Git server running on Forgejo.
SHA256:YjC9WtAL5wwgAhK6vLEKbkxB5/TKVaAxlWgG7UXgyvcSHA256:mw5OR16hA+bAGSdhnQMTdH3QN1wFFSBFTle4zzRukxEThe Forgejo is mostly configured using our nix-infra repo.
However some parts need to be configured via the Web UI. This includes: Settings for organizations and users as well as the CCCHH ID integration.
For the Keycloak integration we do the usual mapping of client roles into a groups claim, which then gets read by Forgejo. Forgejo then maps the value of the groups claim of a user to organization and teams and also uses it to determine whether or not the user should be an administrator. What exactly gets mapped is defined here.
Issues: Password login can not be disabled currently (see https://codeberg.org/forgejo/forgejo/issues/732), so off-boarded users probably need to be removed from Forgejo manually.