History

Vincent Ambo 5f17df8548 chore(3p/sources): bump channels & overlays (2025-02-02) Included changes/fixes: * bumped all `wasm-bindgen` usages again * regenerated protobuf files * keycloak terraform provider has been migrated to new name This also included a state migration in the bucket, which I've already performed. * tvix/boot: disable tests that are broken in CI * users/aspen/yeren: avoid upgrading kernel to 6.12 digimend depends on a fix: https://github.com/NixOS/nixpkgs/pull/378830/ Change-Id: I657dcf5c4d0d08f231bfe30e37c8062bfcfaaa32 Reviewed-on: https://cl.tvl.fyi/c/depot/+/13098 Reviewed-by: aspen <root@gws.fyi> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Autosubmit: tazjin <tazjin@tvl.su>		2025-02-09 09:00:22 +00:00
..
.gitignore	feat(ops/keycloak): Check in initial Keycloak configuration	2021-12-26 16:45:59 +00:00
clients.tf	chore(ops/keycloak): drop oauth2-proxy client	2023-07-01 23:35:13 +00:00
default.nix	refactor(ops/keycloak): Use tools.checks.validateTerraform	2022-06-07 09:32:13 +00:00
main.tf	chore(3p/sources): bump channels & overlays (2025-02-02)	2025-02-09 09:00:22 +00:00
README.md	docs(ops/buildkite): Add documentation about this config	2022-06-06 11:05:12 +00:00
user_sources.tf	fix(ops/keycloak): update client ID and client secret	2024-09-01 13:19:19 +00:00

README.md

Terraform for Keycloak

This contains the Terraform configuration for deploying TVL's Keycloak instance (which lives at auth.tvl.fyi).

Secrets are needed for applying this. The encrypted file //ops/secrets/tf-keycloak.age contains export calls which should be sourced, for example via direnv, by users with the appropriate credentials.

An example direnv configuration used by tazjin is this:

# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)