WIP: FreeIPA needs to be created talking HTTPS to the backend

main.tf

@@ -20,6 +20,10 @@ terraform {
       source = "techBeck03/guacamole"
       version = "~> 1.4.1"
     }
+    freeipa = {
+      source = "rework-space-com/freeipa"
+      version = "4.0.0"
+    }
   }
   backend "kubernetes" {
     secret_suffix    = "tfstate"
@@ -59,6 +63,13 @@ provider "proxmox" {
   pm_tls_insecure = true
 }
 
+provider "freeipa" {
+  host = "${helm_release.freeipa.name}.${var.domain_suffix}"
+  username = "admin"
+  password = var.freeipa_admin_password
+  insecure = true
+}
+
 resource "helm_release" "keycloak" {
   name                       = "keycloak"
   namespace                  = var.keycloak_namespace
@@ -441,6 +452,8 @@ ingress:
   - secretName: pushgw-tls
     hosts:
     - pushgw.${var.domain_suffix}
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
 persistentVolume:
   enabled: true
   storageClass: ${var.storageclass}
@@ -579,7 +592,12 @@ ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-prod
   tls: true
-  backendProtocol: http
+  extraPaths:
+  - path: /
+    backend:
+      service:
+        port: https
+  backendProtocol: https
 service:
   annotations:
     traefik.ingress.kubernetes.io/service.serversscheme: https
@@ -588,6 +606,15 @@ EOT
   ]
 }
 
+# resource freeipa_user "freeipa_users" {
+#   first_name = var.keycloak_user.firstname
+#   last_name = var.keycloak_user.lastname
+#   name = var.keycloak_user.username
+#   telephone_numbers = [var.keycloak_user.phone]
+#   email_address = [var.keycloak_user.email]
+#   userpassword = var.keycloak_user.password
+# }
+
 resource "helm_release" "ntfy" {
   name = "ntfy"
   namespace = "ntfy"