History

Florian Klink 09c1e3d25b feat(ops/keycloak): allow log in with Bornhack account This adds bornhack.dk as an OIDC provider. We currently do not yet map the `nickname` claim as a username field. This means users logging in via Bornhack need to choose their username manually, until https://github.com/bornhack/bornhack-website/issues/1837 is solved. Change-Id: Ia91594107a0cd1d1e0a2ee7ca48d603a2ac681a5 Reviewed-on: https://cl.snix.dev/c/snix/+/30326 Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: Florian Klink <flokli@flokli.de>		2025-04-26 11:58:25 +00:00
..
.gitignore	feat(ops/keycloak): Check in initial Keycloak configuration	2021-12-26 16:45:59 +00:00
attributes.tf	feat(ops/keycloak): configure user profile declaratively	2025-04-04 16:41:12 +00:00
clients.tf	chore(ops/keycloak): disable buildkite keycloak SAML settings for now	2025-03-23 00:50:26 +00:00
default.nix	refactor(ops/keycloak): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
identity_providers.tf	feat(ops/keycloak): allow log in with Bornhack account	2025-04-26 11:58:25 +00:00
main.tf	feat(ops/keycloak): configure smtp settings	2025-03-23 00:49:59 +00:00
permissions.tf	feat(ops/keycloak): update group memberships	2025-03-23 00:50:26 +00:00
README.md	docs(ops/buildkite): Add documentation about this config	2022-06-06 11:05:12 +00:00

README.md

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)