feat(*): initialize new Snix infrastructure

Co-Authored-By: edef <edef@edef.eu> Co-Authored-by: Ryan Lahfa <raito@lix.systems> Change-Id: Ica1cda177a236814de900f50a8a61d288f58f519
2025-01-06 01:06:47 +01:00 · 2025-01-06 01:06:47 +01:00 · a52ea3675c
commit a52ea3675c
parent 067eff3427
124 changed files with 27723 additions and 1631 deletions
--- a/ops/keycloak/main.tf
+++ b/ops/keycloak/main.tf
@ -1,6 +1,4 @@
-# Configure TVL Keycloak instance.
-#
-# TODO(tazjin): Configure GitLab IDP
+# Configure snix's Keycloak instance.

 terraform {
  required_providers {
@ -11,43 +9,37 @@ terraform {

  backend "s3" {
    endpoints = {
-      s3 = "https://objects.dc-sto1.glesys.net"
+      s3 = "https://s3.dualstack.eu-central-1.amazonaws.com"
    }
-    bucket = "tvl-state"
-    key    = "terraform/tvl-keycloak"
-    region = "glesys"
+
+    bucket = "snix-tfstate"
+    key    = "terraform/snix-keycloak"
+    region = "eu-central-1"

    skip_credentials_validation = true
-    skip_region_validation      = true
-    skip_metadata_api_check     = true
+    skip_metadata_api_check = true
    skip_requesting_account_id  = true
-    skip_s3_checksum            = true
  }
 }

 provider "keycloak" {
  client_id = "terraform"
-  url       = "https://auth.tvl.fyi"
-  # NOTE: Docs mention this applies to "users of the legacy distribution of keycloak".
-  # However, we get a "failed to perform initial login to Keycloak: error
-  # sending POST request to https://auth.tvl.fyi/realms/master/protocol/openid-connect/token: 404 Not Found"
-  # if we don't set this.
-  base_path = "/auth"
+  url       = "https://auth.snix.dev"
 }

-resource "keycloak_realm" "tvl" {
-  realm                       = "TVL"
+resource "keycloak_realm" "snix" {
+  realm                       = "snix-project"
  enabled                     = true
-  display_name                = "The Virus Lounge"
+  display_name                = "The snix project"
  default_signature_algorithm = "RS256"

-  smtp_server {
-    from              = "tvlbot@tazj.in"
-    from_display_name = "The Virus Lounge"
-    host              = "127.0.0.1"
-    port              = "25"
-    reply_to          = "depot@tvl.su"
-    ssl               = false
-    starttls          = false
-  }
+  # smtp_server {
+  #   from              = "tvlbot@tazj.in"
+  #   from_display_name = "The Virus Lounge"
+  #   host              = "127.0.0.1"
+  #   port              = "25"
+  #   reply_to          = "depot@tvl.su"
+  #   ssl               = false
+  #   starttls          = false
+  # }
 }