update conf for forgejo 1.20

2023-08-01 18:22:01 +02:00 · 2023-08-01 18:22:01 +02:00 · 71a61627e3
commit 71a61627e3
parent 0c415b8d4d
2 changed files with 14 additions and 1 deletions
--- a/seed/forgejo/dictionaries/31_forgejo.xml
+++ b/seed/forgejo/dictionaries/31_forgejo.xml
@ -27,6 +27,7 @@
      <variable name="forgejo_secret_key" type="password" hidden="True"/>
      <variable name="forgejo_internal_token" type="password" hidden="True"/>
      <variable name="forgejo_lfs_jwt_secret" type="password" hidden="True"/>
+      <variable name="forgejo_jwt_secret" type="password" hidden="True"/>
    </family>
    <family name="revprox">
      <family name="revprox_client">
@ -98,6 +99,15 @@
      <param name="length" type="number">43</param>
      <target>forgejo_lfs_jwt_secret</target>
    </fill>
+    <fill name="get_password">
+      <param name="server_name" type="variable">domain_name_eth0</param>
+      <param name="username">jwt_secret</param>
+      <param name="description">forgejo</param>
+      <param name="type">cleartext</param>
+      <param name="hide" type="variable">hide_secret</param>
+      <param name="length" type="number">43</param>
+      <target>forgejo_jwt_secret</target>
+    </fill>
    <fill name="calc_oauth2_client_login">
      <param type="variable" optional="True">revprox_client_external_domainnames</param>
      <param type="variable" optional="True">revprox_client_location</param>
--- a/seed/forgejo/templates/app.ini
+++ b/seed/forgejo/templates/app.ini
@ -586,7 +586,7 @@ PASSWORD_HASH_ALGO = pbkdf2

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;GNUNUX [oauth2]
+[oauth2]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@ -604,6 +604,9 @@ PASSWORD_HASH_ALGO = pbkdf2
 ;; OAuth2 authentication secret for access and refresh tokens, change this yourself to a unique string. CLI generate option is helpful in this case. https://docs.gitea.io/en-us/command-line/#generate
 ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
 ;JWT_SECRET =
+;>GNUNUX
+JWT_SECRET = {{ general.forgejo.forgejo_jwt_secret }}
+;<GNUNUX
 ;;
 ;; Lifetime of an OAuth2 access token in seconds
 ;ACCESS_TOKEN_EXPIRATION_TIME = 3600