2021-12-26 01:08:03 +01:00
|
|
|
# Configure TVL Keycloak instance.
|
|
|
|
#
|
2022-09-20 11:19:54 +02:00
|
|
|
# TODO(tazjin): Configure GitLab IDP
|
2021-12-26 01:08:03 +01:00
|
|
|
|
|
|
|
terraform {
|
|
|
|
required_providers {
|
|
|
|
keycloak = {
|
|
|
|
source = "mrparkers/keycloak"
|
|
|
|
}
|
|
|
|
}
|
2021-12-27 15:23:59 +01:00
|
|
|
|
|
|
|
backend "s3" {
|
2024-09-01 14:11:50 +02:00
|
|
|
endpoints = {
|
|
|
|
s3 = "https://objects.dc-sto1.glesys.net"
|
|
|
|
}
|
|
|
|
bucket = "tvl-state"
|
|
|
|
key = "terraform/tvl-keycloak"
|
|
|
|
region = "glesys"
|
2021-12-27 15:23:59 +01:00
|
|
|
|
|
|
|
skip_credentials_validation = true
|
|
|
|
skip_region_validation = true
|
|
|
|
skip_metadata_api_check = true
|
2024-09-01 14:11:50 +02:00
|
|
|
skip_requesting_account_id = true
|
|
|
|
skip_s3_checksum = true
|
2021-12-27 15:23:59 +01:00
|
|
|
}
|
2021-12-26 01:08:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
provider "keycloak" {
|
|
|
|
client_id = "terraform"
|
|
|
|
url = "https://auth.tvl.fyi"
|
2024-09-01 14:21:44 +02:00
|
|
|
# NOTE: Docs mention this applies to "users of the legacy distribution of keycloak".
|
|
|
|
# However, we get a "failed to perform initial login to Keycloak: error
|
|
|
|
# sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found"
|
|
|
|
# if we don't set this.
|
|
|
|
base_path = "/auth"
|
2021-12-26 01:08:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
resource "keycloak_realm" "tvl" {
|
|
|
|
realm = "TVL"
|
|
|
|
enabled = true
|
|
|
|
display_name = "The Virus Lounge"
|
|
|
|
default_signature_algorithm = "RS256"
|
2022-09-20 11:21:28 +02:00
|
|
|
|
|
|
|
smtp_server {
|
|
|
|
from = "tvlbot@tazj.in"
|
|
|
|
from_display_name = "The Virus Lounge"
|
|
|
|
host = "127.0.0.1"
|
|
|
|
port = "25"
|
2022-12-25 13:05:31 +01:00
|
|
|
reply_to = "depot@tvl.su"
|
2022-09-20 11:21:28 +02:00
|
|
|
ssl = false
|
|
|
|
starttls = false
|
|
|
|
}
|
2021-12-26 01:08:03 +01:00
|
|
|
}
|