From 03de03cd21d6b6d459a6d12cb789b3e7461d1464 Mon Sep 17 00:00:00 2001
From: root <root@f11391a1.federatedcomputer.cloud>
Date: Fri, 4 Oct 2024 12:24:44 +0000
Subject: [PATCH] Added SSO config to gitea.sh

---
 lib/gitea.sh | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/lib/gitea.sh b/lib/gitea.sh
index ad2db51..7646a13 100644
--- a/lib/gitea.sh
+++ b/lib/gitea.sh
@@ -302,6 +302,7 @@ configsso_gitea() {
   [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
   [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
   [[ $(grep "### Gitea" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Gitea configuration."
+  get_appvars
 
   GITEA_CLIENT_SECRET=$(create_password);
   GITEA_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $GITEA_CLIENT_SECRET | awk '{ print $2 }')
@@ -328,14 +329,24 @@ EOF
   /federated/bin/stop authelia
   /federated/bin/start authelia
 
-  docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
+  docker exec --user 1000 gitea gitea admin auth add-oauth --name "Authelia" --provider "openidConnect" --key "gitea" --secret "$GITEA_CLIENT_SECRET" --auto-discover-url "https://authelia.$DOMAIN/.well-known/openid-configuration" --skip-local-2fa "true" --scopes "openid email profile" --group-claim-name "groups" --admin-group "admin" --restricted-group "guest"
+
+  # Add in extra hosts config
+  add_authelia_config_to_dockercompose "$APP"
+
+  sed -i "s/GITEA__service__DISABLE_REGISTRATION=.*/GITEA__service__DISABLE_REGISTRATION=false/g" /federated/apps/gitea/.env
 
 cat >> /federated/apps/gitea/.env <<EOF
-GITEA__oauth2_client__ENABLE_AUTO_REGISTRATION=true
+GITEA__openid__ENABLE_OPENID_SIGNIN=false
+GITEA__openid__ENABLE_OPENID_SIGNUP=true
+GITEA__openid__WHITELISTED_URIS=$DOMAIN
+GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION=true
+GITEA__service__SHOW_REGISTRATION_BUTTON=false
 GITEA__oauth2_client__USERNAME=email
-GITEA__oauth2_client__ACCOUNT_LINKING=auto
+GITEA__oauth2_client__ACCOUNT_LINKING=login
+GITEA__oauth2_client__OPENID_CONNECT_SCOPES="openid profile email"
 EOF
 
   /federated/bin/stop gitea
-  /federated/bin/start gitea 
+  /federated/bin/start gitea
 }