History

Vincent Ambo 3a1f4831a8 feat(ops/keycloak): add SMTP settings in configuration I think these were set up in the UI and previously not supported in the Terraform config, now they're supported and Terraform wanted to delete them ... Change-Id: I83eb49ceb774ac835dc81638f962e937c7e936c6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/6707 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: lukegb <lukegb@tvl.fyi>		2022-09-20 09:28:45 +00:00
..
.gitignore	feat(ops/keycloak): Check in initial Keycloak configuration	2021-12-26 16:45:59 +00:00
clients.tf	feat(ops/keycloak): Add OIDC client for panettone	2022-05-28 17:03:36 +00:00
default.nix	refactor(ops/keycloak): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
main.tf	feat(ops/keycloak): add SMTP settings in configuration	2022-09-20 09:28:45 +00:00
README.md	docs(ops/buildkite): Add documentation about this config	2022-06-06 11:05:12 +00:00
user_sources.tf	refactor(ops/keycloak): Split out clients & user-sources	2022-01-02 21:22:17 +00:00

README.md

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)