Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gitlab works!!!

Browse Source
This commit is contained in:
blaknull
2024-11-17 16:47:29 -06:00
parent 05c48fec76
commit 6a3269b587
3 changed files with 59 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

84
system-config/services/containers/gitlab/default.nix
View File

@@ -85,6 +85,8 @@
"z /etc/gitlab/secret - gitlab gitlab"
"z /etc/gitlab/jws - gitlab gitlab"
"z /etc/gitlab/otp - gitlab gitlab"
"z /etc/gitlab/oidc-id - gitlab gitlab"
"z /etc/gitlab/oidc-secret - gitlab gitlab"
];
services.gitlab = {
@@ -95,10 +97,12 @@
databasePasswordFile = "/etc/gitlab/dbpass";
initialRootPasswordFile = "/etc/gitlab/rootpass";
extraEnv = {
OIDC_CLIENT_ID = builtins.readFile "/etc/gitlab/oidc-id";
OIDC_CLIENT_SECRET = builtins.readFile "/etc/gitlab/oidc-secret";
};
statePath = "/etc/gitlab/data";
/*extraEnv = {
OIDC_CLIENT_ID = "";
OIDC_CLIENT_SECRET = "";
};*/
secrets = {
secretFile = "/etc/gitlab/secret";
@@ -107,38 +111,46 @@
jwsFile = "/etc/gitlab/jws";
};
extraGitlabRb = ''
gitlab_rails['omniauth_allow_single_sign_on'] = ['openid_connect']
gitlab_rails['omniauth_sync_email_from_provider'] = 'openid_connect'
gitlab_rails['omniauth_sync_profile_from_provider'] = ['openid_connect']
gitlab_rails['omniauth_sync_profile_attributes'] = ['email']
gitlab_rails['omniauth_auto_sign_in_with_provider'] = 'openid_connect'
gitlab_rails['omniauth_block_auto_created_users'] = false
gitlab_rails['omniauth_auto_link_saml_user'] = true
gitlab_rails['omniauth_auto_link_user'] = ["openid_connect"]
gitlab_rails['omniauth_providers'] = [
{
name: 'openid_connect',
label: 'My Company OIDC Login',
args: {
name: 'openid_connect',
scope: ['openid','profile','email'],
response_type: 'code',
issuer: 'https://auth.blunkall.us/application/o/gitlab/',
discovery: true,
client_auth_method: 'query',
uid_field: 'preferred_username',
send_scope_to_token_endpoint: 'true',
pkce: true,
client_options: {
identifier: '$${OIDC_CLIENT_ID}',
secret: '$${OIDC_CLIENT_SECRET}',
redirect_uri: 'https://gitlab.blunkall.us/users/auth/openid_connect/callback'
}
}
}
]
'';
extraConfig = {
gitlab = {
default_project_features = {
builds = false;
};
};
omniauth = {
enabled = true;
auto_sign_in_with_provider = "openid_connect";
allow_single_sign_on = [ "openid_connect" ];
sync_email_from_provider = "openid_connect";
sync_profile_from_provider = [ "openid_connect" ];
sync_profile_attributes = [ "email" ];
auto_link_saml_user = true;
auto_link_user = [ "openid_connect" ];
block_auto_created_users = false;
providers = [
{
name = "openid_connect";
label = "Authentik SSO";
args = {
name = "openid_connect";
scope = [ "openid" "profile" "email" ];
response_type = "code";
issuer = "https://auth.blunkall.us/application/o/gitlab/";
discovery = true;
client_auth_method = "query";
uid_field = "preferred_username";
send_scope_to_token_endpoint = true;
pkce = true;
client_options = {
identifier = { _secret = "/etc/gitlab/oidc-id"; };
secret = { _secret = "/etc/gitlab/oidc-secret"; };
redirect_uri = "https://gitlab.blunkall.us/users/auth/openid_connect/callback";
};
};
}
];
};
};
};
services.nginx = {
enable = true;