gitea and authentik
This commit is contained in:
27
ansible/playbooks/roles/gitea/tasks/configure_oidc.yml
Normal file
27
ansible/playbooks/roles/gitea/tasks/configure_oidc.yml
Normal file
@@ -0,0 +1,27 @@
|
||||
---
|
||||
# ------------------------------------------------------------------------------
|
||||
# FILE: ansible/playbooks/roles/gitea/tasks/configure_oidc.yml
|
||||
# DESCRIPTION: Registers Authentik as an OAuth2 source in Gitea via the admin
|
||||
# API. Idempotent — skips creation if source already exists.
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
- name: Check if authentik auth source already exists
|
||||
ansible.builtin.command:
|
||||
cmd: docker exec -u git gitea-gitea-1 gitea admin auth list
|
||||
register: _auth_list
|
||||
changed_when: false
|
||||
|
||||
- name: Create Authentik OAuth2 auth source
|
||||
ansible.builtin.command:
|
||||
cmd: >
|
||||
docker exec -u git gitea-gitea-1 gitea admin auth add-oauth
|
||||
--name authentik
|
||||
--provider openidConnect
|
||||
--key {{ gitea_oidc_client_id }}
|
||||
--secret {{ gitea_oidc_client_secret }}
|
||||
--auto-discover-url {{ gitea_oidc_discovery_url }}
|
||||
--scopes "email profile"
|
||||
--group-claim-name groups
|
||||
--admin-group {{ gitea_oidc_admin_group }}
|
||||
--skip-local-2fa false
|
||||
when: "'authentik' not in _auth_list.stdout"
|
||||
@@ -61,3 +61,7 @@
|
||||
# service_name: "{{ gitea_cname_name }}"
|
||||
# service_domain: "{{ gitea_cname_domain }}"
|
||||
# target_host: "{{ gitea_cname_target }}"
|
||||
- name: Configure Authentik OIDC source
|
||||
ansible.builtin.import_tasks: configure_oidc.yml
|
||||
when: gitea_oidc_enabled | bool
|
||||
tags: oidc
|
||||
Reference in New Issue
Block a user