configure tailscale openID client

author: Franck Cuny <franck@fcuny.net> 2025-10-23 07:43:45 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-10-23 07:43:45 -0700
commit: 6b02c700f7a979a9b8442b6e5a300d77d88e9449 (patch)
tree: 76be7231721b4cce76791435711613bd50f85cd4 /terraform/admin/keycloak.nix
parent: add a profile for tailscale (diff)
download: infra-6b02c700f7a979a9b8442b6e5a300d77d88e9449.tar.gz
1 files changed, 25 insertions, 0 deletions
diff --git a/terraform/admin/keycloak.nix b/terraform/admin/keycloak.nix
index 4c1af8b..23b0824 100644
--- a/terraform/admin/keycloak.nix
+++ b/terraform/admin/keycloak.nix
@@ -158,5 +158,30 @@ in
         "https://code.fcuny.net"
       ];
     };
+    tailscale = {
+      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
+      client_id = "tailscale";
+      name = "Tailscale [fcuny.net]";
+      enabled = true;
+      access_type = "CONFIDENTIAL";
+      standard_flow_enabled = true;
+      direct_access_grants_enabled = true;
+
+      valid_redirect_uris = [
+        "*"
+      ];
+    };
+  };
+
+  resource.keycloak_openid_client_default_scopes = {
+    tailscale = {
+      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
+      client_id = lib.tf.ref "keycloak_openid_client.tailscale.id";
+      default_scopes = [
+        "profile"
+        "email"
+        "groups"
+      ];
+    };
   };
 }
author	Franck Cuny <franck@fcuny.net>	2025-10-23 07:43:45 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-10-23 07:43:45 -0700
commit	6b02c700f7a979a9b8442b6e5a300d77d88e9449 (patch)
tree	76be7231721b4cce76791435711613bd50f85cd4 /terraform/admin/keycloak.nix
parent	add a profile for tailscale (diff)
download	infra-6b02c700f7a979a9b8442b6e5a300d77d88e9449.tar.gz