Keycloak: Add synapse client

This commit is contained in:
Tobias Manske 2023-09-15 17:51:31 +02:00
parent 3ec96eb1b3
commit 8024ba0dad
Signed by: tobias
GPG Key ID: 9164B527694A0709
7 changed files with 49 additions and 3 deletions

View File

@ -28,7 +28,8 @@ resource "keycloak_openid_client" "client" {
implicit_flow_enabled = false
direct_access_grants_enabled = true
service_accounts_enabled = false
frontchannel_logout_enabled = false
frontchannel_logout_enabled = var.frontchannel_logout_enabled
oauth2_device_authorization_grant_enabled = var.device_authorization_grant_enabled
}

View File

@ -68,6 +68,14 @@ variable "enabled" {
# Default settings for all clients:
variable "device_authorization_grant_enabled" {
type = bool
default = false
}
variable "frontchannel_logout_enabled" {
type = bool
default = false
}
variable "login_theme" {
type = string

View File

@ -2,6 +2,7 @@
TF_VAR_grafana_secret: !var keycloak/grafana/secret
TF_VAR_hedgedoc_secret: !var keycloak/hedgedoc/secret
TF_VAR_miniflux_secret: !var keycloak/miniflux/secret
TF_VAR_synapse_secret: !var keycloak/synapse/secret
TF_VAR_keycloak_client_secret: !var keycloak/terraform/secret
TF_VAR_cloudflare_api_token: !var extern/cloudflare/api_token
TF_VAR_cloudflare_account_id: !var extern/cloudflare/account_id

View File

@ -0,0 +1,30 @@
module "synapseclient" {
source = "./modules/kc-client"
realm = var.realm
client_id = "synapse"
client_name = "Matrix - Synapse"
client_secret = var.synapse_secret
description = "Synapse Homeserver for unruhig.eu"
root_url = "https://snapse.unruhig.eu"
admin_url = ""
base_url = ""
valid_redirect_uris = ["https://synapse.unruhig.eu/_synapse/client/oidc/callback", "https://unruhig.eu/_synapse/client/oidc/callback"]
web_origins = []
device_authorization_grant_enabled = true
frontchannel_logout_enabled = true
}
resource "keycloak_openid_user_attribute_protocol_mapper" "mx-localpart-mapper" {
realm_id = module.synapseclient.realm.id
client_id = module.synapseclient.client.id
name = "mx local part"
user_attribute = "mx_localpart"
claim_name = "mx_localpart"
add_to_id_token = true
add_to_access_token = true
add_to_userinfo = true
}

View File

@ -6,8 +6,9 @@ data "keycloak_user" "ialistannen" {
resource "keycloak_user_groups" "ialistannen_groups" {
realm_id = data.keycloak_realm.realm.id
user_id = data.keycloak_user.ialistannen.id
exhaustive = false
exhaustive = true
group_ids = [
module.hedgedocclient.access_group.id,
module.synapseclient.access_group.id,
]
}

View File

@ -9,10 +9,11 @@ resource "keycloak_user_groups" "rad4day_groups" {
exhaustive = false
group_ids = [
module.giteaclient.access_group.id,
module.grafanaclient.access_group.id,
module.giteaclient.admin_group.id,
module.grafanaclient.access_group.id,
module.grafanaclient.admin_group.id,
module.hedgedocclient.access_group.id,
module.minifluxclient.access_group.id,
module.synapseclient.access_group.id,
]
}

View File

@ -16,6 +16,10 @@ variable "miniflux_secret" {
type = string
sensitive = true
}
variable "synapse_secret" {
type = string
sensitive = true
}
variable "cloudflare_api_token" {
type = string
sensitive = true