d9ca20a5cc
There's two Roles for the Forgejo application, "Admin" and "Contributors". Everyone gets the "Contributor" role assigned automatically (it doesn't really give you a ton of privileges). Regarding mapping Gerrit groups, it seems there's no support for this in the `gerrit-oauth-provider` plugin (yet) - see https://github.com/davido/gerrit-oauth-provider/issues/170. Fixes #73. Change-Id: I3cbb968e664125b1f08235db3008d1dbf778922a Reviewed-on: https://cl.snix.dev/c/snix/+/30477 Tested-by: besadii Reviewed-by: Jonas Chevalier <zimbatm@zimbatm.com> Autosubmit: Florian Klink <flokli@flokli.de> |
||
|---|---|---|
| .. | ||
| .gitignore | ||
| attributes.tf | ||
| buildkite.tf | ||
| default.nix | ||
| forgejo.tf | ||
| gerrit.tf | ||
| grafana.tf | ||
| identity_providers.tf | ||
| main.tf | ||
| permissions.tf | ||
| README.md | ||
Terraform for Keycloak
This contains the Terraform configuration for deploying TVL's Keycloak
instance (which lives at auth.tvl.fyi).
Secrets are needed for applying this. The encrypted file
//ops/secrets/tf-keycloak.age contains export calls which should
be sourced, for example via direnv, by users with the appropriate
credentials.
An example direnv configuration used by tazjin is this:
# //ops/keycloak/.envrc
source_up
eval $(age --decrypt -i ~/.ssh/id_ed25519 $(git rev-parse --show-toplevel)/ops/secrets/tf-keycloak.age)