From 80c22539b9b218ae213d2a7d7d5fc193879f0b86 Mon Sep 17 00:00:00 2001
From: Frederik Schwan <frederik.schwan@linux.com>
Date: Wed, 21 Oct 2020 20:14:43 +0200
Subject: [PATCH] introduce terraform fmt to the CI to improve readability
---
.gitlab-ci.yml | 2 +
tf-stage1/archlinux.tf | 754 ++++++++++++++++++++---------------------
tf-stage2/keycloak.tf | 524 ++++++++++++++--------------
3 files changed, 641 insertions(+), 639 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 97b708bf1..9804af64e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,6 +15,8 @@ terraform-validate:
- cd tf-stage1
- terraform init -backend=false
- terraform validate
+ - terraform fmt --check
- cd ../tf-stage2
- terraform init -backend=false
- terraform validate
+ - terraform fmt --check
diff --git a/tf-stage1/archlinux.tf b/tf-stage1/archlinux.tf
index a74a5a822..b486f0255 100644
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -29,61 +29,61 @@ provider "hetznerdns" {
resource "hetznerdns_zone" "archlinux" {
name = "archlinux.org"
- ttl = 86400
+ ttl = 86400
}
resource "hetznerdns_zone" "pkgbuild" {
name = "pkgbuild.com"
- ttl = 86400
+ ttl = 86400
}
resource "hetznerdns_record" "pkgbuild_com_origin_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "78.46.178.133"
- type = "A"
+ name = "@"
+ value = "78.46.178.133"
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_origin_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "2a01:4f8:c2c:51e2::1"
- type = "AAAA"
+ name = "@"
+ value = "2a01:4f8:c2c:51e2::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "0 issue \"letsencrypt.org\""
- type = "CAA"
+ name = "@"
+ value = "0 issue \"letsencrypt.org\""
+ type = "CAA"
}
resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "0 ."
- type = "MX"
+ name = "@"
+ value = "0 ."
+ type = "MX"
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "robotns3.second-ns.com."
- type = "NS"
+ name = "@"
+ value = "robotns3.second-ns.com."
+ type = "NS"
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "robotns2.second-ns.de."
- type = "NS"
+ name = "@"
+ value = "robotns2.second-ns.de."
+ type = "NS"
}
resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "ns1.first-ns.de."
- type = "NS"
+ name = "@"
+ value = "ns1.first-ns.de."
+ type = "NS"
}
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
@@ -98,115 +98,115 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "@"
- value = "\"v=spf1 -all\""
- type = "TXT"
+ name = "@"
+ value = "\"v=spf1 -all\""
+ type = "TXT"
}
resource "hetznerdns_record" "pkgbuild_com_wildcard_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "*"
- value = "78.46.178.133"
- type = "A"
+ name = "*"
+ value = "78.46.178.133"
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_wildcard_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "*"
- value = "2a01:4f8:c2c:51e2::1"
- type = "AAAA"
+ name = "*"
+ value = "2a01:4f8:c2c:51e2::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "pkgbuild_com_mirror_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "mirror"
- value = "78.46.209.220"
- type = "A"
+ name = "mirror"
+ value = "78.46.209.220"
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_mirror_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "mirror"
- value = "2a01:4f8:c2c:c62f::1"
- type = "AAAA"
+ name = "mirror"
+ value = "2a01:4f8:c2c:c62f::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "pkgbuild_com_repro3_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "repro3"
- value = "147.75.81.79"
- type = "A"
+ name = "repro3"
+ value = "147.75.81.79"
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_repro3_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "repro3"
- value = "2604:1380:2001:4500::1"
- type = "AAAA"
+ name = "repro3"
+ value = "2604:1380:2001:4500::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "pkgbuild_com_www_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "www"
- value = "78.46.178.133"
- type = "A"
+ name = "www"
+ value = "78.46.178.133"
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_www_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "www"
- value = "2a01:4f8:c2c:51e2::1"
- type = "AAAA"
+ name = "www"
+ value = "2a01:4f8:c2c:51e2::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_origin_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "138.201.81.199"
- type = "A"
+ name = "@"
+ value = "138.201.81.199"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_origin_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "2a01:4f8:172:1d86::1"
- type = "AAAA"
+ name = "@"
+ value = "2a01:4f8:172:1d86::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_origin_caa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "0 issue \"letsencrypt.org\""
- type = "CAA"
+ name = "@"
+ value = "0 issue \"letsencrypt.org\""
+ type = "CAA"
}
resource "hetznerdns_record" "archlinux_org_origin_mx" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- ttl = "600"
- value = "10 mx"
- type = "MX"
+ name = "@"
+ ttl = "600"
+ value = "10 mx"
+ type = "MX"
}
resource "hetznerdns_record" "archlinux_org_origin_ns3" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "robotns3.second-ns.com."
- type = "NS"
+ name = "@"
+ value = "robotns3.second-ns.com."
+ type = "NS"
}
resource "hetznerdns_record" "archlinux_org_origin_ns2" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "robotns2.second-ns.de."
- type = "NS"
+ name = "@"
+ value = "robotns2.second-ns.de."
+ type = "NS"
}
resource "hetznerdns_record" "archlinux_org_origin_ns1" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- value = "ns1.first-ns.de."
- type = "NS"
+ name = "@"
+ value = "ns1.first-ns.de."
+ type = "NS"
}
# TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
@@ -221,656 +221,656 @@ resource "hetznerdns_record" "archlinux_org_origin_ns1" {
resource "hetznerdns_record" "archlinux_org_origin_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "@"
- ttl = "600"
- value = "\"v=spf1 mx ip4:66.211.214.132/28 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ip4:138.201.81.199/32 ip4:88.198.91.70/32 a:aur.archlinux.org a:apollo.archlinux.org ?all\""
- type = "TXT"
+ name = "@"
+ ttl = "600"
+ value = "\"v=spf1 mx ip4:66.211.214.132/28 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ip4:138.201.81.199/32 ip4:88.198.91.70/32 a:aur.archlinux.org a:apollo.archlinux.org ?all\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_origin_apollo_domainkey_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "apollo._domainkey"
- ttl = "600"
- value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\""
- type = "TXT"
+ name = "apollo._domainkey"
+ ttl = "600"
+ value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_accounts_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "accounts"
- value = hcloud_server.accounts.ipv4_address
- type = "A"
+ name = "accounts"
+ value = hcloud_server.accounts.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_accounts_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "accounts"
- value = hcloud_server.accounts.ipv6_address
- type = "AAAA"
+ name = "accounts"
+ value = hcloud_server.accounts.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_apollo_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "apollo"
- ttl = "600"
- value = "138.201.81.199"
- type = "A"
+ name = "apollo"
+ ttl = "600"
+ value = "138.201.81.199"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_apollo_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "apollo"
- ttl = "600"
- value = "2a01:4f8:172:1d86::1"
- type = "AAAA"
+ name = "apollo"
+ ttl = "600"
+ value = "2a01:4f8:172:1d86::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_archive_gemini_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "archive.gemini"
- value = "49.12.124.107"
- type = "A"
+ name = "archive.gemini"
+ value = "49.12.124.107"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_aur_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur"
- value = hcloud_server.aur.ipv4_address
- type = "A"
+ name = "aur"
+ value = hcloud_server.aur.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_aur_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur"
- value = hcloud_server.aur.ipv6_address
- type = "AAAA"
+ name = "aur"
+ value = hcloud_server.aur.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_aur_mx" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur"
- ttl = "600"
- value = "10 mx"
- type = "MX"
+ name = "aur"
+ ttl = "600"
+ value = "10 mx"
+ type = "MX"
}
resource "hetznerdns_record" "archlinux_org_aur_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur"
- ttl = "600"
- value = "\"v=spf1 a ?all\""
- type = "TXT"
+ name = "aur"
+ ttl = "600"
+ value = "\"v=spf1 a ?all\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_aur_dev_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur-dev"
- value = hcloud_server.aur-dev.ipv4_address
- type = "A"
+ name = "aur-dev"
+ value = hcloud_server.aur-dev.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_aur_dev_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur-dev"
- value = hcloud_server.aur-dev.ipv6_address
- type = "AAAA"
+ name = "aur-dev"
+ value = hcloud_server.aur-dev.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_aur4_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur4"
- value = "5.9.250.164"
- type = "A"
+ name = "aur4"
+ value = "5.9.250.164"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_aur4_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "aur4"
- value = "2a01:4f8:160:3033::2"
- type = "AAAA"
+ name = "aur4"
+ value = "2a01:4f8:160:3033::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_bbs_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "bbs"
- value = hcloud_server.bbs.ipv4_address
- type = "A"
+ name = "bbs"
+ value = hcloud_server.bbs.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_bbs_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "bbs"
- value = hcloud_server.bbs.ipv6_address
- type = "AAAA"
+ name = "bbs"
+ value = hcloud_server.bbs.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_bugs_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "bugs"
- value = hcloud_server.bugs.ipv4_address
- type = "A"
+ name = "bugs"
+ value = hcloud_server.bugs.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_bugs_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "bugs"
- value = hcloud_server.bugs.ipv6_address
- type = "AAAA"
+ name = "bugs"
+ value = hcloud_server.bugs.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_dragon_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "dragon"
- value = "195.201.167.210"
- type = "A"
+ name = "dragon"
+ value = "195.201.167.210"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_dragon_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "dragon"
- value = "2a01:4f8:13a:102a::2"
- type = "AAAA"
+ name = "dragon"
+ value = "2a01:4f8:13a:102a::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_gemini_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "gemini"
- value = "49.12.124.107"
- type = "A"
+ name = "gemini"
+ value = "49.12.124.107"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_gemini_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "gemini"
- value = "2a01:4f8:242:5614::2"
- type = "AAAA"
+ name = "gemini"
+ value = "2a01:4f8:242:5614::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_gitlab_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "gitlab"
- value = hcloud_server.gitlab.ipv4_address
- type = "A"
+ name = "gitlab"
+ value = hcloud_server.gitlab.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_gitlab_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "gitlab"
- value = hcloud_server.gitlab.ipv6_address
- type = "AAAA"
+ name = "gitlab"
+ value = hcloud_server.gitlab.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_homedir_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "homedir"
- value = hcloud_server.homedir.ipv4_address
- type = "A"
+ name = "homedir"
+ value = hcloud_server.homedir.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_homedir_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "homedir"
- value = hcloud_server.homedir.ipv6_address
- type = "AAAA"
+ name = "homedir"
+ value = hcloud_server.homedir.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_lists_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "lists"
- value = "5.9.250.164"
- type = "A"
+ name = "lists"
+ value = "5.9.250.164"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_lists_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "lists"
- value = "2a01:4f8:160:3033::2"
- type = "AAAA"
+ name = "lists"
+ value = "2a01:4f8:160:3033::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_lists_mx" {
zone_id = hetznerdns_zone.archlinux.id
- name = "lists"
- ttl = "600"
- value = "10 luna"
- type = "MX"
+ name = "lists"
+ ttl = "600"
+ value = "10 luna"
+ type = "MX"
}
resource "hetznerdns_record" "archlinux_org_luna_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna"
- ttl = "600"
- value = "5.9.250.164"
- type = "A"
+ name = "luna"
+ ttl = "600"
+ value = "5.9.250.164"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_luna_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna"
- ttl = "600"
- value = "2a01:4f8:160:3033::2"
- type = "AAAA"
+ name = "luna"
+ ttl = "600"
+ value = "2a01:4f8:160:3033::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_luna_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna._domainkey"
- ttl = "600"
- value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
- type = "TXT"
+ name = "luna._domainkey"
+ ttl = "600"
+ value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_luna2_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna2._domainkey"
- ttl = "600"
- value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
- type = "TXT"
+ name = "luna2._domainkey"
+ ttl = "600"
+ value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_mailman3_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "mailman3"
- value = hcloud_server.mailman3.ipv4_address
- type = "A"
+ name = "mailman3"
+ value = hcloud_server.mailman3.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_master_key_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "master-key"
- value = "138.201.81.199"
- type = "A"
+ name = "master-key"
+ value = "138.201.81.199"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_master_key_mx" {
zone_id = hetznerdns_zone.archlinux.id
- name = "master-key"
- ttl = "600"
- value = "10 mx"
- type = "MX"
+ name = "master-key"
+ ttl = "600"
+ value = "10 mx"
+ type = "MX"
}
resource "hetznerdns_record" "archlinux_org_matrix_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "matrix"
- value = hcloud_server.matrix.ipv4_address
- type = "A"
+ name = "matrix"
+ value = hcloud_server.matrix.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_monitoring_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "monitoring"
- value = hcloud_server.monitoring.ipv4_address
- type = "A"
+ name = "monitoring"
+ value = hcloud_server.monitoring.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_monitoring_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "monitoring"
- value = hcloud_server.monitoring.ipv6_address
- type = "AAAA"
+ name = "monitoring"
+ value = hcloud_server.monitoring.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_mx_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "mx"
- ttl = "600"
- value = "88.198.91.70"
- type = "A"
+ name = "mx"
+ ttl = "600"
+ value = "88.198.91.70"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_mx_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "mx"
- ttl = "600"
- value = "2a01:4f8:160:6087::1"
- type = "AAAA"
+ name = "mx"
+ ttl = "600"
+ value = "2a01:4f8:160:6087::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_orion_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "orion"
- ttl = "600"
- value = "88.198.91.70"
- type = "A"
+ name = "orion"
+ ttl = "600"
+ value = "88.198.91.70"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_orion_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "orion"
- ttl = "600"
- value = "2a01:4f8:160:6087::1"
- type = "AAAA"
+ name = "orion"
+ ttl = "600"
+ value = "2a01:4f8:160:6087::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_orion_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "orion._domainkey"
- ttl = "600"
- value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyK/JZ94O4TXYnmDhWTdbouEsLI3cBBbocliExS9Xa1si7dWMT22y619EhtHx5hRvSlN+ur3eaUC/85MN30dEDYTxO4EnNjgNRqQlE2NHd6lpAlpfHpE2vd5YcJMcx1/gy1PBCWiGv3F6n+XpoPby0Ayy0UhklQZ/gRRuspinxACDzWCMp7prncGOF42TnU81sKAVGGAmrt6Hpz\" \"wzq218BFWbxjcEIfSR+7rJXVT2DmPxBzuic0iXJhZSHmyODf7R3eAmvHgEUnz4+tk4PyXhBzp04bkMcV/I4NWS4juPqeb5x0dl0i9YYhqDPArnxnKBSyz6ABJLY1NE+5UJaxNnGLgsimvn4qt/uWxC/TuqjhNA7LcdqMUboWEB85mhabr3WNbabOhOXgEQQfh43g/E81ddEfLlXKL69D7B5YE6QjwsqKYb+fogpXiqMjoLKp9SHvuyqX+A\" \"eFFgrX8bcP2bzGjO5M8T+kT8K+OJeqdwEXBHyBFY9cCSrekYPa9zVQltw4TR4QTacz0UTAQOFwn6M+y2guXROlfImJm6PZrbPsqPUFjaf3vVw3/TdUTA32CuXdIZc9O7PZQUjIMPI2lTX3U6XRPk9zG0PqGYkRfYnYVD+1es44zgOGU8RTe1beQXKYqv9vjMQB67hcYUPUv0ZO++TmztvUjMJPvfJT7SOkkCAwEAAQ==\" "
- type = "TXT"
+ name = "orion._domainkey"
+ ttl = "600"
+ value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyK/JZ94O4TXYnmDhWTdbouEsLI3cBBbocliExS9Xa1si7dWMT22y619EhtHx5hRvSlN+ur3eaUC/85MN30dEDYTxO4EnNjgNRqQlE2NHd6lpAlpfHpE2vd5YcJMcx1/gy1PBCWiGv3F6n+XpoPby0Ayy0UhklQZ/gRRuspinxACDzWCMp7prncGOF42TnU81sKAVGGAmrt6Hpz\" \"wzq218BFWbxjcEIfSR+7rJXVT2DmPxBzuic0iXJhZSHmyODf7R3eAmvHgEUnz4+tk4PyXhBzp04bkMcV/I4NWS4juPqeb5x0dl0i9YYhqDPArnxnKBSyz6ABJLY1NE+5UJaxNnGLgsimvn4qt/uWxC/TuqjhNA7LcdqMUboWEB85mhabr3WNbabOhOXgEQQfh43g/E81ddEfLlXKL69D7B5YE6QjwsqKYb+fogpXiqMjoLKp9SHvuyqX+A\" \"eFFgrX8bcP2bzGjO5M8T+kT8K+OJeqdwEXBHyBFY9cCSrekYPa9zVQltw4TR4QTacz0UTAQOFwn6M+y2guXROlfImJm6PZrbPsqPUFjaf3vVw3/TdUTA32CuXdIZc9O7PZQUjIMPI2lTX3U6XRPk9zG0PqGYkRfYnYVD+1es44zgOGU8RTe1beQXKYqv9vjMQB67hcYUPUv0ZO++TmztvUjMJPvfJT7SOkkCAwEAAQ==\" "
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_phrik_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "phrik"
- value = hcloud_server.phrik.ipv4_address
- type = "A"
+ name = "phrik"
+ value = hcloud_server.phrik.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_quassel_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "quassel"
- value = hcloud_server.quassel.ipv4_address
- type = "A"
+ name = "quassel"
+ value = hcloud_server.quassel.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_quassel_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "quassel"
- value = hcloud_server.quassel.ipv6_address
- type = "AAAA"
+ name = "quassel"
+ value = hcloud_server.quassel.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_reproducible_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "reproducible"
- value = hcloud_server.reproducible.ipv4_address
- type = "A"
+ name = "reproducible"
+ value = hcloud_server.reproducible.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_runner2_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "runner2"
- value = "147.75.80.217"
- type = "A"
+ name = "runner2"
+ value = "147.75.80.217"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_runner2_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "runner2"
- value = "2604:1380:2001:4500::3"
- type = "AAAA"
+ name = "runner2"
+ value = "2604:1380:2001:4500::3"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_secure_runner1_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "secure-runner1"
- value = "116.202.134.150"
- type = "A"
+ name = "secure-runner1"
+ value = "116.202.134.150"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_secure_runner1_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "secure-runner1"
- value = "2a01:4f8:231:4e1e::2"
- type = "AAAA"
+ name = "secure-runner1"
+ value = "2a01:4f8:231:4e1e::2"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_secure_runner2_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "secure-runner2"
- value = hcloud_server.secure-runner2.ipv4_address
- type = "A"
+ name = "secure-runner2"
+ value = hcloud_server.secure-runner2.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_secure_runner2_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "secure-runner2"
- value = hcloud_server.secure-runner2.ipv6_address
- type = "AAAA"
+ name = "secure-runner2"
+ value = hcloud_server.secure-runner2.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_svn2gittest_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "svn2gittest"
- value = hcloud_server.svn2gittest.ipv4_address
- type = "A"
+ name = "svn2gittest"
+ value = hcloud_server.svn2gittest.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_svn2gittest_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "svn2gittest"
- value = hcloud_server.svn2gittest.ipv6_address
- type = "AAAA"
+ name = "svn2gittest"
+ value = hcloud_server.svn2gittest.ipv6_address
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_state_a" {
zone_id = hetznerdns_zone.archlinux.id
- name = "state"
- value = "116.203.16.252"
- type = "A"
+ name = "state"
+ value = "116.203.16.252"
+ type = "A"
}
resource "hetznerdns_record" "archlinux_org_state_aaaa" {
zone_id = hetznerdns_zone.archlinux.id
- name = "state"
- value = "2a01:4f8:c2c:474::1"
- type = "AAAA"
+ name = "state"
+ value = "2a01:4f8:c2c:474::1"
+ type = "AAAA"
}
resource "hetznerdns_record" "archlinux_org_archive_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "archive"
- value = "gemini"
- type = "CNAME"
+ name = "archive"
+ value = "gemini"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_conf_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "conf"
- value = "apollo"
- type = "CNAME"
+ name = "conf"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_dev_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "dev"
- value = "apollo"
- type = "CNAME"
+ name = "dev"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_g2kjxsblac7x_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "g2kjxsblac7x"
- value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com."
- type = "CNAME"
+ name = "g2kjxsblac7x"
+ value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com."
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_git_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "git"
- value = "luna"
- type = "CNAME"
+ name = "git"
+ value = "luna"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_grafana_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "grafana"
- value = "apollo"
- type = "CNAME"
+ name = "grafana"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_ipxe_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "ipxe"
- value = "apollo"
- type = "CNAME"
+ name = "ipxe"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_kanboard_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "kanboard"
- value = "apollo"
- type = "CNAME"
+ name = "kanboard"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_luna2_domainkey_aur_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna2._domainkey.aur"
- value = "luna2._domainkey"
- type = "CNAME"
+ name = "luna2._domainkey.aur"
+ value = "luna2._domainkey"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_luna2_domainkey_lists_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "luna2._domainkey.lists"
- value = "luna2._domainkey"
- type = "CNAME"
+ name = "luna2._domainkey.lists"
+ value = "luna2._domainkey"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_mail_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "mail"
- value = "orion"
- type = "CNAME"
+ name = "mail"
+ value = "orion"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_mailman_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "mailman"
- value = "apollo"
- type = "CNAME"
+ name = "mailman"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_openpgpkey_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "openpgpkey"
- value = "orion"
- type = "CNAME"
+ name = "openpgpkey"
+ value = "orion"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_packages_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "packages"
- value = "apollo"
- type = "CNAME"
+ name = "packages"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_patchwork_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "patchwork"
- value = "apollo"
- type = "CNAME"
+ name = "patchwork"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_planet_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "planet"
- value = "apollo"
- type = "CNAME"
+ name = "planet"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_projects_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "projects"
- value = "luna"
- type = "CNAME"
+ name = "projects"
+ value = "luna"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_repos_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "repos"
- value = "gemini"
- type = "CNAME"
+ name = "repos"
+ value = "gemini"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_rsync_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "rsync"
- value = "gemini"
- type = "CNAME"
+ name = "rsync"
+ value = "gemini"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_security_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "security"
- value = "apollo"
- type = "CNAME"
+ name = "security"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_sources_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "sources"
- value = "gemini"
- type = "CNAME"
+ name = "sources"
+ value = "gemini"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_static_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "static"
- value = "apollo"
- type = "CNAME"
+ name = "static"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_static_conf_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "static.conf"
- value = "apollo"
- type = "CNAME"
+ name = "static.conf"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_status_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "status"
- value = "stats.uptimerobot.com."
- type = "CNAME"
+ name = "status"
+ value = "stats.uptimerobot.com."
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_svn_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "svn"
- value = "gemini"
- type = "CNAME"
+ name = "svn"
+ value = "gemini"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_wiki_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "wiki"
- value = "apollo"
- type = "CNAME"
+ name = "wiki"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_www_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "www"
- value = "apollo"
- type = "CNAME"
+ name = "www"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_zabbix_cname" {
zone_id = hetznerdns_zone.archlinux.id
- name = "zabbix"
- value = "apollo"
- type = "CNAME"
+ name = "zabbix"
+ value = "apollo"
+ type = "CNAME"
}
resource "hetznerdns_record" "archlinux_org_matrix_tcp_srv" {
zone_id = hetznerdns_zone.archlinux.id
- name = "_matrix._tcp"
- value = "10 0 8448 matrix"
- type = "SRV"
+ name = "_matrix._tcp"
+ value = "10 0 8448 matrix"
+ type = "SRV"
}
resource "hetznerdns_record" "archlinux_org_dmarc_txt" {
zone_id = hetznerdns_zone.archlinux.id
- name = "_dmarc"
- value = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
- type = "TXT"
+ name = "_dmarc"
+ value = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux" {
zone_id = hetznerdns_zone.archlinux.id
- name = "_github-challenge-archlinux"
- value = "\"824af4446e\""
- type = "TXT"
+ name = "_github-challenge-archlinux"
+ value = "\"824af4446e\""
+ type = "TXT"
}
resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux_www" {
zone_id = hetznerdns_zone.archlinux.id
- name = "_github-challenge-archlinux.www"
- value = "\"b53f311f86\""
- type = "TXT"
+ name = "_github-challenge-archlinux.www"
+ value = "\"b53f311f86\""
+ type = "TXT"
}
resource "hcloud_rdns" "quassel_ipv4" {
@@ -959,8 +959,8 @@ resource "hcloud_server" "gitlab" {
}
resource "hcloud_volume" "gitlab" {
- name = "gitlab"
- size = 1000
+ name = "gitlab"
+ size = 1000
server_id = hcloud_server.gitlab.id
}
@@ -1004,7 +1004,7 @@ resource "hcloud_server" "accounts" {
server_type = "cx11"
provisioner "local-exec" {
working_dir = ".."
- command = "ansible-playbook --ssh-extra-args '-o StrictHostKeyChecking=no' playbooks/accounts.archlinux.org.yml"
+ command = "ansible-playbook --ssh-extra-args '-o StrictHostKeyChecking=no' playbooks/accounts.archlinux.org.yml"
}
lifecycle {
ignore_changes = [image]
@@ -1012,8 +1012,8 @@ resource "hcloud_server" "accounts" {
}
resource "hcloud_volume" "mirror" {
- name = "mirror"
- size = 100
+ name = "mirror"
+ size = 100
server_id = hcloud_server.mirror.id
}
@@ -1041,8 +1041,8 @@ resource "hcloud_server" "mirror" {
# TODO: This is a temporary box!
# Delete it in 2021.
resource "hcloud_volume" "archconfbox" {
- name = "archconfbox"
- size = 800
+ name = "archconfbox"
+ size = 800
server_id = hcloud_server.archconfbox.id
}
@@ -1069,16 +1069,16 @@ resource "hcloud_server" "archconfbox" {
resource "hetznerdns_record" "pkgbuild_com_archconfbox_a" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "archconfbox"
- value = hcloud_server.archconfbox.ipv4_address
- type = "A"
+ name = "archconfbox"
+ value = hcloud_server.archconfbox.ipv4_address
+ type = "A"
}
resource "hetznerdns_record" "pkgbuild_com_archconfbox_aaaa" {
zone_id = hetznerdns_zone.pkgbuild.id
- name = "archconfbox"
- value = hcloud_server.archconfbox.ipv6_address
- type = "AAAA"
+ name = "archconfbox"
+ value = hcloud_server.archconfbox.ipv6_address
+ type = "AAAA"
}
@@ -1104,8 +1104,8 @@ resource "hcloud_server" "homedir" {
}
resource "hcloud_volume" "homedir" {
- name = "homedir"
- size = 100
+ name = "homedir"
+ size = 100
server_id = hcloud_server.homedir.id
}
diff --git a/tf-stage2/keycloak.tf b/tf-stage2/keycloak.tf
index 9a8cae24f..83d15fa5b 100644
--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -10,54 +10,54 @@ data "external" "vault_keycloak" {
"vault_keycloak_admin_password",
"vault_keycloak_smtp_user",
"vault_keycloak_smtp_password",
- "--format", "json"]
+ "--format", "json"]
}
data "external" "vault_google" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
"vault_google_recaptcha_site_key",
"vault_google_recaptcha_secret_key",
- "--format", "json"]
+ "--format", "json"]
}
data "external" "vault_github" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
"vault_github_oauth_app_client_id",
"vault_github_oauth_app_client_secret",
- "--format", "json"]
+ "--format", "json"]
}
data "external" "vault_monitoring" {
program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
"vault_monitoring_grafana_client_secret",
- "--format", "json"]
+ "--format", "json"]
}
provider "keycloak" {
client_id = "admin-cli"
- username = data.external.vault_keycloak.result.vault_keycloak_admin_user
- password = data.external.vault_keycloak.result.vault_keycloak_admin_password
- url = "https://accounts.archlinux.org"
+ username = data.external.vault_keycloak.result.vault_keycloak_admin_user
+ password = data.external.vault_keycloak.result.vault_keycloak_admin_password
+ url = "https://accounts.archlinux.org"
}
variable "gitlab_instance" {
default = {
- root_url = "https://gitlab.archlinux.org"
+ root_url = "https://gitlab.archlinux.org"
saml_redirect_url = "https://gitlab.archlinux.org/users/auth/saml/callback"
}
}
resource "keycloak_realm" "archlinux" {
- realm = "archlinux"
- enabled = true
- remember_me = true
- display_name = "Arch Linux"
+ realm = "archlinux"
+ enabled = true
+ remember_me = true
+ display_name = "Arch Linux"
display_name_html = "<div class=\"kc-logo-text\"><span>Arch Linux</span></div>"
- reset_password_allowed = true
- verify_email = true
+ reset_password_allowed = true
+ verify_email = true
login_with_email_allowed = true
- password_policy = "length(8) and notUsername"
+ password_policy = "length(8) and notUsername"
web_authn_policy {
relying_party_entity_name = "Arch Linux SSO"
@@ -65,21 +65,21 @@ resource "keycloak_realm" "archlinux" {
signature_algorithms = ["ES256", "RS256", "ES512", "RS512"]
}
- login_theme = "archlinux"
+ login_theme = "archlinux"
account_theme = "archlinux"
- admin_theme = "archlinux"
+ admin_theme = "archlinux"
- browser_flow = "Arch Browser"
- registration_flow = "Arch Registration"
+ browser_flow = "Arch Browser"
+ registration_flow = "Arch Registration"
reset_credentials_flow = "Arch Reset Credentials"
smtp_server {
- host = "mail.archlinux.org"
- from = "accounts@archlinux.org"
- port = "587"
+ host = "mail.archlinux.org"
+ from = "accounts@archlinux.org"
+ port = "587"
from_display_name = "Arch Linux Accounts"
- ssl = false
- starttls = true
+ ssl = false
+ starttls = true
auth {
username = data.external.vault_keycloak.result.vault_keycloak_smtp_user
@@ -98,70 +98,70 @@ resource "keycloak_realm" "archlinux" {
strict_transport_security = "max-age=31536000; includeSubDomains"
}
brute_force_detection {
- permanent_lockout = false
- max_login_failures = 30
- wait_increment_seconds = 60
- quick_login_check_milli_seconds = 1000
- minimum_quick_login_wait_seconds = 60
- max_failure_wait_seconds = 900
- failure_reset_time_seconds = 43200
+ permanent_lockout = false
+ max_login_failures = 30
+ wait_increment_seconds = 60
+ quick_login_check_milli_seconds = 1000
+ minimum_quick_login_wait_seconds = 60
+ max_failure_wait_seconds = 900
+ failure_reset_time_seconds = 43200
}
}
}
resource "keycloak_required_action" "configure_otp" {
- realm_id = "archlinux"
- alias = "CONFIGURE_TOTP"
- enabled = true
- name = "Configure OTP"
- priority = 0
+ realm_id = "archlinux"
+ alias = "CONFIGURE_TOTP"
+ enabled = true
+ name = "Configure OTP"
+ priority = 0
}
resource "keycloak_required_action" "update_password" {
- realm_id = "archlinux"
- alias = "UPDATE_PASSWORD"
- enabled = true
- name = "Update Password"
- priority = 20
+ realm_id = "archlinux"
+ alias = "UPDATE_PASSWORD"
+ enabled = true
+ name = "Update Password"
+ priority = 20
}
resource "keycloak_required_action" "update_profile" {
- realm_id = "archlinux"
- alias = "UPDATE_PROFILE"
- enabled = true
- name = "Update Profile"
- priority = 30
+ realm_id = "archlinux"
+ alias = "UPDATE_PROFILE"
+ enabled = true
+ name = "Update Profile"
+ priority = 30
}
resource "keycloak_required_action" "verify_email" {
- realm_id = "archlinux"
- alias = "VERIFY_EMAIL"
- enabled = true
- name = "Verify Email"
- priority = 40
+ realm_id = "archlinux"
+ alias = "VERIFY_EMAIL"
+ enabled = true
+ name = "Verify Email"
+ priority = 40
}
resource "keycloak_required_action" "update_user_locale" {
- realm_id = "archlinux"
- alias = "update_user_locale"
- enabled = true
- name = "Update User Locale"
- priority = 50
+ realm_id = "archlinux"
+ alias = "update_user_locale"
+ enabled = true
+ name = "Update User Locale"
+ priority = 50
}
resource "keycloak_required_action" "webauthn_register" {
- realm_id = "archlinux"
- alias = "webauthn-register"
- enabled = true
- name = "Webauthn Register"
- priority = 60
+ realm_id = "archlinux"
+ alias = "webauthn-register"
+ enabled = true
+ name = "Webauthn Register"
+ priority = 60
}
resource "keycloak_realm_events" "realm_events" {
realm_id = "archlinux"
- events_enabled = true
- events_expiration = 7889238 # 3 months
+ events_enabled = true
+ events_expiration = 7889238 # 3 months
admin_events_enabled = true
admin_events_details_enabled = true
@@ -171,47 +171,47 @@ resource "keycloak_realm_events" "realm_events" {
]
events_listeners = [
- "jboss-logging", # keycloak enables the 'jboss-logging' event listener by default.
+ "jboss-logging", # keycloak enables the 'jboss-logging' event listener by default.
"metrics-listener", # enable the prometheus exporter (keycloak-metrics-spi)
]
}
resource "keycloak_oidc_identity_provider" "realm_identity_provider" {
- realm = "archlinux"
- alias = "github"
- provider_id = "github"
- authorization_url = "https://accounts.archlinux.org/auth/realms/archlinux/broker/github/endpoint"
- client_id = data.external.vault_github.result.vault_github_oauth_app_client_id
- client_secret = data.external.vault_github.result.vault_github_oauth_app_client_secret
- token_url = ""
- default_scopes = ""
+ realm = "archlinux"
+ alias = "github"
+ provider_id = "github"
+ authorization_url = "https://accounts.archlinux.org/auth/realms/archlinux/broker/github/endpoint"
+ client_id = data.external.vault_github.result.vault_github_oauth_app_client_id
+ client_secret = data.external.vault_github.result.vault_github_oauth_app_client_secret
+ token_url = ""
+ default_scopes = ""
post_broker_login_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
- enabled = false
- trust_email = false
- store_token = false
- backchannel_supported = false
+ enabled = false
+ trust_email = false
+ store_token = false
+ backchannel_supported = false
extra_config = {
syncMode = "IMPORT"
}
}
resource "keycloak_saml_client" "saml_gitlab" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = "saml_gitlab"
- name = "Arch Linux Accounts"
+ name = "Arch Linux Accounts"
enabled = true
signature_algorithm = "RSA_SHA256"
- sign_documents = true
- sign_assertions = true
+ sign_documents = true
+ sign_assertions = true
valid_redirect_uris = [
var.gitlab_instance.saml_redirect_url
]
- root_url = var.gitlab_instance.root_url
- base_url = "/"
+ root_url = var.gitlab_instance.root_url
+ base_url = "/"
master_saml_processing_url = var.gitlab_instance.saml_redirect_url
idp_initiated_sso_url_name = "saml_gitlab"
@@ -221,61 +221,61 @@ resource "keycloak_saml_client" "saml_gitlab" {
// This client is only used for the return URL redirect hack!
// See roles/gitlab/tasks/main.yml
resource "keycloak_openid_client" "openid_gitlab" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = "openid_gitlab"
- name = "Arch Linux Accounts"
+ name = "Arch Linux Accounts"
enabled = true
- access_type = "PUBLIC"
+ access_type = "PUBLIC"
standard_flow_enabled = true
- full_scope_allowed = false
+ full_scope_allowed = false
valid_redirect_uris = [
"https://gitlab.archlinux.org"
]
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_email" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = keycloak_saml_client.saml_gitlab.id
- name = "email"
- user_property = "Email"
- friendly_name = "Email"
- saml_attribute_name = "email"
+ name = "email"
+ user_property = "Email"
+ friendly_name = "Email"
+ saml_attribute_name = "email"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_first_name" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = keycloak_saml_client.saml_gitlab.id
- name = "first_name"
- user_property = "FirstName"
- friendly_name = "First Name"
- saml_attribute_name = "first_name"
+ name = "first_name"
+ user_property = "FirstName"
+ friendly_name = "First Name"
+ saml_attribute_name = "first_name"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_last_name" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = keycloak_saml_client.saml_gitlab.id
- name = "last_name"
- user_property = "LastName"
- friendly_name = "Last Name"
- saml_attribute_name = "last_name"
+ name = "last_name"
+ user_property = "LastName"
+ friendly_name = "Last Name"
+ saml_attribute_name = "last_name"
saml_attribute_name_format = "Basic"
}
resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
client_id = keycloak_saml_client.saml_gitlab.id
- name = "username"
- user_property = "Username"
- friendly_name = "Username"
- saml_attribute_name = "username"
+ name = "username"
+ user_property = "Username"
+ friendly_name = "Username"
+ saml_attribute_name = "username"
saml_attribute_name_format = "Basic"
}
@@ -305,101 +305,101 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
// |- Testers
resource "keycloak_group" "staff" {
realm_id = "archlinux"
- name = "Arch Linux Staff"
+ name = "Arch Linux Staff"
}
resource "keycloak_group" "staff_groups" {
for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff.id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "staff_wiki_groups" {
for_each = toset(["Admins"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Wiki"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "staff_forum_groups" {
for_each = toset(["Admins", "Mods"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Forum"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "staff_securityteam_groups" {
for_each = toset(["Admins", "Members"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Security Team"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "staff_irc_groups" {
for_each = toset(["Ops"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["IRC"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "staff_archweb_groups" {
for_each = toset(["Mirrorlist Maintainers"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.staff_groups["Archweb"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "externalcontributors" {
realm_id = "archlinux"
- name = "External Contributors"
+ name = "External Contributors"
}
resource "keycloak_group" "externalcontributors_groups" {
for_each = toset(["Security Team", "Archweb"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.externalcontributors.id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "externalcontributors_securityteam_groups" {
for_each = toset(["Reporters"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.externalcontributors_groups["Security Team"].id
- name = each.value
+ name = each.value
}
resource "keycloak_group" "externalcontributors_archweb_groups" {
for_each = toset(["Testers"])
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_id = keycloak_group.externalcontributors_groups["Archweb"].id
- name = each.value
+ name = each.value
}
resource "keycloak_role" "devops" {
- realm_id = "archlinux"
- name = "DevOps"
+ realm_id = "archlinux"
+ name = "DevOps"
description = "Role held by members of the DevOps group"
}
resource "keycloak_role" "staff" {
- realm_id = "archlinux"
- name = "Staff"
+ realm_id = "archlinux"
+ name = "Staff"
description = "Role held by all Arch Linux staff"
}
resource "keycloak_role" "externalcontributor" {
- realm_id = "archlinux"
- name = "External Contributor"
+ realm_id = "archlinux"
+ name = "External Contributor"
description = "Role held by external contributors working on Arch Linux projects without further access"
}
@@ -429,59 +429,59 @@ resource "keycloak_group_roles" "externalcontributor" {
// Add new custom registration flow with reCAPTCHA
resource "keycloak_authentication_flow" "arch_registration_flow" {
- realm_id = "archlinux"
- alias = "Arch Registration"
+ realm_id = "archlinux"
+ alias = "Arch Registration"
description = "Customized Registration flow that forces enables ReCAPTCHA."
}
resource "keycloak_authentication_subflow" "registration_form" {
- realm_id = "archlinux"
- alias = "Registration Form"
+ realm_id = "archlinux"
+ alias = "Registration Form"
parent_flow_alias = keycloak_authentication_flow.arch_registration_flow.alias
- provider_id = "form-flow"
- authenticator = "registration-page-form"
- requirement = "REQUIRED"
+ provider_id = "form-flow"
+ authenticator = "registration-page-form"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "registration_user_creation" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
- authenticator = "registration-user-creation"
- requirement = "REQUIRED"
+ authenticator = "registration-user-creation"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "registration_profile_action" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
- authenticator = "registration-profile-action"
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.registration_user_creation]
+ authenticator = "registration-profile-action"
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.registration_user_creation]
}
resource "keycloak_authentication_execution" "registration_password_action" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
- authenticator = "registration-password-action"
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.registration_profile_action]
+ authenticator = "registration-password-action"
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.registration_profile_action]
}
resource "keycloak_authentication_execution" "registration_recaptcha_action" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
- authenticator = "registration-recaptcha-action"
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.registration_password_action]
+ authenticator = "registration-recaptcha-action"
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.registration_password_action]
}
resource "keycloak_authentication_execution_config" "registration_recaptcha_action_config" {
- realm_id = "archlinux"
- alias = "reCAPTCHA config"
+ realm_id = "archlinux"
+ alias = "reCAPTCHA config"
execution_id = keycloak_authentication_execution.registration_recaptcha_action.id
config = {
"useRecaptchaNet" = "false",
- "site.key" = data.external.vault_google.result.vault_google_recaptcha_site_key
- "secret" = data.external.vault_google.result.vault_google_recaptcha_secret_key
+ "site.key" = data.external.vault_google.result.vault_google_recaptcha_site_key
+ "secret" = data.external.vault_google.result.vault_google_recaptcha_secret_key
}
}
@@ -511,78 +511,78 @@ resource "keycloak_authentication_execution_config" "registration_recaptcha_acti
// tables on the Keycloak Postgres DB! Quality Red Hat software right there.
resource "keycloak_authentication_flow" "arch_browser_flow" {
- realm_id = "archlinux"
- alias = "Arch Browser"
+ realm_id = "archlinux"
+ alias = "Arch Browser"
description = "Customized Browser flow that forces 2FA."
}
resource "keycloak_authentication_execution" "cookie" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
- authenticator = "auth-cookie"
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_flow.arch_browser_flow]
+ authenticator = "auth-cookie"
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_flow.arch_browser_flow]
}
resource "keycloak_authentication_execution" "identity_provider_redirector" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
- authenticator = "identity-provider-redirector"
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.cookie]
+ authenticator = "identity-provider-redirector"
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.cookie]
}
resource "keycloak_authentication_subflow" "password_and_2fa" {
- realm_id = "archlinux"
- alias = "Password and 2FA subflow"
+ realm_id = "archlinux"
+ alias = "Password and 2FA subflow"
parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.identity_provider_redirector]
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.identity_provider_redirector]
}
resource "keycloak_authentication_execution" "username_password_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.password_and_2fa.alias
- authenticator = "auth-username-password-form"
- requirement = "REQUIRED"
+ authenticator = "auth-username-password-form"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_subflow" "_2fa" {
- realm_id = "archlinux"
- alias = "2FA subflow"
+ realm_id = "archlinux"
+ alias = "2FA subflow"
parent_flow_alias = keycloak_authentication_subflow.password_and_2fa.alias
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.username_password_form]
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.username_password_form]
}
resource "keycloak_authentication_execution" "webauthn_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow._2fa.alias
- authenticator = "webauthn-authenticator"
- requirement = "ALTERNATIVE"
+ authenticator = "webauthn-authenticator"
+ requirement = "ALTERNATIVE"
}
resource "keycloak_authentication_execution" "otp_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow._2fa.alias
- authenticator = "auth-otp-form"
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.webauthn_form]
+ authenticator = "auth-otp-form"
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.webauthn_form]
}
resource "keycloak_authentication_subflow" "otp_default" {
- realm_id = "archlinux"
- alias = "OTP Default Subflow"
+ realm_id = "archlinux"
+ alias = "OTP Default Subflow"
parent_flow_alias = keycloak_authentication_subflow._2fa.alias
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.otp_form]
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.otp_form]
}
resource "keycloak_authentication_execution" "otp_default_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.otp_default.alias
- authenticator = "auth-otp-form"
- requirement = "REQUIRED"
+ authenticator = "auth-otp-form"
+ requirement = "REQUIRED"
}
// Add new custom post-Identity Provider login flow with forced OTP for some user roles
@@ -594,39 +594,39 @@ resource "keycloak_authentication_execution" "otp_default_form" {
// |- OTP Form (R)
resource "keycloak_authentication_flow" "arch_post_ipr_flow" {
- realm_id = "archlinux"
- alias = "Arch Post IPR Flow"
+ realm_id = "archlinux"
+ alias = "Arch Post IPR Flow"
description = "Post IPR login flow that forces 2FA."
}
resource "keycloak_authentication_execution" "ipr_webauthn_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
- authenticator = "webauthn-authenticator"
- requirement = "ALTERNATIVE"
+ authenticator = "webauthn-authenticator"
+ requirement = "ALTERNATIVE"
}
resource "keycloak_authentication_execution" "ipr_otp_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
- authenticator = "auth-otp-form"
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.ipr_webauthn_form]
+ authenticator = "auth-otp-form"
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.ipr_webauthn_form]
}
resource "keycloak_authentication_subflow" "ipr_otp_default" {
- realm_id = "archlinux"
- alias = "IPR OTP Default Subflow"
+ realm_id = "archlinux"
+ alias = "IPR OTP Default Subflow"
parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.ipr_otp_form]
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.ipr_otp_form]
}
resource "keycloak_authentication_execution" "ipr_otp_default_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.ipr_otp_default.alias
- authenticator = "auth-otp-form"
- requirement = "REQUIRED"
+ authenticator = "auth-otp-form"
+ requirement = "REQUIRED"
}
// Add new custom Reset Credentials flow that asks users to verify 2FA before resetting their password
@@ -644,106 +644,106 @@ resource "keycloak_authentication_execution" "ipr_otp_default_form" {
// |- Reset Password (R)
resource "keycloak_authentication_flow" "arch_reset_credentials_flow" {
- realm_id = "archlinux"
- alias = "Arch Reset Credentials"
+ realm_id = "archlinux"
+ alias = "Arch Reset Credentials"
description = "Reset credentials flow that forces 2FA verification before password reset."
}
resource "keycloak_authentication_execution" "rc_choose_user" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
- authenticator = "reset-credentials-choose-user"
- requirement = "REQUIRED"
+ authenticator = "reset-credentials-choose-user"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "rc_reset_email" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
- authenticator = "reset-credential-email"
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.rc_choose_user]
+ authenticator = "reset-credential-email"
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.rc_choose_user]
}
resource "keycloak_authentication_subflow" "rc_conditional_2fa" {
- realm_id = "archlinux"
- alias = "Conditional Reset Credentials 2FA Subflow"
+ realm_id = "archlinux"
+ alias = "Conditional Reset Credentials 2FA Subflow"
parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
- requirement = "CONDITIONAL"
- depends_on = [keycloak_authentication_execution.rc_choose_user]
+ requirement = "CONDITIONAL"
+ depends_on = [keycloak_authentication_execution.rc_choose_user]
}
resource "keycloak_authentication_execution" "rc_2fa_condition" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.rc_conditional_2fa.alias
- authenticator = "conditional-user-configured"
- requirement = "REQUIRED"
+ authenticator = "conditional-user-configured"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_subflow" "rc_2fa" {
- realm_id = "archlinux"
- alias = "Reset Credentials 2FA Subflow"
+ realm_id = "archlinux"
+ alias = "Reset Credentials 2FA Subflow"
parent_flow_alias = keycloak_authentication_subflow.rc_conditional_2fa.alias
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_execution.rc_2fa_condition]
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_execution.rc_2fa_condition]
}
resource "keycloak_authentication_execution" "rc_webauthn_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
- authenticator = "webauthn-authenticator"
- requirement = "ALTERNATIVE"
+ authenticator = "webauthn-authenticator"
+ requirement = "ALTERNATIVE"
}
resource "keycloak_authentication_execution" "rc_otp_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
- authenticator = "auth-otp-form"
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.rc_webauthn_form]
+ authenticator = "auth-otp-form"
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.rc_webauthn_form]
}
resource "keycloak_authentication_subflow" "rc_otp_default" {
- realm_id = "archlinux"
- alias = "Reset Credentials OTP Default Subflow"
+ realm_id = "archlinux"
+ alias = "Reset Credentials OTP Default Subflow"
parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
- requirement = "ALTERNATIVE"
- depends_on = [keycloak_authentication_execution.rc_otp_form]
+ requirement = "ALTERNATIVE"
+ depends_on = [keycloak_authentication_execution.rc_otp_form]
}
resource "keycloak_authentication_execution" "rc_otp_default_form" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_subflow.rc_otp_default.alias
- authenticator = "auth-otp-form"
- requirement = "REQUIRED"
+ authenticator = "auth-otp-form"
+ requirement = "REQUIRED"
}
resource "keycloak_authentication_execution" "rc_reset_password" {
- realm_id = "archlinux"
+ realm_id = "archlinux"
parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
- authenticator = "reset-password"
- requirement = "REQUIRED"
- depends_on = [keycloak_authentication_subflow.rc_conditional_2fa]
+ authenticator = "reset-password"
+ requirement = "REQUIRED"
+ depends_on = [keycloak_authentication_subflow.rc_conditional_2fa]
}
output "gitlab_saml_configuration" {
value = {
- issuer = keycloak_saml_client.saml_gitlab.client_id
- assertion_consumer_service_url = var.gitlab_instance.saml_redirect_url
- admin_groups = [keycloak_role.devops.name]
- idp_sso_target_url = "https://accounts.archlinux.org/auth/realms/archlinux/protocol/saml/clients/${keycloak_saml_client.saml_gitlab.client_id}"
+ issuer = keycloak_saml_client.saml_gitlab.client_id
+ assertion_consumer_service_url = var.gitlab_instance.saml_redirect_url
+ admin_groups = [keycloak_role.devops.name]
+ idp_sso_target_url = "https://accounts.archlinux.org/auth/realms/archlinux/protocol/saml/clients/${keycloak_saml_client.saml_gitlab.client_id}"
signing_certificate_fingerprint = keycloak_saml_client.saml_gitlab.signing_certificate
}
}
resource "keycloak_openid_client" "grafana_openid_client" {
- realm_id = "archlinux"
- client_id = "openid_grafana"
- client_secret = data.external.vault_monitoring.result.vault_monitoring_grafana_client_secret
+ realm_id = "archlinux"
+ client_id = "openid_grafana"
+ client_secret = data.external.vault_monitoring.result.vault_monitoring_grafana_client_secret
- name = "Grafana"
+ name = "Grafana"
enabled = true
- access_type = "CONFIDENTIAL"
+ access_type = "CONFIDENTIAL"
standard_flow_enabled = true
valid_redirect_uris = [
"https://monitoring.archlinux.org",
@@ -752,12 +752,12 @@ resource "keycloak_openid_client" "grafana_openid_client" {
}
resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper" {
- realm_id = "archlinux"
- client_id = keycloak_openid_client.grafana_openid_client.id
- name = "user realms"
+ realm_id = "archlinux"
+ client_id = keycloak_openid_client.grafana_openid_client.id
+ name = "user realms"
- claim_name = "roles"
- multivalued = true
- add_to_id_token = false
+ claim_name = "roles"
+ multivalued = true
+ add_to_id_token = false
add_to_access_token = false
}
--
GitLab