From 0d93929e3db8155d003143161c91ed4188967586 Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 14 Dec 2025 21:42:08 -0300
Subject: [PATCH] gitea: relax required signin, set admin group+skip 2fa

---
 services/gitea/deployment.yaml | 2 ++
 services/gitea/oidc-job.yaml   | 8 ++++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/services/gitea/deployment.yaml b/services/gitea/deployment.yaml
index c0d2134..c769a6f 100644
--- a/services/gitea/deployment.yaml
+++ b/services/gitea/deployment.yaml
@@ -63,6 +63,8 @@ spec:
               value: "false"
             - name: GITEA__log__LEVEL
               value: "debug"
+            - name: GITEA__service__REQUIRE_SIGNIN_VIEW
+              value: "false"
             - name: DB_TYPE
               value: "postgres"
             - name: DB_HOST
diff --git a/services/gitea/oidc-job.yaml b/services/gitea/oidc-job.yaml
index 652d40f..32c4949 100644
--- a/services/gitea/oidc-job.yaml
+++ b/services/gitea/oidc-job.yaml
@@ -71,7 +71,9 @@ spec:
                   --secret "$CLIENT_SECRET" \
                   --auto-discover-url "$DISCOVERY_URL" \
                   --scopes "openid profile email" \
-                  --group-claim-name groups
+                  --group-claim-name groups \
+                  --admin-group admin \
+                  --skip-local-2fa
               else
                 echo "Creating keycloak auth source"
                 $BIN -c "$APPINI" admin auth add-oauth \
@@ -81,5 +83,7 @@ spec:
                   --secret "$CLIENT_SECRET" \
                   --auto-discover-url "$DISCOVERY_URL" \
                   --scopes "openid profile email" \
-                  --group-claim-name groups
+                  --group-claim-name groups \
+                  --admin-group admin \
+                  --skip-local-2fa
               fi