ab/homelab
1
1
Fork 1
Code Issues Pull Requests 70 Actions Packages Wiki Activity
Files
34fb7cd9241a58cf290dd429fcb959ecb64af245
homelab/terraform/keycloak/main.tf
T
Ultradesu 9622b7d7bc
Update Kubernetes Services Wiki / Generate and Update K8s Wiki (push) Successful in 7s
Details
Check with kubeconform / lint (push) Successful in 9s
Details
Auto-update README / Generate README and Create MR (push) Successful in 10s
Details
Deployed rsauth2-proxy
2026-05-05 14:56:56 +01:00

134 lines
3.6 KiB
Terraform
Raw Blame History

# =============================================================================
# Realm
# =============================================================================
resource "keycloak_realm" "hexor" {
realm = "hexor"
enabled = true
display_name = "Hexor"
login_theme = "keycloak"
account_theme = "keycloak.v3"
registration_allowed = false
reset_password_allowed = true
remember_me = true
verify_email = false
login_with_email_allowed = true
duplicate_emails_allowed = false
ssl_required = "external"
}
# =============================================================================
# Google Identity Provider
# =============================================================================
resource "keycloak_oidc_google_identity_provider" "google" {
realm = keycloak_realm.hexor.id
client_id = var.google_client_id
client_secret = var.google_client_secret
trust_email = true
sync_mode = "IMPORT"
}
# =============================================================================
# Default groups
# =============================================================================
resource "keycloak_group" "users" {
realm_id = keycloak_realm.hexor.id
name = "users"
}
resource "keycloak_default_groups" "default" {
realm_id = keycloak_realm.hexor.id
group_ids = [keycloak_group.users.id]
}
# =============================================================================
# rsauth2-proxy client (production)
# =============================================================================
resource "keycloak_openid_client" "rsauth2_proxy" {
realm_id = keycloak_realm.hexor.id
client_id = "rsauth2-proxy"
name = "rsauth2-proxy"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
direct_access_grants_enabled = false
valid_redirect_uris = [
"https://oauth.hexor.cy/callback",
]
web_origins = [
"https://oauth.hexor.cy",
]
}
resource "keycloak_openid_group_membership_protocol_mapper" "rsauth2_proxy_groups" {
realm_id = keycloak_realm.hexor.id
client_id = keycloak_openid_client.rsauth2_proxy.id
name = "groups"
claim_name = "groups"
full_path = false
}
resource "keycloak_openid_client_default_scopes" "rsauth2_proxy" {
realm_id = keycloak_realm.hexor.id
client_id = keycloak_openid_client.rsauth2_proxy.id
default_scopes = [
"openid",
"profile",
"email",
]
}
# =============================================================================
# rsauth2-proxy client (localhost testing)
# =============================================================================
resource "keycloak_openid_client" "rsauth2_proxy_dev" {
realm_id = keycloak_realm.hexor.id
client_id = "rsauth2-proxy-dev"
name = "rsauth2-proxy (dev)"
enabled = true
access_type = "CONFIDENTIAL"
standard_flow_enabled = true
direct_access_grants_enabled = false
valid_redirect_uris = [
"http://localhost:8080/callback",
]
web_origins = [
"http://localhost:8080",
]
}
resource "keycloak_openid_group_membership_protocol_mapper" "rsauth2_proxy_dev_groups" {
realm_id = keycloak_realm.hexor.id
client_id = keycloak_openid_client.rsauth2_proxy_dev.id
name = "groups"
claim_name = "groups"
full_path = false
}
resource "keycloak_openid_client_default_scopes" "rsauth2_proxy_dev" {
realm_id = keycloak_realm.hexor.id
client_id = keycloak_openid_client.rsauth2_proxy_dev.id
default_scopes = [
"openid",
"profile",
"email",
]
}
Reference in New Issue View Git Blame Copy Permalink