From 6f1aca7b01a825e71bb7db10e9968ade435e57b0 Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Sun, 9 Nov 2025 11:11:55 -0300
Subject: [PATCH] Configure Forgejo OAuth2 and disable public registration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add OAuth2 client configuration to enable auto-registration via SSO
with Kanidm, while disabling direct public registration. Users can now
authenticate through the identity provider with automatic account
creation and avatar syncing.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 hosts/trantor/forgejo.nix | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hosts/trantor/forgejo.nix b/hosts/trantor/forgejo.nix
index a89526d..9688458 100644
--- a/hosts/trantor/forgejo.nix
+++ b/hosts/trantor/forgejo.nix
@@ -25,6 +25,12 @@ in
       mailer.ENABLED = false;
       actions.ENABLED = false;
       service.DISABLE_REGISTRATION = true;
+      oauth2_client = {
+        ENABLE_AUTO_REGISTRATION = true;
+        UPDATE_AVATAR = true;
+        ACCOUNT_LINKING = "login";
+        USERNAME = "preferred_username";
+      };
     };
   };