eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Expose Forgejo publicly at forge.eblu.me #278

Merged
eblume merged 14 commits from feature/forge-public into main 2026-03-03 08:40:42 -08:00
Conversation 0 Commits 14 Files changed 49 +2 -2
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 8f47145b40 - Show all commits

Update Authentik Forgejo OAuth callback to forge.eblu.me

Prev Next 
Update redirect_uris and meta_launch_url to use the new public domain.
OAuth flow will dead-end naturally since Authentik is not publicly
accessible — SSO only works from the tailnet.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Erich Blume 2026-03-03 07:53:28 -08:00
commit 8f47145b40

4
argocd/manifests/authentik/configmap-blueprint.yaml
View file

@ -120,7 +120,7 @@ data:
client_secret: !Env AUTHENTIK_FORGEJO_CLIENT_SECRET client_secret: !Env AUTHENTIK_FORGEJO_CLIENT_SECRET
redirect_uris: redirect_uris:
- matching_mode: strict - matching_mode: strict
url: https://forge.ops.eblu.me/user/oauth2/authentik/callback url: https://forge.eblu.me/user/oauth2/authentik/callback
signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]] signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
property_mappings: property_mappings:
- !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]] - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
@ -138,7 +138,7 @@ data:
name: Forgejo name: Forgejo
slug: forgejo slug: forgejo
provider: !KeyOf forgejo-provider provider: !KeyOf forgejo-provider
meta_launch_url: https://forge.ops.eblu.me meta_launch_url: https://forge.eblu.me
policy_engine_mode: any policy_engine_mode: any
# Policy binding — restrict Forgejo to admins group # Policy binding — restrict Forgejo to admins group