From 509375f24d1e2a2c8ebbc53584adddf8c39883fb Mon Sep 17 00:00:00 2001
From: gitea_admin <thomas.mota@studentfr.ch>
Date: Mon, 27 Apr 2026 17:23:07 +0000
Subject: [PATCH] Add:Keycloak SSO integration with Gitea

---
 .env               |  1 +
 docker-compose.yml | 49 +++++++++++++++++++++++++++++++++++++++++++---
 2 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/.env b/.env
index ab8d366..d7f764e 100644
--- a/.env
+++ b/.env
@@ -1,2 +1,3 @@
 POSTGRES_PASSWORD=postegres_project.m169
 GITEA_DB_PASSWORD=gitea_project.m169
+KEYCLOAK_DB_PASSWORD=keycloak_project.m169
diff --git a/docker-compose.yml b/docker-compose.yml
index 91694be..e33cbd0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,13 +7,20 @@ services:
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
+      - "--entrypoints.websecure.address=:443"
+      - "--certificatesresolvers.letsencrypt.acme.email=contact@mota-thomas.com"
+      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
     environment:
       DOCKER_HOST: unix:///var/run/docker.sock
       DOCKER_API_VERSION: "1.54"
     ports:
       - "80:80"
+      - "443:443"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock:ro
+      - traefik_letsencrypt:/letsencrypt
 
   gitea-db:
     image: postgres:15
@@ -34,15 +41,51 @@ services:
       GITEA__database__NAME: gitea
       GITEA__database__USER: gitea
       GITEA__database__PASSWD: ${GITEA_DB_PASSWORD}
-      GITEA__server__ROOT_URL: http://83.228.250.32/
+      GITEA__server__ROOT_URL: https://gitea.mota-thomas.com/
     volumes:
       - gitea_data:/data
     labels:
       - "traefik.enable=true"
-      - "traefik.http.routers.gitea.rule=PathPrefix(`/`)"
-      - "traefik.http.routers.gitea.entrypoints=web"
+      - "traefik.http.routers.gitea.rule=Host(`gitea.mota-thomas.com`)"
+      - "traefik.http.routers.gitea.entrypoints=websecure"
+      - "traefik.http.routers.gitea.tls.certresolver=letsencrypt"
       - "traefik.http.services.gitea.loadbalancer.server.port=3000"
 
+  keycloak-db:
+    image: postgres:15
+    environment:
+      POSTGRES_DB: keycloak
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+    volumes:
+      - keycloak_db_data:/var/lib/postgresql/data
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:24.0
+    command: start-dev
+    environment:
+      KC_DB: postgres
+      KC_DB_URL_HOST: keycloak-db
+      KC_DB_URL_DATABASE: keycloak
+      KC_DB_USERNAME: keycloak
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_ADMIN_PASSWORD: admin
+      KC_HTTP_RELATIVE_PATH: /auth
+      KC_PROXY_HEADERS: xforwarded
+      KC_HOSTNAME_STRICT: false
+      KC_HTTP_ENABLED: true
+    depends_on:
+      - keycloak-db
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.keycloak.rule=Host(`keycloak.mota-thomas.com`)"
+      - "traefik.http.routers.keycloak.entrypoints=websecure"
+      - "traefik.http.routers.keycloak.tls.certresolver=letsencrypt"
+      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
+
 volumes:
   gitea_db_data:
   gitea_data:
+  keycloak_db_data:
+  traefik_letsencrypt: