From 630db7a880b4f562f88107a450150394716f4cad Mon Sep 17 00:00:00 2001 From: Daniel Ankers Date: Fri, 20 Oct 2023 17:19:04 +0100 Subject: [PATCH] WIP: FreeIPA needs to be created talking HTTPS to the backend --- main.tf | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index e0bb6af..b8daab0 100644 --- a/main.tf +++ b/main.tf @@ -20,6 +20,10 @@ terraform { source = "techBeck03/guacamole" version = "~> 1.4.1" } + freeipa = { + source = "rework-space-com/freeipa" + version = "4.0.0" + } } backend "kubernetes" { secret_suffix = "tfstate" @@ -59,6 +63,13 @@ provider "proxmox" { pm_tls_insecure = true } +provider "freeipa" { + host = "${helm_release.freeipa.name}.${var.domain_suffix}" + username = "admin" + password = var.freeipa_admin_password + insecure = true +} + resource "helm_release" "keycloak" { name = "keycloak" namespace = var.keycloak_namespace @@ -441,6 +452,8 @@ ingress: - secretName: pushgw-tls hosts: - pushgw.${var.domain_suffix} + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod persistentVolume: enabled: true storageClass: ${var.storageclass} @@ -579,7 +592,12 @@ ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-prod tls: true - backendProtocol: http + extraPaths: + - path: / + backend: + service: + port: https + backendProtocol: https service: annotations: traefik.ingress.kubernetes.io/service.serversscheme: https @@ -588,6 +606,15 @@ EOT ] } +# resource freeipa_user "freeipa_users" { +# first_name = var.keycloak_user.firstname +# last_name = var.keycloak_user.lastname +# name = var.keycloak_user.username +# telephone_numbers = [var.keycloak_user.phone] +# email_address = [var.keycloak_user.email] +# userpassword = var.keycloak_user.password +# } + resource "helm_release" "ntfy" { name = "ntfy" namespace = "ntfy"