Seafile

2023-10-11 20:19:16 +02:00
parent 828a48bb61
commit 8a042341da
7 changed files with 533 additions and 437 deletions
--- a/tf-stage-1/dns-unruhig-eu.tf
+++ b/tf-stage-1/dns-unruhig-eu.tf
@ -16,6 +16,9 @@ module "dns-unruhig-eu" {
    { type = "CNAME", name = "synapse", value = "web.tobiasmanske.de" },
    { type = "CNAME", name = "syncv3", value = "web.tobiasmanske.de" },

+    # Seafile
+    { type = "CNAME", name = "files", value = "web.tobiasmanske.de" },
+

    # Mail settings
    { type = "A", name = "mail", value = "202.61.232.207" },
--- a/tf-stage-1/service_seafile.tf
+++ b/tf-stage-1/service_seafile.tf
@ -0,0 +1,38 @@
+module "seafileclient" {
+  source = "./modules/kc-client"
+
+  realm               = var.realm
+  client_id           = "seafile"
+  client_name         = "Seafile"
+  description         = "files.unruhig.eu"
+  root_url            = "https://files.unruhig.eu"
+  admin_url           = "https://files.unruhig.eu"
+  base_url            = ""
+  valid_redirect_uris = ["https://files.unruhig.eu/oauth/callback/"]
+  web_origins         = ["https://files.unruhig.eu"]
+}
+
+resource "keycloak_openid_user_property_protocol_mapper" "seafile-username-mapper" {
+  realm_id  = module.seafileclient.realm.id
+  client_id = module.seafileclient.client.id
+
+  name                = "username"
+  user_property       = "username"
+  claim_name          = "preferred_username"
+  add_to_userinfo     = true
+  add_to_access_token = true
+  add_to_id_token     = false
+}
+
+resource "keycloak_openid_user_client_role_protocol_mapper" "seafile-role-mapper" {
+  realm_id  = module.seafileclient.realm.id
+  client_id = module.seafileclient.client.id
+  # client_id_for_role_mappings = module.seafileclient.client.id
+  multivalued                 = true
+  name                        = "user-client-role-mapper"
+  claim_name                  = "roles"
+  client_id_for_role_mappings = module.seafileclient.client.id
+  add_to_userinfo             = true
+  add_to_access_token         = true
+  add_to_id_token             = false
+}
--- a/tf-stage-1/user_rad4day.tf
+++ b/tf-stage-1/user_rad4day.tf
@ -15,5 +15,6 @@ resource "keycloak_user_groups" "rad4day_groups" {
    module.hedgedocclient.access_group.id,
    module.minifluxclient.access_group.id,
    module.synapseclient.access_group.id,
+    module.seafileclient.access_group.id,
  ]
 }