diff options
| author | Franck Cuny <franck@fcuny.net> | 2025-10-18 14:46:47 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2025-10-18 14:46:47 -0700 |
| commit | d09952fcd5ae3b73ea91f0f308527f70c0dc5c21 (patch) | |
| tree | 08a570d4da8fd6c15285b461d3df6b283c477226 /docs | |
| parent | configure wireguard for rivendell (diff) | |
| download | infra-d09952fcd5ae3b73ea91f0f308527f70c0dc5c21.tar.gz | |
move keycloak and forgejo on rivendell
I had to rekey all the secrets. Updated the documentation for both how
to setup forgejo and keycloak.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/keycloak.org | 26 | ||||
| -rw-r--r-- | docs/tofu.org | 15 |
2 files changed, 24 insertions, 17 deletions
diff --git a/docs/keycloak.org b/docs/keycloak.org index c8760ff..cd6e773 100644 --- a/docs/keycloak.org +++ b/docs/keycloak.org @@ -1,18 +1,17 @@ * Keycloak -Running at id.fcuny.net +Running at https://id.fcuny.net. There's an admin user in 1password. +** Bootstrap +#+begin_src shell +ssh keycloak-host -L 8080:localhost:8080 +#+end_src + +Then go to =http://localhost:8080= with your browser to setup the initial user. ** Client for forgejo -- create a client with name =forgejo= -- set root URL to =https://code.fcuny.net= -- set home URL to =https://code.fcuny.net= -- set valid redirects URL to =https://code.fcuny.net*= -- set web origins to =https://code.fcuny.net= -- set admin URL to https://code.fcuny.net -- set client authentication to =on= -- keep =standard flow= checked and nothing else +The client is managed by terranix. *** forgejo configuration - create a new authentication source under https://code.fcuny.net/admin/auths - choose OAuth2 @@ -34,11 +33,4 @@ First, we need a client ID and a secret. The client can be created in the UI: The go to "Service account roles" for the newly created client, and ensure it has =admin= role (assign role -> filter by realm roles -> admin). -Export the secret with =KEYCLOAK_CLIENT_SECRET=. - -To import resources: -#+begin_src bash -nix run .#tf -- import keycloak_realm.master master -nix run .#tf -- import keycloak_user.fcuny master/d0fdbc04-8f6c-4558-8fd6-ebf7d9e23e6f -... -#+end_src +Export the secret with =KEYCLOAK_CLIENT_SECRET= (it might be already be set in =../.envrc.local=). diff --git a/docs/tofu.org b/docs/tofu.org new file mode 100644 index 0000000..5747f9e --- /dev/null +++ b/docs/tofu.org @@ -0,0 +1,15 @@ +* Tofu/terranix + +I use terranix to manage some configurations with terraform/tofu. + +I usually start by cleaning the working directory: +#+begin_src shell +rm -rf .terraform* +#+end_src + +Then we can =init=, =plan=, and =build=: +#+begin_src shell +nix run .#tf -- init +nix run .#tf -- plan +nix run .#tf -- build +#+end_src |