From 33dedd1103b203a1abdbbfb1a93cc5bcd47936d7 Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Fri, 8 Aug 2025 10:27:09 +0530
Subject: [PATCH] Revert "feat: Added oidc for gitea"

This reverts commit f07bc9f11b53fe84444ee097a611f3e69680304a.
---
 nixos/mirai/services/gitea.nix | 56 ++++++++--------------------------
 1 file changed, 13 insertions(+), 43 deletions(-)

diff --git a/nixos/mirai/services/gitea.nix b/nixos/mirai/services/gitea.nix
index a4aa2df6..0705787b 100644
--- a/nixos/mirai/services/gitea.nix
+++ b/nixos/mirai/services/gitea.nix
@@ -7,18 +7,6 @@
   sops = {
     # secrets."gitea/registration".owner = config.systemd.services.gitea-actions-mirai.serviceConfig.User;
     secrets."gitea/registration" = {};
-    secrets."authelia/oidc/gitea/client_id" = {
-      owner = config.services.gitea.user;
-      group = config.services.gitea.group;
-      mode = "0440";
-      restartUnits = ["gitea.service" "authelia-darksailor.service"];
-    };
-    secrets."authelia/oidc/gitea/client_secret" = {
-      owner = config.services.gitea.user;
-      group = config.services.gitea.group;
-      mode = "0440";
-      restartUnits = ["gitea.service" "authelia-darksailor.service"];
-    };
     templates = {
       "GITEA_REGISTRATION_TOKEN.env".content = ''
         TOKEN=${config.sops.placeholder."gitea/registration"}
@@ -30,20 +18,16 @@
       enable = true;
       settings = {
         service = {
-          DISABLE_REGISTRATION = true;
-        };
-        "auth/authelia" = {
-          AUTO_DISCOVER_URL = "https://auth.darksailor.dev/.well-known/openid-configuration";
-          CLIENT_ID = config.sops.placeholder."authelia/oidc/gitea/client_id";
-          CLIENT_SECRET_FILE = config.sops.secrets."authelia/oidc/gitea/client_secret".path;
-          ICON_URL = "https://www.authelia.com/images/branding/logo-light.png";
-          NAME = "authelia";
-          PROVIDER = "openidConnect";
+          ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
+          ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true;
         };
         mailer = {
           ENABLED = true;
           PROTOCOL = "sendmail";
         };
+        security = {
+          REVERSE_PROXY_AUTHENTICATION_USER = "REMOTE-USER";
+        };
         server = {
           ROOT_URL = "https://git.darksailor.dev";
           DOMAIN = "git.darksailor.dev";
@@ -65,39 +49,25 @@
     };
     caddy = {
       virtualHosts."git.darksailor.dev".extraConfig = ''
+        import auth
         reverse_proxy localhost:3000
       '';
     };
     authelia = {
       instances.darksailor = {
         settings = {
-          identity_providers = {
-            oidc = {
-              clients = [
-                {
-                  client_name = "gitea";
-                  client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_id".path}" }}'';
-                  client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_secret".path}" }}'';
-                  public = false;
-                  authorization_policy = "one_factor";
-                  require_pkce = true;
-                  redirect_uris = [
-                    "https://git.darksailor.dev/user/oauth2/authelia/callback"
-                  ];
-                  scopes = ["openid" "profile" "email" "groups"];
-                  response_types = ["code"];
-                  grant_types = ["authorization_code"];
-                  userinfo_signed_response_alg = "none";
-                  token_endpoint_auth_method = "client_secret_post";
-                }
-              ];
-            };
-          };
           access_control = {
             rules = [
               {
                 domain = "git.darksailor.dev";
                 policy = "bypass";
+                resources = [
+                  "^/api([/?].*)?$"
+                ];
+              }
+              {
+                domain = "git.darksailor.dev";
+                policy = "one_factor";
               }
             ];
           };