diff options
Diffstat (limited to 'docs/keycloak.org')
| -rw-r--r-- | docs/keycloak.org | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/docs/keycloak.org b/docs/keycloak.org index e29350f..c8760ff 100644 --- a/docs/keycloak.org +++ b/docs/keycloak.org @@ -22,3 +22,23 @@ There's an admin user in 1password. - the client ID is =forgejo= - the client secret is in the =credentials= tab in forgejo for the client - select =skip local 2FA= +** Managing with terranix +Ultimately we want to manage it with terranix. + +First, we need a client ID and a secret. The client can be created in the UI: +- https://id.fcuny.net/admin/master/console/#/master/clients +- create a new client (use =terranix= if possible, so that it's descriptive) +- =Standard Flow Enabled= should be disabled +- =Direct Access Grants Enabled= should be disabled +- =Service Accounts Enabled= should be enabled + +The go to "Service account roles" for the newly created client, and ensure it has =admin= role (assign role -> filter by realm roles -> admin). + +Export the secret with =KEYCLOAK_CLIENT_SECRET=. + +To import resources: +#+begin_src bash +nix run .#tf -- import keycloak_realm.master master +nix run .#tf -- import keycloak_user.fcuny master/d0fdbc04-8f6c-4558-8fd6-ebf7d9e23e6f +... +#+end_src |