From 7eb0cdff9de3da79e7d3f73742ba5946f26cc816 Mon Sep 17 00:00:00 2001
From: Martin McCaffery <martin.mccaffery@think-ahead.tech>
Date: Thu, 29 Jan 2026 11:43:51 +0100
Subject: [PATCH] Re-enable dex

---
 template/stacks/core/argocd/values.yaml | 22 +++++----
 template/stacks/core/dex.yaml           | 60 ++++++++++++-------------
 2 files changed, 39 insertions(+), 43 deletions(-)

diff --git a/template/stacks/core/argocd/values.yaml b/template/stacks/core/argocd/values.yaml
index d5eab59..d197745 100644
--- a/template/stacks/core/argocd/values.yaml
+++ b/template/stacks/core/argocd/values.yaml
@@ -5,18 +5,16 @@ configs:
   params:
     server.insecure: true
   cm:
-    # This code never quite worked, always led to 503 errors
-    # In theory it allows access to ArgoCD via OIDC through Forgejo
-    # oidc.config: |
-    #   name: FORGEJO
-    #   issuer: https://{{{ .Env.DOMAIN_DEX }}}
-    #   clientID: controller-argocd-dex
-    #   clientSecret: $dex-argo-client:clientSecret
-    #   requestedScopes:
-    #   - openid
-    #   - profile
-    #   - email
-    #   - groups
+    oidc.config: |
+      name: FORGEJO
+      issuer: https://{{{ .Env.DOMAIN_DEX }}}
+      clientID: controller-argocd-dex
+      clientSecret: $dex-argo-client:clientSecret
+      requestedScopes:
+      - openid
+      - profile
+      - email
+      - groups
     application.resourceTrackingMethod: annotation
     timeout.reconciliation: 60s
     resource.exclusions: |
diff --git a/template/stacks/core/dex.yaml b/template/stacks/core/dex.yaml
index d3d1fb9..d41c0bf 100644
--- a/template/stacks/core/dex.yaml
+++ b/template/stacks/core/dex.yaml
@@ -1,31 +1,29 @@
-# NOTE Dex is disabled as it never quite worked, and was taking up pods which caused us to hit node capacity.
-
-# apiVersion: argoproj.io/v1alpha1
-# kind: Application
-# metadata:
-#   name: dex
-#   namespace: argocd
-#   labels:
-#     env: dev
-# spec:
-#   project: default
-#   syncPolicy:
-#     automated:
-#       selfHeal: true
-#     syncOptions:
-#       - CreateNamespace=true
-#     retry:
-#       limit: -1
-#   destination:
-#     name: in-cluster
-#     namespace: dex
-#   sources:
-#     - repoURL: https://charts.dexidp.io
-#       chart: dex
-#       targetRevision: 0.23.0
-#       helm:
-#         valueFiles:
-#           - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/dex/values.yaml
-#     - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
-#       targetRevision: HEAD
-#       ref: values
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dex
+  namespace: argocd
+  labels:
+    env: dev
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: -1
+  destination:
+    name: in-cluster
+    namespace: dex
+  sources:
+    - repoURL: https://charts.dexidp.io
+      chart: dex
+      targetRevision: 0.23.0
+      helm:
+        valueFiles:
+          - $values/{{{ .Env.CLIENT_REPO_ID }}}/{{{ .Env.DOMAIN }}}/stacks/core/dex/values.yaml
+    - repoURL: https://{{{ .Env.CLIENT_REPO_DOMAIN }}}/{{{ .Env.CLIENT_REPO_ORG_NAME }}}
+      targetRevision: HEAD
+      ref: values