====== Git ======
---- dataentry service ----
service-urls_urls:          https://git.hamburg.ccc.de/
other-service-fqdns:        
host-fqdn:                  git.hamburg.ccc.de
netbox-link_url:            https://netbox.hamburg.ccc.de/virtualization/virtual-machines/46/
server_page:                infrastructure:servers:Chaosknoten
maintainers:                june
ccchh-id-integration_yesno: true
config-management:          nix-infra
----

===== Description =====

Git server running on Forgejo.

==== SSH Public Key Fingerprints ====

  * ssh-ed25519 fingerprint: ''SHA256:YjC9WtAL5wwgAhK6vLEKbkxB5/TKVaAxlWgG7UXgyvc''
  * ssh-rsa fingerprint: ''SHA256:mw5OR16hA+bAGSdhnQMTdH3QN1wFFSBFTle4zzRukxE''

===== Configuration =====

The Forgejo is mostly configured using our nix-infra repo.

However some parts need to be configured via the Web UI. This includes: Settings for organizations and users as well as the [[infrastructure:services:keycloak|]] integration.

==== CCCHH ID (Keycloak) Integration ====

For the Keycloak integration we do the usual mapping of client roles into a ''groups'' claim, which then gets read by Forgejo. Forgejo then maps the value of the ''groups'' claim of a user to organization and teams and also uses it to determine whether or not the user should be an administrator. What exactly gets mapped is defined [[https://git.hamburg.ccc.de/admin/auths/1|here]].

Issues: Password login can not be disabled currently (see https://codeberg.org/forgejo/forgejo/issues/732), so off-boarded users probably need to be removed from Forgejo manually.