From d09952fcd5ae3b73ea91f0f308527f70c0dc5c21 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 18 Oct 2025 14:46:47 -0700 Subject: move keycloak and forgejo on rivendell I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak. --- docs/keycloak.org | 26 +++++++++----------------- docs/tofu.org | 15 +++++++++++++++ 2 files changed, 24 insertions(+), 17 deletions(-) create mode 100644 docs/tofu.org (limited to 'docs') diff --git a/docs/keycloak.org b/docs/keycloak.org index c8760ff..cd6e773 100644 --- a/docs/keycloak.org +++ b/docs/keycloak.org @@ -1,18 +1,17 @@ * Keycloak -Running at id.fcuny.net +Running at https://id.fcuny.net. There's an admin user in 1password. +** Bootstrap +#+begin_src shell +ssh keycloak-host -L 8080:localhost:8080 +#+end_src + +Then go to =http://localhost:8080= with your browser to setup the initial user. ** Client for forgejo -- create a client with name =forgejo= -- set root URL to =https://code.fcuny.net= -- set home URL to =https://code.fcuny.net= -- set valid redirects URL to =https://code.fcuny.net*= -- set web origins to =https://code.fcuny.net= -- set admin URL to https://code.fcuny.net -- set client authentication to =on= -- keep =standard flow= checked and nothing else +The client is managed by terranix. *** forgejo configuration - create a new authentication source under https://code.fcuny.net/admin/auths - choose OAuth2 @@ -34,11 +33,4 @@ First, we need a client ID and a secret. The client can be created in the UI: The go to "Service account roles" for the newly created client, and ensure it has =admin= role (assign role -> filter by realm roles -> admin). -Export the secret with =KEYCLOAK_CLIENT_SECRET=. - -To import resources: -#+begin_src bash -nix run .#tf -- import keycloak_realm.master master -nix run .#tf -- import keycloak_user.fcuny master/d0fdbc04-8f6c-4558-8fd6-ebf7d9e23e6f -... -#+end_src +Export the secret with =KEYCLOAK_CLIENT_SECRET= (it might be already be set in =../.envrc.local=). diff --git a/docs/tofu.org b/docs/tofu.org new file mode 100644 index 0000000..5747f9e --- /dev/null +++ b/docs/tofu.org @@ -0,0 +1,15 @@ +* Tofu/terranix + +I use terranix to manage some configurations with terraform/tofu. + +I usually start by cleaning the working directory: +#+begin_src shell +rm -rf .terraform* +#+end_src + +Then we can =init=, =plan=, and =build=: +#+begin_src shell +nix run .#tf -- init +nix run .#tf -- plan +nix run .#tf -- build +#+end_src -- cgit v1.2.3