diff options
author | Vincent Ambo <mail@tazj.in> | 2021-12-27T14·17+0300 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2021-12-27T15·53+0000 |
commit | e616f978d045ccbe62eee6403e0d93061982ae23 (patch) | |
tree | 29ab15344356e1f105e637815f851694561617bf | |
parent | 4f030f085d34f07eba19003ad4b951b327b075a9 (diff) |
feat(ops/secrets): Add tf-keycloak secrets file r/3470
This file can be sourced (somehow, depending on the user) while working with //ops/keycloak to get the relevant secrets. Change-Id: Ibb3051c4b019f64824964475451c1c3996db6421 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4708 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
-rwxr-xr-x | bin/__dispatch.sh | 2 | ||||
-rw-r--r-- | ops/keycloak/README.md | 18 | ||||
-rw-r--r-- | ops/secrets/secrets.nix | 1 | ||||
-rw-r--r-- | ops/secrets/tf-keycloak.age | 13 |
4 files changed, 33 insertions, 1 deletions
diff --git a/bin/__dispatch.sh b/bin/__dispatch.sh index 24a04d75cfdc..a6a945ad19b2 100755 --- a/bin/__dispatch.sh +++ b/bin/__dispatch.sh @@ -11,7 +11,7 @@ TARGET_TOOL=$(basename "$0") case "${TARGET_TOOL}" in age) - attr="third_party.nixpkgs-age" + attr="third_party.nixpkgs.age" ;; age-keygen) attr="third_party.nixpkgs.age" diff --git a/ops/keycloak/README.md b/ops/keycloak/README.md new file mode 100644 index 000000000000..e8ffd700b5e2 --- /dev/null +++ b/ops/keycloak/README.md @@ -0,0 +1,18 @@ +Terraform for Keycloak +====================== + +This contains the Terraform configuration for deploying TVL's Keycloak +instance (which lives at `auth.tvl.fyi`). + +Secrets are needed for applying this. The encrypted file +`//ops/secrets/tf-keycloak.age` contains `export` calls which should +be sourced, for example via `direnv`, by users with the appropriate +credentials. + +An example `direnv` configuration used by tazjin is this: + +``` +# //ops/secrets/.envrc +source_up +eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age) +``` diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix index e1101645468d..d21db24660a5 100644 --- a/ops/secrets/secrets.nix +++ b/ops/secrets/secrets.nix @@ -30,4 +30,5 @@ in { "nix-cache-pub.age" = default; "owothia.age" = default; "panettone.age" = default; + "tf-keycloak.age" = default; } diff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age new file mode 100644 index 000000000000..ee0bcb679c0d --- /dev/null +++ b/ops/secrets/tf-keycloak.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 dcsaLw CRX6a8zfz3BaDYhwrBPXBgEn/o0WuS6UdvA55wYNTBc +/5gTObQ8770g8kIxCQyQj8hOh+1dkOu5DW1sz33eiy8 +-> ssh-ed25519 CpJBgQ 1/oDGaLOKblznS/ciKQ0g7Jdfg1KtEKWugjE9o9n1jo +A5wcsx6NXQpjKR8Y9jlM4JN34IUi3T4UuTIOtmOHwcs +-> ssh-ed25519 aXKGcg pYkMVxIGv408998UFzNQZvCQqBNPOSx+fvMs9FGd2nc +Ue1rNrARXo0/Fq0qazNo+5a4zc7JBLdEgrqUowOEOBg +-> ssh-ed25519 OkGqLg iLVc9k937aMAyl82TFsmDeX46PSrjQ6QpEzU0BcrNHg +NzZYEXjz4mwafayIIvGxcE0cLhhUZuzh5loyfIZzl+0 +-> `^*"*qb-grease r`; Fwf.0CJ+ +5qQRDetp1IFec1AkHd17faslyU+7OHDiTmwoSJGZZPWrdiY +--- uguIPraC7NNVfyDIWoTVjiunofaRYY8xeLipwZuU0iQ +fE''Ɇ%:'%U3aU4.tm.qW *Zip zg=v{cXo!-Li5 L2 @AA \ No newline at end of file |