@@ 8,18 8,6 @@ data "vault_generic_secret" "keycloak" {
path = "ansible/keycloak"
}
-data "vault_generic_secret" "nextcloud" {
- path = "ansible/nextcloud"
-}
-
-data "vault_generic_secret" "peertube" {
- path = "ansible/peertube"
-}
-
-data "vault_generic_secret" "vault" {
- path = "ansible/vault"
-}
-
data "external" "vault_email" {
program = ["${path.module}/../misc/read-vault.py",
"group_vars/all/vault_email.yml"]
@@ 80,8 68,6 @@ resource "keycloak_realm" "xenrox" {
}
}
-# Groups
-
resource "keycloak_group" "admin" {
realm_id = "xenrox"
name = "Admin"
@@ 96,21 82,12 @@ resource "keycloak_group_roles" "admin" {
]
}
-resource "keycloak_group" "peertube" {
- realm_id = "xenrox"
- name = "Peertube"
-}
+# Vault
-resource "keycloak_group_roles" "peertube" {
- realm_id = "xenrox"
- group_id = keycloak_group.peertube.id
- role_ids = [
- keycloak_role.peertube.id
- ]
+data "vault_generic_secret" "vault" {
+ path = "ansible/vault"
}
-# Vault
-
resource "keycloak_openid_client" "vault_openid_client" {
realm_id = "xenrox"
client_id = "openid_vault"
@@ 141,6 118,12 @@ resource "keycloak_role" "vault_admin" {
description = "Vault admin"
}
+# Peertube
+
+data "vault_generic_secret" "peertube" {
+ path = "ansible/peertube"
+}
+
resource "keycloak_openid_client" "peertube_openid_client" {
realm_id = "xenrox"
client_id = "openid_peertube"
@@ 164,12 147,31 @@ resource "keycloak_openid_user_realm_role_protocol_mapper" "peertube_user_realm_
multivalued = true
}
+resource "keycloak_group" "peertube" {
+ realm_id = "xenrox"
+ name = "Peertube"
+}
+
resource "keycloak_role" "peertube" {
realm_id = "xenrox"
name = "peertube"
description = "Peertube user"
}
+resource "keycloak_group_roles" "peertube" {
+ realm_id = "xenrox"
+ group_id = keycloak_group.peertube.id
+ role_ids = [
+ keycloak_role.peertube.id
+ ]
+}
+
+# Nextcloud
+
+data "vault_generic_secret" "nextcloud" {
+ path = "ansible/nextcloud"
+}
+
resource "keycloak_openid_client" "nextcloud_openid_client" {
realm_id = "xenrox"
client_id = "openid_nextcloud"