From a33d0d12b024ff7b8959492a4789f0c1a417b2fd Mon Sep 17 00:00:00 2001
From: rasmus <rasmus@k-space.ee>
Date: Fri, 18 Apr 2025 14:45:14 +0300
Subject: [PATCH] gitea: also disable passkeys ot enforce OIDC

---
 gitea/application.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gitea/application.yaml b/gitea/application.yaml
index 08afc4f..92df9ac 100644
--- a/gitea/application.yaml
+++ b/gitea/application.yaml
@@ -171,8 +171,11 @@ spec:
               value: "false"
             - name: GITEA__SECURITY__INSTALL_LOCK
               value: "true"
+              # Disable bypassing (disabled) OIDC account. Password-based app tokens remain enabled.
             - name: GITEA__SERVICE__ENABLE_PASSWORD_SIGNIN_FORM
               value: "false"
+            - name: GITEA__SERVICE__ENABLE_PASSKEY_AUTHENTICATION
+              value: "false"
             - name: GITEA__SERVICE__REGISTER_EMAIL_CONFIRM
               value: "true"
             - name: GITEA__SERVICE__DISABLE_REGISTRATION