diff options
| author | Vincent Ambo <mail@tazj.in> | 2021-12-26T00·08+0300 |
|---|---|---|
| committer | clbot <clbot@tvl.fyi> | 2021-12-26T16·45+0000 |
| commit | 7b3c0b3e2f672ba2547827105b9f14d003d16267 (patch) | |
| tree | cb37cae2cfcf9e5845b2d64bbfdb7ae1f3734f22 /ops/keycloak | |
| parent | 8a5ccd70899b6c17f5e3947a1edf1d5084d28cd2 (diff) | |
feat(ops/keycloak): Check in initial Keycloak configuration r/3425
This is still missing most of the client configuration etc., in part due to bugs in the provider which are preventing resource imports. Change-Id: Ic224ffc001f8e1fe6dcd47b7d002580fdf7b0774 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4628 Tested-by: BuildkiteCI Autosubmit: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
Diffstat (limited to 'ops/keycloak')
| -rw-r--r-- | ops/keycloak/.gitignore | 3 | ||||
| -rw-r--r-- | ops/keycloak/default.nix | 8 | ||||
| -rw-r--r-- | ops/keycloak/main.tf | 40 |
3 files changed, 51 insertions, 0 deletions
diff --git a/ops/keycloak/.gitignore b/ops/keycloak/.gitignore new file mode 100644 index 0000000000..017878c614 --- /dev/null +++ b/ops/keycloak/.gitignore @@ -0,0 +1,3 @@ +.terraform* +*.tfstate* +.envrc diff --git a/ops/keycloak/default.nix b/ops/keycloak/default.nix new file mode 100644 index 0000000000..96f0c40e5e --- /dev/null +++ b/ops/keycloak/default.nix @@ -0,0 +1,8 @@ +{ depot, pkgs, ... }: + +depot.nix.readTree.drvTargets { + # Provide a Terraform wrapper with the right provider installed. + terraform = pkgs.terraform.withPlugins(p: [ + p.keycloak + ]); +} diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf new file mode 100644 index 0000000000..312e8ac61f --- /dev/null +++ b/ops/keycloak/main.tf @@ -0,0 +1,40 @@ +# Configure TVL Keycloak instance. +# +# TODO(tazjin): Configure GitHub/GitLab IDP + +terraform { + required_providers { + keycloak = { + source = "mrparkers/keycloak" + } + } +} + +provider "keycloak" { + client_id = "terraform" + url = "https://auth.tvl.fyi" +} + +resource "keycloak_realm" "tvl" { + realm = "TVL" + enabled = true + display_name = "The Virus Lounge" + default_signature_algorithm = "RS256" +} + +resource "keycloak_ldap_user_federation" "tvl_ldap" { + name = "tvl-ldap" + realm_id = keycloak_realm.tvl.id + enabled = true + connection_url = "ldap://localhost" + users_dn = "ou=users,dc=tvl,dc=fyi" + username_ldap_attribute = "cn" + uuid_ldap_attribute = "cn" + rdn_ldap_attribute = "cn" + full_sync_period = 86400 + + user_object_classes = [ + "inetOrgPerson", + "organizationalPerson", + ] +} |