1 files changed, 0 insertions, 187 deletions

diff --git a/terraform/admin/keycloak.nix b/terraform/admin/keycloak.nix
deleted file mode 100644
index 23b0824..0000000
--- a/terraform/admin/keycloak.nix
+++ /dev/null
@@ -1,187 +0,0 @@
-{ lib, ... }:
-let
-  mkUser =
-    {
-      enable ? true,
-      first_name,
-      last_name,
-      username,
-      email,
-      initial_password ? null,
-    }:
-    {
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      enabled = enable;
-      inherit
-        username
-        email
-        first_name
-        last_name
-        ;
-      email_verified = true;
-
-      required_actions = [
-        "Update password"
-        "Configure OTP"
-      ];
-
-      initial_password = {
-        value = email;
-        temporary = true;
-      };
-    };
-
-in
-{
-  provider.keycloak = {
-    client_id = "terranix";
-    url = "https://id.fcuny.net";
-    realm = "master";
-  };
-
-  resource.secret_resource.keycloak_smtp_password.lifecycle.prevent_destroy = true;
-
-  resource.keycloak_realm."fcuny" = {
-    enabled = true;
-    realm = "fcuny.net";
-    display_name = "Keycloak for fcuny.net";
-    login_theme = "keycloak";
-    access_code_lifespan = "1h";
-
-    reset_password_allowed = true;
-    remember_me = true;
-    login_with_email_allowed = true;
-
-    smtp_server = {
-      from = "noreply@fcuny.net";
-      from_display_name = "fcuny.net identity services";
-      host = "smtp.fastmail.com";
-      port = 465;
-      ssl = true;
-      starttls = true;
-
-      auth = {
-        username = "franck@fcuny.net";
-        # nix run .#tf -- import secret_resource.keycloak_smtp_password SMPT_PASSWORD
-        # https://github.com/numtide/terraform-provider-secret?tab=readme-ov-file#usage
-        password = lib.tf.ref "resource.secret_resource.keycloak_smtp_password.value";
-      };
-    };
-
-    default_signature_algorithm = "RS256";
-  };
-
-  resource.keycloak_user = {
-    fcuny = mkUser {
-      username = "fcuny";
-      first_name = "Franck";
-      last_name = "Cuny";
-      email = "franck@fcuny.net";
-    };
-  };
-
-  data.keycloak_openid_client.realm_management_client = {
-    realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-    client_id = "realm-management";
-  };
-
-  data.keycloak_role.admin = {
-    realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-    client_id = lib.tf.ref "data.keycloak_openid_client.realm_management_client.id";
-    name = "realm-admin";
-  };
-
-  resource.keycloak_role = {
-    forgejo_admin = {
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      client_id = lib.tf.ref "keycloak_openid_client.forgejo.id";
-      name = "Forgejo Admin";
-      description = "Forgejo's site admin";
-    };
-  };
-
-  resource.keycloak_openid_user_client_role_protocol_mapper = {
-    forgejo_role_mapper = {
-      name = "forgejo_roles_mapper";
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      client_id = lib.tf.ref "keycloak_openid_client.forgejo.id";
-
-      claim_name = "forgejo_roles";
-      claim_value_type = "String";
-      add_to_id_token = true;
-      add_to_access_token = true;
-      multivalued = true;
-      client_id_for_role_mappings = lib.tf.ref "keycloak_openid_client.forgejo.client_id";
-    };
-  };
-
-  resource.keycloak_user_roles =
-    let
-      superadminRoles = {
-        exhaustive = false;
-
-        realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-
-        role_ids = [
-          (lib.tf.ref "data.keycloak_role.admin.id")
-          (lib.tf.ref "keycloak_role.forgejo_admin.id")
-        ];
-      };
-    in
-    {
-      fcuny_roles = superadminRoles // {
-        user_id = lib.tf.ref "keycloak_user.fcuny.id";
-      };
-    };
-
-  resource.keycloak_openid_client = {
-    forgejo = {
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      client_id = "forgejo";
-      name = "Forgejo [fcuny.net]";
-      enabled = true;
-      access_type = "CONFIDENTIAL";
-      standard_flow_enabled = true;
-      oauth2_device_authorization_grant_enabled = true;
-      base_url = "https://code.fcuny.net";
-      description = "fcuny.net's Forgejo instance";
-      direct_access_grants_enabled = true;
-      exclude_session_state_from_auth_response = false;
-      service_accounts_enabled = false;
-      full_scope_allowed = false;
-
-      valid_redirect_uris = [
-        "https://code.fcuny.net/*"
-      ];
-
-      web_origins = [
-        "https://code.fcuny.net"
-      ];
-    };
-    tailscale = {
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      client_id = "tailscale";
-      name = "Tailscale [fcuny.net]";
-      enabled = true;
-      access_type = "CONFIDENTIAL";
-      standard_flow_enabled = true;
-      direct_access_grants_enabled = true;
-
-      valid_redirect_uris = [
-        "*"
-      ];
-    };
-  };
-
-  resource.keycloak_openid_client_default_scopes = {
-    tailscale = {
-      realm_id = lib.tf.ref "keycloak_realm.fcuny.id";
-      client_id = lib.tf.ref "keycloak_openid_client.tailscale.id";
-      default_scopes = [
-        "profile"
-        "email"
-        "groups"
-      ];
-    };
-  };
-}