hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Fix Forgejo OIDC account linking

Browse source
This commit is contained in:
Conrad Kramer 2026-04-01 13:43:47 -07:00
parent bb05bd9014
commit 3332bf5c53
1 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

25
nixos/modules/burrow-forge.nix
View file

@ -121,6 +121,24 @@ in
description = "OIDC group that is required to log into Forgejo."; description = "OIDC group that is required to log into Forgejo.";
}; };
oidcAutoRegistration = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether Forgejo should automatically create users for new OIDC sign-ins.";
};
oidcAccountLinking = lib.mkOption {
type = lib.types.enum [ "disabled" "login" "auto" ];
default = "auto";
description = "How Forgejo should link existing local accounts for OIDC sign-ins.";
};
oidcUsernameSource = lib.mkOption {
type = lib.types.enum [ "userid" "nickname" "email" ];
default = "email";
description = "Which OIDC claim Forgejo should use to derive usernames for auto-registration.";
};
authorizedKeys = lib.mkOption { authorizedKeys = lib.mkOption {
type = with lib.types; listOf str; type = with lib.types; listOf str;
default = [ ]; default = [ ];
@ -201,6 +219,13 @@ in
ENABLE_OPENID_SIGNUP = false; ENABLE_OPENID_SIGNUP = false;
}; };
oauth2_client = {
OPENID_CONNECT_SCOPES = lib.concatStringsSep " " (lib.subtractLists [ "openid" ] cfg.oidcScopes);
ENABLE_AUTO_REGISTRATION = cfg.oidcAutoRegistration;
ACCOUNT_LINKING = cfg.oidcAccountLinking;
USERNAME = cfg.oidcUsernameSource;
};
actions = { actions = {
ENABLED = true; ENABLED = true;
}; };