From 905c24b23225a6e7d9346be268201dd260ca0669 Mon Sep 17 00:00:00 2001
From: aftix <aftix@aftix.xyz>
Date: Tue, 7 Jan 2025 15:08:02 -0600
Subject: [PATCH] host: opt: www: Added declaritive groups, oauth clients, and
 persons to kanidm

---
 host/opt/www/kanidm.nix | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/host/opt/www/kanidm.nix b/host/opt/www/kanidm.nix
index 9db8a28..5bb20ad 100644
--- a/host/opt/www/kanidm.nix
+++ b/host/opt/www/kanidm.nix
@@ -60,6 +60,31 @@ in {
           adminPasswordFile = config.sops.secrets.kanidm_admin_password.path;
           idmAdminPasswordFile = config.sops.secrets.kanidm_idmadmin_password.path;
           instanceUrl = "https://localhost:${builtins.toString cfg.port}";
+
+          groups = {
+            administrators.present = true;
+            forgejo_users.present = true;
+          };
+
+          persons = {
+            administrator = {
+              displayName = "Administrator";
+              groups = [
+                "administrators"
+                "forgejo_users"
+              ];
+              present = true;
+            };
+          };
+
+          systems.oauth2.forgejo = {
+            allowInsecureClientDisablePkce = true;
+            displayName = "Forgejo";
+            present = true;
+            originLanding = "https://forge.aftix.xyz/";
+            originUrl = "https://forge.aftix.xyz/user/oauth2/kanidm/callback";
+            scopeMaps.forgejo_users = ["email" "groups" "openid" "profile"];
+          };
         };
         serverSettings = {
           inherit (cfg) domain;