EXTERNAL_USERS_CRON=0 0 * * *
{% endif %}
# ------------------------------------------------
# Disable user self-registration
# ------------------------------------------------
# After this only admins can create accounts
GITEA__service__DISABLE_REGISTRATION=false