feat(ops/keycloak): configure smtp settings

This allows Keycloak to send emails. Using naked TLS fails with: ``` Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525; Mar 23 00:10:50 public01 keycloak-start[875412]: nested exception is: Mar 23 00:10:50 public01 keycloak-start[875412]: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:342) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:222) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:243) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161) Mar 23 00:10:50 public01 keycloak-start[875412]: ... 17 more Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message ``` With starttls, we can send emails, so use that. Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183 Reviewed-on: https://cl.snix.dev/c/snix/+/30249 Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: Florian Klink <flokli@flokli.de>
2025-03-22 23:05:55 +00:00 · 2025-03-22 23:05:55 +00:00 · 5f0697083f
commit 5f0697083f
parent 8c4f447ec7
2 changed files with 17 additions and 9 deletions
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@ -33,13 +33,21 @@ resource "keycloak_realm" "snix" {
  display_name                = "The snix project"
  default_signature_algorithm = "RS256"
-  # smtp_server {
+  smtp_server {
-  #   from              = "tvlbot@tazj.in"
+    from              = "keycloak@snix.dev"
-  #   from_display_name = "The Virus Lounge"
+    from_display_name = "The Snix Project"
-  #   host              = "127.0.0.1"
+    host              = "smtp.postmarkapp.com"
-  #   port              = "25"
+    port              = "2525"
-  #   reply_to          = "depot@tvl.su"
+    ssl               = false
-  #   ssl               = false
+    starttls          = true
-  #   starttls          = false
+
-  # }
+    auth {
      username = "PM-T-keycloak-f9TuLH6e35-4B0OSEVB0NQ"
      password = var.keycloak_smtp_password
    }
  }
 }
 variable "keycloak_smtp_password" {
  type = string
 }
--- a/ops/secrets/tf-keycloak.age
+++ b/ops/secrets/tf-keycloak.age