maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/ops/keycloak/main.tf
Florian Klink 5f0697083f feat(ops/keycloak): configure smtp settings 
This allows Keycloak to send emails.

Using naked TLS fails with:

```
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: jakarta.mail.MessagingException: Could not connect to SMTP host: smtp.postmarkapp.com, port: 2525;
Mar 23 00:10:50 public01 keycloak-start[875412]:   nested exception is:
Mar 23 00:10:50 public01 keycloak-start[875412]: 	javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2245)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.eclipse.angus.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:729)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:342)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:222)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at jakarta.mail.Service.connect(Service.java:243)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	at org.keycloak.email.DefaultEmailSenderProvider.send(DefaultEmailSenderProvider.java:161)
Mar 23 00:10:50 public01 keycloak-start[875412]: 	... 17 more
Mar 23 00:10:50 public01 keycloak-start[875412]: Caused by: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message
```

With starttls, we can send emails, so use that.

Change-Id: I5898bec4f9413a8714c9adb1654d9e964022d183
Reviewed-on: https://cl.snix.dev/c/snix/+/30249
Tested-by: besadii
Reviewed-by: Ilan Joselevich <personal@ilanjoselevich.com>
Autosubmit: Florian Klink <flokli@flokli.de>
2025-03-23 00:49:59 +00:00

53 lines
1.1 KiB
HCL
Raw Blame History

# Configure snix's Keycloak instance.
terraform {
required_providers {
keycloak = {
source = "keycloak/keycloak"
}
}
backend "s3" {
endpoints = {
s3 = "https://s3.dualstack.eu-central-1.amazonaws.com"
}
bucket = "snix-tfstate"
key = "terraform/snix-keycloak"
region = "eu-central-1"
skip_credentials_validation = true
skip_metadata_api_check = true
skip_requesting_account_id = true
}
}
provider "keycloak" {
client_id = "terraform"
url = "https://auth.snix.dev"
}
resource "keycloak_realm" "snix" {
realm = "snix-project"
enabled = true
display_name = "The snix project"
default_signature_algorithm = "RS256"
smtp_server {
from = "keycloak@snix.dev"
from_display_name = "The Snix Project"
host = "smtp.postmarkapp.com"
port = "2525"
ssl = false
starttls = true
auth {
username = "PM-T-keycloak-f9TuLH6e35-4B0OSEVB0NQ"
password = var.keycloak_smtp_password
}
}
}
variable "keycloak_smtp_password" {
type = string
}
Reference in a new issue View git blame Copy permalink