From 5f0697083f166a95eb35ff0bcedf17ff24ea876c Mon Sep 17 00:00:00 2001 From: Florian Klink Date: Sat, 22 Mar 2025 23:05:55 +0000 Subject: [PATCH] feat(ops/keycloak): configure smtp settings This allows Keycloak to send emails. Using naked TLS fails with: ``` Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525; Mar 23 00:10:50 public01 keycloak-start[875412]: nested exception is: Mar 23 00:10:50 public01 keycloak-start[875412]: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:342) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:222) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:243) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161) Mar 23 00:10:50 public01 keycloak-start[875412]: ... 17 more Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message ``` With starttls, we can send emails, so use that. Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183 Reviewed-on: https://cl.snix.dev/c/snix/+/30249 Tested-by: besadii Reviewed-by: Ilan Joselevich Autosubmit: Florian Klink --- ops/keycloak/main.tf | 26 +++++++++++++++++--------- ops/secrets/tf-keycloak.age | Bin 753 -> 820 bytes 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/ops/keycloak/main.tf b/ops/keycloak/main.tf index 08baca003..11a96280f 100644 --- a/ops/keycloak/main.tf +++ b/ops/keycloak/main.tf @@ -33,13 +33,21 @@ resource "keycloak_realm" "snix" { display_name = "The snix project" default_signature_algorithm = "RS256" - # smtp_server { - # from = "tvlbot@tazj.in" - # from_display_name = "The Virus Lounge" - # host = "127.0.0.1" - # port = "25" - # reply_to = "depot@tvl.su" - # ssl = false - # starttls = false - # } + smtp_server { + from = "keycloak@snix.dev" + from_display_name = "The Snix Project" + host = "smtp.postmarkapp.com" + port = "2525" + ssl = false + starttls = true + + auth { + username = "PM-T-keycloak-f9TuLH6e35-4B0OSEVB0NQ" + password = var.keycloak_smtp_password + } + } +} + +variable "keycloak_smtp_password" { + type = string } diff --git a/ops/secrets/tf-keycloak.age b/ops/secrets/tf-keycloak.age index a07979406152bfc8609b2a419a076d81045b13a3..50b87f551886b1be533e0f34ee2e7fc2091e7232 100644 GIT binary patch delta 789 zcmey!x`l0mPQ7tdZnME z1(%tVc8GbPpPy4wl1FGpxRG&GRY|CJfpM}^m9|HSi@9Zfwq=l$c3PR2374*&LWGg2 zsiCDpS-4?vWT;1?xnW2|a%#Dom!(&MTX{iYrGa07dwrpHnWsgrPk~EVnuSp^mshcA zaY&(YVOW^4V{l%Wah98(slP#Ss#&N>q;pttUSUC6qH|@qW0ncnisIr7-P9C_JtO7?&+>B>1C;5`mXLii9VrW2EhUOT)Mit3MQs`K2b#h ziHT`Z1{rxd{*@--#$^Q+Dd}!TAq82kuCDpsrmoJel~sl5T%XEh&g9C!KU{Opr+jz% z^^3Vumjdp1PExnLnR!}q%jGute7E#3^@_^oACBI1S^uX0L*d5*fB$o;B^~CS+c{~{ zgihrxe?5O}SjXP1`0xbVmQ3Ank!?rv8K&$|OKeytD6x@|f8T*qLjV7CSG{p$Qg4vZ z{(ohy!e6b${QWh_TX!j@FpJflw2@VLUMi;PIcp6AdqDKGWAig2H_Z3UeAs(WG$7?} zX~?pA;n1tWnhGzp4@y6A&RHV4C+ha|loN8@MG6xiE!tqkX2@FdZhqwI{J=S#)n+v~dbANl{{H~Q9yflAHuJKtzgH`K)S58dt zE?t}WFr_+Pr%yM@dB+vk?-54Aum7kVUeJC}@#?kKWjpJCZ1GuRS$J=~;x~&94j1NM zmxb5e6w**UB>nZm+?d(rch$Z9bMN-E?tb?m-mfh4((PPT%x!6> zH*`I7IG?#N;CA#TC!M2m0fkMUE^xlEd}4QQ>Cu1ZWW~P)B{scGpY(Iz^m8?e8$>MM iE1kMlaqw``RM!P=>(}rpazF37Xq-3QmxV*Mpa=jjuvJ{`ua|#Eyw|~1@{cUH)>j&4H zE9`7LlpA!V)Pq)W?uz96&+?EbYF+1Cjr!km->+@ekACwdw) zW~SQP4}PzWw=qu(y?46ZqB>*EN$ZfEE00_VvY6wv=2Bw~cVzQ~tGe}Vc@ttTsfz9{ z^W6WcKJVnVDt*VztIZku9d%l^2L5z-x@7aumz@hX9?{u+ZRXly*;^k|kDl~8dF)NS zO2_5*Prg4+c`HAAr)Qt&)>&%)uVc2f&e$!;_Qg+aMMN{J-8|J>=S%*Y*)(bH%$A=n zWG3p7ZTalR&xl^#m0YiQrB`tGth(_~N$h8B$_hWTEzy=l0!(UghoEJS%AOHTQfShue?6*7b+XY2537 OJL>D!