This is an old revision of the document!
Git
- service-urls:
- https://git.hamburg.ccc.de/
- host-fqdn:
- git.hamburg.ccc.de
- netbox-link:
- https://netbox.hamburg.ccc.de/virtualization/virtual-machines/46/
- server:
- Chaosknoten
- maintainer:
- june
- ccchh-id-integration:
- true
- config-management:
- nix-infra
Git server running on Forgejo.
Configuration
The Forgejo is mostly configured using our nix-infra repo.
However some parts need to be configured via the Web UI. This includes: Settings for organizations and users as well as the CCCHH ID integration.
CCCHH ID (Keycloak) Integration
For the Keycloak integration we do the usual mapping of client roles into a groups
claim, which then gets read by Forgejo. Forgejo then maps the value of the groups
claim of a user to organization and teams and also uses it to determine whether or not the user should be an administrator. What exactly gets mapped is defined here.
Furthermore we also map a user attribute gitaccess
and its value into a claim by the same name in Keycloak. The claim and its values are then read by Keycloak to determine whether or not the user should be able to log in.