coop-cloud/gitlab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso templating

Browse Source
This commit is contained in:
marlon 2024-10-30 16:49:50 -04:00
parent 9149ed568c
commit 3cb30ab798
3 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.env.sample
View File

@ -3,7 +3,8 @@ TYPE=gitlab
DOMAIN=gitlab.example.com DOMAIN=gitlab.example.com
REGISTRY_DOMAIN=registry.gitlab.example.com REGISTRY_DOMAIN=registry.gitlab.example.com
PAGES_DOMAIN=pages.gitlab.example.com # The Gitlab Pages domain must not be a subdomain of the main Gitlab domain
PAGES_DOMAIN=pages.example.com
## Domain aliases ## Domain aliases
EXTRA_DOMAINS=", `$REGISTRY_DOMAIN`, `$PAGES_DOMAIN`" EXTRA_DOMAINS=", `$REGISTRY_DOMAIN`, `$PAGES_DOMAIN`"
@ -20,6 +21,6 @@ SECRET_RUNNER_TOKEN_VERSION=v1
SSO=false SSO=false
## Authentik Configuration ## Authentik Configuration
# SSO=true # SSO=true
# SSO_PROVIDER_HOST="authentik.mydomain.com" # SSO_PROVIDER_URL="https://authentik.mydomain.com/application/o/gitlab/"
# ORG_NAME="My Organization" # ORG_NAME="My Organization"
# SECRET_CLIENT_SSO_SECRET_VERSION=v1 # SECRET_SSO_PROVIDER_SECRET_VERSION=v1

3
compose.yml
View File

@ -53,6 +53,9 @@ secrets:
runner_token: runner_token:
external: true external: true
name: ${STACK_NAME}_runner_token_${SECRET_RUNNER_TOKEN_VERSION} name: ${STACK_NAME}_runner_token_${SECRET_RUNNER_TOKEN_VERSION}
sso_provider_secret:
external: true
name: ${STACK_NAME}_sso_provider_secret_${SECRET_SSO_PROVIDER_SECRET_VERSION}
volumes: volumes:
gitlabconfig: gitlabconfig:

8
gitlab.rb.tmpl
View File

@ -569,19 +569,19 @@ gitlab_rails['omniauth_providers'] = [
{ {
"name" => "openid_connect", "name" => "openid_connect",
"label" => "{{ env "ORG_NAME" }}", "label" => "{{ env "ORG_NAME" }}",
"icon" => "https://git.{{ env "BASE_DOMAIN" }}/uploads/-/system/appearance/favicon/1/favicon.png", "icon" => "https://{{ env "DOMAIN" }}/uploads/-/system/appearance/favicon/1/favicon.png",
"args" => { "args" => {
"name" => "openid_connect", "name" => "openid_connect",
"scope" => ["openid","profile","email"], "scope" => ["openid","profile","email"],
"response_type" => "code", "response_type" => "code",
"issuer" => "https://accounts.{{ env "BASE_DOMAIN" }}/realms/{{ env "KEYCLOAK_REALM" }}", "issuer" => "{{ env "SSO_PROVIDER_URL" }}",
"discovery" => true, "discovery" => true,
"client_auth_method" => "query", "client_auth_method" => "query",
"send_scope_to_token_endpoint" => "false", "send_scope_to_token_endpoint" => "false",
"client_options" => { "client_options" => {
"identifier" => "gitlab", "identifier" => "gitlab",
"secret" => "{{ env "GITLAB_KEYCLOAK_SECRET" }}", "secret" => "{{ secret "sso_provider_secret" }}",
"redirect_uri" => "https://git.{{ env "BASE_DOMAIN" }}/users/auth/openid_connect/callback" "redirect_uri" => "https://{{ env "DOMAIN" }}/users/auth/openid_connect/callback"
} }
} }
} }