tvl-depot/ops/keycloak
Vincent Ambo 5a6f984222 refactor(ops/keycloak): Split out clients & user-sources
Without some kind of physical organisation it's a little difficult to
understand whether things are going "in" (supplying users to Keycloak)
or "out" (getting auth/user info from Keycloak).

Change-Id: I516501081e3448c81c710fcbc79cc68ad2a80f3b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4762
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
2022-01-02 21:22:17 +00:00
..
.gitignore feat(ops/keycloak): Check in initial Keycloak configuration 2021-12-26 16:45:59 +00:00
clients.tf refactor(ops/keycloak): Split out clients & user-sources 2022-01-02 21:22:17 +00:00
default.nix feat(ops/keycloak): Check in initial Keycloak configuration 2021-12-26 16:45:59 +00:00
main.tf refactor(ops/keycloak): Split out clients & user-sources 2022-01-02 21:22:17 +00:00
README.md feat(ops/secrets): Add tf-keycloak secrets file 2021-12-27 15:53:57 +00:00
user_sources.tf refactor(ops/keycloak): Split out clients & user-sources 2022-01-02 21:22:17 +00:00

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/secrets/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)