YouTrack

tf-stage-1/dns-unruhig-eu.tf

@@ -34,6 +34,8 @@ module "dns-unruhig-eu" {
     # Vaultwarden
     { type = "CNAME", name = "vault", value = "infra.unruhig.eu" },
 
+    # YouTrack
+    { type = "CNAME", name = "todo", value = "web.tobiasmanske.de" },
 
     # Mail settings
     { type = "A", name = "mail", value = "202.61.232.207" },

tf-stage-1/service_youtrack.tf

@@ -0,0 +1,62 @@
+module "youtrackclient" {
+  source = "./modules/kc-client"
+
+  realm               = var.realm
+  client_id           = "youtrack"
+  client_name         = "YouTrack"
+  description         = "todo.unruhig.eu"
+  root_url            = "https://todo.unruhig.eu"
+  admin_url           = ""
+  base_url            = ""
+  valid_redirect_uris = ["/hub/api/rest/oauth2/interactive/login/fb07847a-788d-49cc-82d5-0a80075130a3/land"]
+  web_origins         = []
+}
+
+
+resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-id-mapper" {
+  realm_id  = module.youtrackclient.realm.id
+  client_id = module.youtrackclient.client.id
+  name      = "id"
+
+  claim_name          = "clientId"
+  claim_value_type    = "String"
+  session_note        = "clientId"
+  add_to_access_token = true
+  add_to_id_token     = true
+}
+
+resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-host-mapper" {
+  realm_id  = module.youtrackclient.realm.id
+  client_id = module.youtrackclient.client.id
+  name      = "host"
+
+  claim_name          = "clientHost"
+  claim_value_type    = "String"
+  session_note        = "clientHost"
+  add_to_access_token = true
+  add_to_id_token     = true
+}
+
+resource "keycloak_openid_user_session_note_protocol_mapper" "youtrack-ip-mapper" {
+  realm_id  = module.youtrackclient.realm.id
+  client_id = module.youtrackclient.client.id
+  name      = "ip"
+
+  claim_name          = "clientAddress"
+  claim_value_type    = "String"
+  session_note        = "clientAddress"
+  add_to_access_token = true
+  add_to_id_token     = true
+}
+
+resource "keycloak_openid_user_client_role_protocol_mapper" "youtrack-role-mapper" {
+  realm_id            = module.youtrackclient.realm.id
+  client_id           = module.youtrackclient.client.id
+  multivalued         = true
+  name                = "user-client-role-mapper"
+  claim_name          = "youtrack_roles"
+  client_id_for_role_mappings = "youtrack"
+  add_to_userinfo     = true
+  add_to_access_token = true
+  add_to_id_token     = true
+}

tf-stage-1/user_rad4day.tf

@@ -17,6 +17,8 @@ resource "keycloak_user_groups" "rad4day_groups" {
     module.minifluxclient.access_group.id,
     module.synapseclient.access_group.id,
     module.seafileclient.access_group.id,
+    module.youtrackclient.access_group.id,
+    module.youtrackclient.admin_group.id,
     module.gotosocialclient.access_group.id,
     module.gotosocialclient.admin_group.id,
     data.keycloak_group.proxypass.id,