History

Florian Klink 5f0697083f feat(ops/keycloak): configure smtp settings This allows Keycloak to send emails. Using naked TLS fails with: ``` Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525; Mar 23 00:10:50 public01 keycloak-start[875412]: nested exception is: Mar 23 00:10:50 public01 keycloak-start[875412]: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:342) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:222) Mar 23 00:10:50 public01 keycloak-start[875412]: at jakarta.mail.Service.connect(Service.java:243) Mar 23 00:10:50 public01 keycloak-start[875412]: at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161) Mar 23 00:10:50 public01 keycloak-start[875412]: ... 17 more Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message ``` With starttls, we can send emails, so use that. Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183 Reviewed-on: https://cl.snix.dev/c/snix/+/30249 Tested-by: besadii Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com> Autosubmit: Florian Klink <flokli@flokli.de>		2025-03-23 00:49:59 +00:00
..
.gitignore	feat(ops/keycloak): Check in initial Keycloak configuration	2021-12-26 16:45:59 +00:00
clients.tf	feat(*): initialize new Snix infrastructure	2025-03-17 17:15:07 +00:00
default.nix	refactor(ops/keycloak): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
identity_providers.tf	chore(ops/keycloak): move oauth application to snix-project org	2025-03-18 15:28:54 +00:00
main.tf	feat(ops/keycloak): configure smtp settings	2025-03-23 00:49:59 +00:00
permissions.tf	fix(treewide): remove trailing whitespace	2025-03-22 17:29:59 +00:00
README.md	docs(ops/buildkite): Add documentation about this config	2022-06-06 11:05:12 +00:00

README.md

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)