introduce terraform fmt to the CI to improve readability

80c22539 · Frederik Schwan · f050b75f · 80c22539 · 80c22539 · 80c22539
Verified Commit 80c22539 authored 4 years ago by Frederik Schwan
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,6 +15,8 @@ terraform-validate:
    - cd tf-stage1
    - terraform init -backend=false
    - terraform validate
+    - terraform fmt --check
    - cd ../tf-stage2
    - terraform init -backend=false
    - terraform validate
+    - terraform fmt --check
--- a/tf-stage1/archlinux.tf
+++ b/tf-stage1/archlinux.tf
@@ -29,61 +29,61 @@ provider "hetznerdns" {

 resource "hetznerdns_zone" "archlinux" {
  name = "archlinux.org"
-  ttl = 86400
+  ttl  = 86400
 }

 resource "hetznerdns_zone" "pkgbuild" {
  name = "pkgbuild.com"
-  ttl = 86400
+  ttl  = 86400
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "78.46.178.133"
-  type = "A"
+  name    = "@"
+  value   = "78.46.178.133"
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "2a01:4f8:c2c:51e2::1"
-  type = "AAAA"
+  name    = "@"
+  value   = "2a01:4f8:c2c:51e2::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_caa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "0 issue \"letsencrypt.org\""
-  type = "CAA"
+  name    = "@"
+  value   = "0 issue \"letsencrypt.org\""
+  type    = "CAA"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_mx" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "0 ."
-  type = "MX"
+  name    = "@"
+  value   = "0 ."
+  type    = "MX"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_ns3" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "robotns3.second-ns.com."
-  type = "NS"
+  name    = "@"
+  value   = "robotns3.second-ns.com."
+  type    = "NS"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_ns2" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "robotns2.second-ns.de."
-  type = "NS"
+  name    = "@"
+  value   = "robotns2.second-ns.de."
+  type    = "NS"
 }

 resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "ns1.first-ns.de."
-  type = "NS"
+  name    = "@"
+  value   = "ns1.first-ns.de."
+  type    = "NS"
 }

 # TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
@@ -98,115 +98,115 @@ resource "hetznerdns_record" "pkgbuild_com_origin_ns1" {

 resource "hetznerdns_record" "pkgbuild_com_origin_txt" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "@"
-  value = "\"v=spf1 -all\""
-  type = "TXT"
+  name    = "@"
+  value   = "\"v=spf1 -all\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "pkgbuild_com_wildcard_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "*"
-  value = "78.46.178.133"
-  type = "A"
+  name    = "*"
+  value   = "78.46.178.133"
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_wildcard_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "*"
-  value = "2a01:4f8:c2c:51e2::1"
-  type = "AAAA"
+  name    = "*"
+  value   = "2a01:4f8:c2c:51e2::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "pkgbuild_com_mirror_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "mirror"
-  value = "78.46.209.220"
-  type = "A"
+  name    = "mirror"
+  value   = "78.46.209.220"
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_mirror_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "mirror"
-  value = "2a01:4f8:c2c:c62f::1"
-  type = "AAAA"
+  name    = "mirror"
+  value   = "2a01:4f8:c2c:c62f::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "pkgbuild_com_repro3_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "repro3"
-  value = "147.75.81.79"
-  type = "A"
+  name    = "repro3"
+  value   = "147.75.81.79"
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_repro3_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "repro3"
-  value = "2604:1380:2001:4500::1"
-  type = "AAAA"
+  name    = "repro3"
+  value   = "2604:1380:2001:4500::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "pkgbuild_com_www_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "www"
-  value = "78.46.178.133"
-  type = "A"
+  name    = "www"
+  value   = "78.46.178.133"
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_www_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "www"
-  value = "2a01:4f8:c2c:51e2::1"
-  type = "AAAA"
+  name    = "www"
+  value   = "2a01:4f8:c2c:51e2::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_origin_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "138.201.81.199"
-  type = "A"
+  name    = "@"
+  value   = "138.201.81.199"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_origin_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "2a01:4f8:172:1d86::1"
-  type = "AAAA"
+  name    = "@"
+  value   = "2a01:4f8:172:1d86::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_origin_caa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "0 issue \"letsencrypt.org\""
-  type = "CAA"
+  name    = "@"
+  value   = "0 issue \"letsencrypt.org\""
+  type    = "CAA"
 }

 resource "hetznerdns_record" "archlinux_org_origin_mx" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  ttl = "600"
-  value = "10 mx"
-  type = "MX"
+  name    = "@"
+  ttl     = "600"
+  value   = "10 mx"
+  type    = "MX"
 }

 resource "hetznerdns_record" "archlinux_org_origin_ns3" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "robotns3.second-ns.com."
-  type = "NS"
+  name    = "@"
+  value   = "robotns3.second-ns.com."
+  type    = "NS"
 }

 resource "hetznerdns_record" "archlinux_org_origin_ns2" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "robotns2.second-ns.de."
-  type = "NS"
+  name    = "@"
+  value   = "robotns2.second-ns.de."
+  type    = "NS"
 }

 resource "hetznerdns_record" "archlinux_org_origin_ns1" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  value = "ns1.first-ns.de."
-  type = "NS"
+  name    = "@"
+  value   = "ns1.first-ns.de."
+  type    = "NS"
 }

 # TODO: Commented currently as we have no idea how to handle SOA stuff with Terraform:
@@ -221,656 +221,656 @@ resource "hetznerdns_record" "archlinux_org_origin_ns1" {

 resource "hetznerdns_record" "archlinux_org_origin_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "@"
-  ttl = "600"
-  value = "\"v=spf1 mx ip4:66.211.214.132/28 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ip4:138.201.81.199/32 ip4:88.198.91.70/32 a:aur.archlinux.org a:apollo.archlinux.org ?all\""
-  type = "TXT"
+  name    = "@"
+  ttl     = "600"
+  value   = "\"v=spf1 mx ip4:66.211.214.132/28 ip4:5.9.250.164 ip6:2a01:4f8:160:3033::2 ip4:138.201.81.199/32 ip4:88.198.91.70/32 a:aur.archlinux.org a:apollo.archlinux.org ?all\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_origin_apollo_domainkey_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "apollo._domainkey"
-  ttl = "600"
-  value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\""
-  type = "TXT"
+  name    = "apollo._domainkey"
+  ttl     = "600"
+  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvZIf8SbjC53RDCbMjTEpo0FCuMSShlKWdwWjY1J+RpT3CL/21z4nXqVBYF1orkUScH8Nlabocraqk8lmpNBlKCUV77lk9mRsLkWhg+XjhvQXL1xfH8zAg1CntEZuaIMLUQ+5Gkw6BlO1qDRkmXS9UtV8Jt1rhjRtSrgN5lhztOCbQLRAtzKty/nMeClqsfT3nL2hbDeh+b/rYc\" \"l2veZAqiGcR2/0bnKlt+Nb5lOBY3oZiYLmZ5g+l9UXVjGUq9jGAooIWpQvuRPmin3RX31kXfr1A+mDBEexiOL1dDST2Zx7i9puXbqYH0u0IxBpweHCO5UqWx52mdXBuhs+DCo/JoZAHU/6eRzK+Sps50LgLFSzJJNfGXk5PUKdww2GHbkK3mCYfoFCpB0SADzl42+1w6YZk1yXoPdOHtChfQpCgjtddf1W8Q09pYO1/bn4l0erdFQsWb1K\" \"4wEVOCn+hHWbV42V+J3TyGxQ4AM8KQ1OPvUEabyTyqcO4evBaH7/S2wA91Z9QDjTbKmlNovs5zoxuOM/mPGPUuQMvhjoAP+rg4AwJ3Xwd3GgUcqQflcokayUYdp7F3aKp1NWAR9ibseU/XBYsSF8Ucjqzf4DJFUfrgjHUr97st7g4HUCyXrQO4tyE0ytiX8OFjjIszWLmF+B7Vup9O7k+dNz2Vj2Vyzkq1UCAwEAAQ==\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_accounts_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "accounts"
-  value = hcloud_server.accounts.ipv4_address
-  type = "A"
+  name    = "accounts"
+  value   = hcloud_server.accounts.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_accounts_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "accounts"
-  value = hcloud_server.accounts.ipv6_address
-  type = "AAAA"
+  name    = "accounts"
+  value   = hcloud_server.accounts.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_apollo_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "apollo"
-  ttl = "600"
-  value = "138.201.81.199"
-  type = "A"
+  name    = "apollo"
+  ttl     = "600"
+  value   = "138.201.81.199"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_apollo_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "apollo"
-  ttl = "600"
-  value = "2a01:4f8:172:1d86::1"
-  type = "AAAA"
+  name    = "apollo"
+  ttl     = "600"
+  value   = "2a01:4f8:172:1d86::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_archive_gemini_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "archive.gemini"
-  value = "49.12.124.107"
-  type = "A"
+  name    = "archive.gemini"
+  value   = "49.12.124.107"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_aur_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur"
-  value = hcloud_server.aur.ipv4_address
-  type = "A"
+  name    = "aur"
+  value   = hcloud_server.aur.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_aur_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur"
-  value = hcloud_server.aur.ipv6_address
-  type = "AAAA"
+  name    = "aur"
+  value   = hcloud_server.aur.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_aur_mx" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur"
-  ttl = "600"
-  value = "10 mx"
-  type = "MX"
+  name    = "aur"
+  ttl     = "600"
+  value   = "10 mx"
+  type    = "MX"
 }

 resource "hetznerdns_record" "archlinux_org_aur_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur"
-  ttl = "600"
-  value = "\"v=spf1 a ?all\""
-  type = "TXT"
+  name    = "aur"
+  ttl     = "600"
+  value   = "\"v=spf1 a ?all\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_aur_dev_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur-dev"
-  value = hcloud_server.aur-dev.ipv4_address
-  type = "A"
+  name    = "aur-dev"
+  value   = hcloud_server.aur-dev.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_aur_dev_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur-dev"
-  value = hcloud_server.aur-dev.ipv6_address
-  type = "AAAA"
+  name    = "aur-dev"
+  value   = hcloud_server.aur-dev.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_aur4_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur4"
-  value = "5.9.250.164"
-  type = "A"
+  name    = "aur4"
+  value   = "5.9.250.164"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_aur4_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "aur4"
-  value = "2a01:4f8:160:3033::2"
-  type = "AAAA"
+  name    = "aur4"
+  value   = "2a01:4f8:160:3033::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_bbs_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "bbs"
-  value = hcloud_server.bbs.ipv4_address
-  type = "A"
+  name    = "bbs"
+  value   = hcloud_server.bbs.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_bbs_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "bbs"
-  value = hcloud_server.bbs.ipv6_address
-  type = "AAAA"
+  name    = "bbs"
+  value   = hcloud_server.bbs.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_bugs_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "bugs"
-  value = hcloud_server.bugs.ipv4_address
-  type = "A"
+  name    = "bugs"
+  value   = hcloud_server.bugs.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_bugs_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "bugs"
-  value = hcloud_server.bugs.ipv6_address
-  type = "AAAA"
+  name    = "bugs"
+  value   = hcloud_server.bugs.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_dragon_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "dragon"
-  value = "195.201.167.210"
-  type = "A"
+  name    = "dragon"
+  value   = "195.201.167.210"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_dragon_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "dragon"
-  value = "2a01:4f8:13a:102a::2"
-  type = "AAAA"
+  name    = "dragon"
+  value   = "2a01:4f8:13a:102a::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_gemini_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "gemini"
-  value = "49.12.124.107"
-  type = "A"
+  name    = "gemini"
+  value   = "49.12.124.107"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_gemini_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "gemini"
-  value = "2a01:4f8:242:5614::2"
-  type = "AAAA"
+  name    = "gemini"
+  value   = "2a01:4f8:242:5614::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_gitlab_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "gitlab"
-  value = hcloud_server.gitlab.ipv4_address
-  type = "A"
+  name    = "gitlab"
+  value   = hcloud_server.gitlab.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_gitlab_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "gitlab"
-  value = hcloud_server.gitlab.ipv6_address
-  type = "AAAA"
+  name    = "gitlab"
+  value   = hcloud_server.gitlab.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_homedir_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "homedir"
-  value = hcloud_server.homedir.ipv4_address
-  type = "A"
+  name    = "homedir"
+  value   = hcloud_server.homedir.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_homedir_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "homedir"
-  value = hcloud_server.homedir.ipv6_address
-  type = "AAAA"
+  name    = "homedir"
+  value   = hcloud_server.homedir.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_lists_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "lists"
-  value = "5.9.250.164"
-  type = "A"
+  name    = "lists"
+  value   = "5.9.250.164"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_lists_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "lists"
-  value = "2a01:4f8:160:3033::2"
-  type = "AAAA"
+  name    = "lists"
+  value   = "2a01:4f8:160:3033::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_lists_mx" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "lists"
-  ttl = "600"
-  value = "10 luna"
-  type = "MX"
+  name    = "lists"
+  ttl     = "600"
+  value   = "10 luna"
+  type    = "MX"
 }

 resource "hetznerdns_record" "archlinux_org_luna_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna"
-  ttl = "600"
-  value = "5.9.250.164"
-  type = "A"
+  name    = "luna"
+  ttl     = "600"
+  value   = "5.9.250.164"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_luna_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna"
-  ttl = "600"
-  value = "2a01:4f8:160:3033::2"
-  type = "AAAA"
+  name    = "luna"
+  ttl     = "600"
+  value   = "2a01:4f8:160:3033::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_luna_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna._domainkey"
-  ttl = "600"
-  value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
-  type = "TXT"
+  name    = "luna._domainkey"
+  ttl     = "600"
+  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_luna2_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna2._domainkey"
-  ttl = "600"
-  value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
-  type = "TXT"
+  name    = "luna2._domainkey"
+  ttl     = "600"
+  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXrAPvtdX8Jrk4zmyk8w9T2zdAJGe7z0+4XHWWiuzH8Zse6S7oXiS9CVaPOsu0TZqHqhuclASU7qh0NXFwWyi2xRPyJOqH2Clu7vHS3j5F4TjURFOp4/EbA0iQu4rbItl4AU11z2pGSEj5SykUsrH+jjdqzNqAG9d4lNvkTs6RRzPF3KhhY+XljaeysEyDSS4ap4E0DYcduSIX\" \"oD1exFv4SEbXThD9PC1u81w4xusnmwmfHtR7aazeqPDP+S+FqDRy2woCaQb/VMbqMYVuWTVKJ2RxFyTKredOOV2c5kzih7GViwoetll/rTqO4aVbeir9K4f6YZg85dSQtVwEat7LV+zBnQwp3ivWkrIk8VEdSsCSaJlgattBiPHsfFFv1xw4qi3h+UvfCGgz35dtlnzd/noGhNARg0Z+kaMSTjy75V1mKx5sCH0o8nAX2XU8akJfLz58Vg\" \"kTx/sfealtwNA0gTy1t1jV8q0OF5RA0IeMRgCzeH2USOZI98W+EAUsGG5653Vzmp3FJRWp1tWJwRJ0M/aZ3ka/G1iTx3rNNcadVk+4q3gz3KnlAlun+m58y8pNWKjYuxmu9xkDRwM/33rv98j0R8HZO7HFL+1vjKkxSEuzmnTQ2O9F76/OsQoDPZ1Z6nJRvK8ts8PQr4ASKohby62+1F1M8U2Xn7u84dYLUCAwEAAQ==\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_mailman3_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "mailman3"
-  value = hcloud_server.mailman3.ipv4_address
-  type = "A"
+  name    = "mailman3"
+  value   = hcloud_server.mailman3.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_master_key_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "master-key"
-  value = "138.201.81.199"
-  type = "A"
+  name    = "master-key"
+  value   = "138.201.81.199"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_master_key_mx" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "master-key"
-  ttl = "600"
-  value = "10 mx"
-  type = "MX"
+  name    = "master-key"
+  ttl     = "600"
+  value   = "10 mx"
+  type    = "MX"
 }

 resource "hetznerdns_record" "archlinux_org_matrix_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "matrix"
-  value = hcloud_server.matrix.ipv4_address
-  type = "A"
+  name    = "matrix"
+  value   = hcloud_server.matrix.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_monitoring_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "monitoring"
-  value = hcloud_server.monitoring.ipv4_address
-  type = "A"
+  name    = "monitoring"
+  value   = hcloud_server.monitoring.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_monitoring_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "monitoring"
-  value = hcloud_server.monitoring.ipv6_address
-  type = "AAAA"
+  name    = "monitoring"
+  value   = hcloud_server.monitoring.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_mx_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "mx"
-  ttl = "600"
-  value = "88.198.91.70"
-  type = "A"
+  name    = "mx"
+  ttl     = "600"
+  value   = "88.198.91.70"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_mx_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "mx"
-  ttl = "600"
-  value = "2a01:4f8:160:6087::1"
-  type = "AAAA"
+  name    = "mx"
+  ttl     = "600"
+  value   = "2a01:4f8:160:6087::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_orion_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "orion"
-  ttl = "600"
-  value = "88.198.91.70"
-  type = "A"
+  name    = "orion"
+  ttl     = "600"
+  value   = "88.198.91.70"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_orion_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "orion"
-  ttl = "600"
-  value = "2a01:4f8:160:6087::1"
-  type = "AAAA"
+  name    = "orion"
+  ttl     = "600"
+  value   = "2a01:4f8:160:6087::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_orion_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "orion._domainkey"
-  ttl = "600"
-  value = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyK/JZ94O4TXYnmDhWTdbouEsLI3cBBbocliExS9Xa1si7dWMT22y619EhtHx5hRvSlN+ur3eaUC/85MN30dEDYTxO4EnNjgNRqQlE2NHd6lpAlpfHpE2vd5YcJMcx1/gy1PBCWiGv3F6n+XpoPby0Ayy0UhklQZ/gRRuspinxACDzWCMp7prncGOF42TnU81sKAVGGAmrt6Hpz\" \"wzq218BFWbxjcEIfSR+7rJXVT2DmPxBzuic0iXJhZSHmyODf7R3eAmvHgEUnz4+tk4PyXhBzp04bkMcV/I4NWS4juPqeb5x0dl0i9YYhqDPArnxnKBSyz6ABJLY1NE+5UJaxNnGLgsimvn4qt/uWxC/TuqjhNA7LcdqMUboWEB85mhabr3WNbabOhOXgEQQfh43g/E81ddEfLlXKL69D7B5YE6QjwsqKYb+fogpXiqMjoLKp9SHvuyqX+A\" \"eFFgrX8bcP2bzGjO5M8T+kT8K+OJeqdwEXBHyBFY9cCSrekYPa9zVQltw4TR4QTacz0UTAQOFwn6M+y2guXROlfImJm6PZrbPsqPUFjaf3vVw3/TdUTA32CuXdIZc9O7PZQUjIMPI2lTX3U6XRPk9zG0PqGYkRfYnYVD+1es44zgOGU8RTe1beQXKYqv9vjMQB67hcYUPUv0ZO++TmztvUjMJPvfJT7SOkkCAwEAAQ==\" "
-  type = "TXT"
+  name    = "orion._domainkey"
+  ttl     = "600"
+  value   = "\"v=DKIM1; k=rsa; s=email; \" \"p=MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyK/JZ94O4TXYnmDhWTdbouEsLI3cBBbocliExS9Xa1si7dWMT22y619EhtHx5hRvSlN+ur3eaUC/85MN30dEDYTxO4EnNjgNRqQlE2NHd6lpAlpfHpE2vd5YcJMcx1/gy1PBCWiGv3F6n+XpoPby0Ayy0UhklQZ/gRRuspinxACDzWCMp7prncGOF42TnU81sKAVGGAmrt6Hpz\" \"wzq218BFWbxjcEIfSR+7rJXVT2DmPxBzuic0iXJhZSHmyODf7R3eAmvHgEUnz4+tk4PyXhBzp04bkMcV/I4NWS4juPqeb5x0dl0i9YYhqDPArnxnKBSyz6ABJLY1NE+5UJaxNnGLgsimvn4qt/uWxC/TuqjhNA7LcdqMUboWEB85mhabr3WNbabOhOXgEQQfh43g/E81ddEfLlXKL69D7B5YE6QjwsqKYb+fogpXiqMjoLKp9SHvuyqX+A\" \"eFFgrX8bcP2bzGjO5M8T+kT8K+OJeqdwEXBHyBFY9cCSrekYPa9zVQltw4TR4QTacz0UTAQOFwn6M+y2guXROlfImJm6PZrbPsqPUFjaf3vVw3/TdUTA32CuXdIZc9O7PZQUjIMPI2lTX3U6XRPk9zG0PqGYkRfYnYVD+1es44zgOGU8RTe1beQXKYqv9vjMQB67hcYUPUv0ZO++TmztvUjMJPvfJT7SOkkCAwEAAQ==\" "
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_phrik_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "phrik"
-  value = hcloud_server.phrik.ipv4_address
-  type = "A"
+  name    = "phrik"
+  value   = hcloud_server.phrik.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_quassel_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "quassel"
-  value = hcloud_server.quassel.ipv4_address
-  type = "A"
+  name    = "quassel"
+  value   = hcloud_server.quassel.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_quassel_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "quassel"
-  value = hcloud_server.quassel.ipv6_address
-  type = "AAAA"
+  name    = "quassel"
+  value   = hcloud_server.quassel.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_reproducible_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "reproducible"
-  value = hcloud_server.reproducible.ipv4_address
-  type = "A"
+  name    = "reproducible"
+  value   = hcloud_server.reproducible.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_runner2_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "runner2"
-  value = "147.75.80.217"
-  type = "A"
+  name    = "runner2"
+  value   = "147.75.80.217"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_runner2_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "runner2"
-  value = "2604:1380:2001:4500::3"
-  type = "AAAA"
+  name    = "runner2"
+  value   = "2604:1380:2001:4500::3"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_secure_runner1_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "secure-runner1"
-  value = "116.202.134.150"
-  type = "A"
+  name    = "secure-runner1"
+  value   = "116.202.134.150"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_secure_runner1_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "secure-runner1"
-  value = "2a01:4f8:231:4e1e::2"
-  type = "AAAA"
+  name    = "secure-runner1"
+  value   = "2a01:4f8:231:4e1e::2"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_secure_runner2_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "secure-runner2"
-  value = hcloud_server.secure-runner2.ipv4_address
-  type = "A"
+  name    = "secure-runner2"
+  value   = hcloud_server.secure-runner2.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_secure_runner2_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "secure-runner2"
-  value = hcloud_server.secure-runner2.ipv6_address
-  type = "AAAA"
+  name    = "secure-runner2"
+  value   = hcloud_server.secure-runner2.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_svn2gittest_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "svn2gittest"
-  value = hcloud_server.svn2gittest.ipv4_address
-  type = "A"
+  name    = "svn2gittest"
+  value   = hcloud_server.svn2gittest.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_svn2gittest_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "svn2gittest"
-  value = hcloud_server.svn2gittest.ipv6_address
-  type = "AAAA"
+  name    = "svn2gittest"
+  value   = hcloud_server.svn2gittest.ipv6_address
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_state_a" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "state"
-  value = "116.203.16.252"
-  type = "A"
+  name    = "state"
+  value   = "116.203.16.252"
+  type    = "A"
 }

 resource "hetznerdns_record" "archlinux_org_state_aaaa" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "state"
-  value = "2a01:4f8:c2c:474::1"
-  type = "AAAA"
+  name    = "state"
+  value   = "2a01:4f8:c2c:474::1"
+  type    = "AAAA"
 }

 resource "hetznerdns_record" "archlinux_org_archive_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "archive"
-  value = "gemini"
-  type = "CNAME"
+  name    = "archive"
+  value   = "gemini"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_conf_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "conf"
-  value = "apollo"
-  type = "CNAME"
+  name    = "conf"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_dev_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "dev"
-  value = "apollo"
-  type = "CNAME"
+  name    = "dev"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_g2kjxsblac7x_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "g2kjxsblac7x"
-  value = "gv-i5y6mnrelvpfiu.dv.googlehosted.com."
-  type = "CNAME"
+  name    = "g2kjxsblac7x"
+  value   = "gv-i5y6mnrelvpfiu.dv.googlehosted.com."
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_git_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "git"
-  value = "luna"
-  type = "CNAME"
+  name    = "git"
+  value   = "luna"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_grafana_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "grafana"
-  value = "apollo"
-  type = "CNAME"
+  name    = "grafana"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_ipxe_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "ipxe"
-  value = "apollo"
-  type = "CNAME"
+  name    = "ipxe"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_kanboard_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "kanboard"
-  value = "apollo"
-  type = "CNAME"
+  name    = "kanboard"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_luna2_domainkey_aur_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna2._domainkey.aur"
-  value = "luna2._domainkey"
-  type = "CNAME"
+  name    = "luna2._domainkey.aur"
+  value   = "luna2._domainkey"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_luna2_domainkey_lists_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "luna2._domainkey.lists"
-  value = "luna2._domainkey"
-  type = "CNAME"
+  name    = "luna2._domainkey.lists"
+  value   = "luna2._domainkey"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_mail_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "mail"
-  value = "orion"
-  type = "CNAME"
+  name    = "mail"
+  value   = "orion"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_mailman_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "mailman"
-  value = "apollo"
-  type = "CNAME"
+  name    = "mailman"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_openpgpkey_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "openpgpkey"
-  value = "orion"
-  type = "CNAME"
+  name    = "openpgpkey"
+  value   = "orion"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_packages_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "packages"
-  value = "apollo"
-  type = "CNAME"
+  name    = "packages"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_patchwork_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "patchwork"
-  value = "apollo"
-  type = "CNAME"
+  name    = "patchwork"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_planet_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "planet"
-  value = "apollo"
-  type = "CNAME"
+  name    = "planet"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_projects_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "projects"
-  value = "luna"
-  type = "CNAME"
+  name    = "projects"
+  value   = "luna"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_repos_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "repos"
-  value = "gemini"
-  type = "CNAME"
+  name    = "repos"
+  value   = "gemini"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_rsync_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "rsync"
-  value = "gemini"
-  type = "CNAME"
+  name    = "rsync"
+  value   = "gemini"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_security_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "security"
-  value = "apollo"
-  type = "CNAME"
+  name    = "security"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_sources_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "sources"
-  value = "gemini"
-  type = "CNAME"
+  name    = "sources"
+  value   = "gemini"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_static_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "static"
-  value = "apollo"
-  type = "CNAME"
+  name    = "static"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_static_conf_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "static.conf"
-  value = "apollo"
-  type = "CNAME"
+  name    = "static.conf"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_status_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "status"
-  value = "stats.uptimerobot.com."
-  type = "CNAME"
+  name    = "status"
+  value   = "stats.uptimerobot.com."
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_svn_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "svn"
-  value = "gemini"
-  type = "CNAME"
+  name    = "svn"
+  value   = "gemini"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_wiki_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "wiki"
-  value = "apollo"
-  type = "CNAME"
+  name    = "wiki"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_www_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "www"
-  value = "apollo"
-  type = "CNAME"
+  name    = "www"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_zabbix_cname" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "zabbix"
-  value = "apollo"
-  type = "CNAME"
+  name    = "zabbix"
+  value   = "apollo"
+  type    = "CNAME"
 }

 resource "hetznerdns_record" "archlinux_org_matrix_tcp_srv" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "_matrix._tcp"
-  value = "10 0 8448 matrix"
-  type = "SRV"
+  name    = "_matrix._tcp"
+  value   = "10 0 8448 matrix"
+  type    = "SRV"
 }

 resource "hetznerdns_record" "archlinux_org_dmarc_txt" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "_dmarc"
-  value = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
-  type = "TXT"
+  name    = "_dmarc"
+  value   = "\"v=DMARC1; p=none; rua=mailto:dmarc-reports@archlinux.org; ruf=mailto:dmarc-reports@archlinux.org;\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "_github-challenge-archlinux"
-  value = "\"824af4446e\""
-  type = "TXT"
+  name    = "_github-challenge-archlinux"
+  value   = "\"824af4446e\""
+  type    = "TXT"
 }

 resource "hetznerdns_record" "archlinux_org_github_challenge_archlinux_www" {
  zone_id = hetznerdns_zone.archlinux.id
-  name = "_github-challenge-archlinux.www"
-  value = "\"b53f311f86\""
-  type = "TXT"
+  name    = "_github-challenge-archlinux.www"
+  value   = "\"b53f311f86\""
+  type    = "TXT"
 }

 resource "hcloud_rdns" "quassel_ipv4" {
@@ -959,8 +959,8 @@ resource "hcloud_server" "gitlab" {
 }

 resource "hcloud_volume" "gitlab" {
-  name = "gitlab"
-  size = 1000
+  name      = "gitlab"
+  size      = 1000
  server_id = hcloud_server.gitlab.id
 }

@@ -1004,7 +1004,7 @@ resource "hcloud_server" "accounts" {
  server_type = "cx11"
  provisioner "local-exec" {
    working_dir = ".."
-    command = "ansible-playbook --ssh-extra-args '-o StrictHostKeyChecking=no' playbooks/accounts.archlinux.org.yml"
+    command     = "ansible-playbook --ssh-extra-args '-o StrictHostKeyChecking=no' playbooks/accounts.archlinux.org.yml"
  }
  lifecycle {
    ignore_changes = [image]
@@ -1012,8 +1012,8 @@ resource "hcloud_server" "accounts" {
 }

 resource "hcloud_volume" "mirror" {
-  name = "mirror"
-  size = 100
+  name      = "mirror"
+  size      = 100
  server_id = hcloud_server.mirror.id
 }

@@ -1041,8 +1041,8 @@ resource "hcloud_server" "mirror" {
 # TODO: This is a temporary box!
 # Delete it in 2021.
 resource "hcloud_volume" "archconfbox" {
-  name = "archconfbox"
-  size = 800
+  name      = "archconfbox"
+  size      = 800
  server_id = hcloud_server.archconfbox.id
 }

@@ -1069,16 +1069,16 @@ resource "hcloud_server" "archconfbox" {

 resource "hetznerdns_record" "pkgbuild_com_archconfbox_a" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "archconfbox"
-  value = hcloud_server.archconfbox.ipv4_address
-  type = "A"
+  name    = "archconfbox"
+  value   = hcloud_server.archconfbox.ipv4_address
+  type    = "A"
 }

 resource "hetznerdns_record" "pkgbuild_com_archconfbox_aaaa" {
  zone_id = hetznerdns_zone.pkgbuild.id
-  name = "archconfbox"
-  value = hcloud_server.archconfbox.ipv6_address
-  type = "AAAA"
+  name    = "archconfbox"
+  value   = hcloud_server.archconfbox.ipv6_address
+  type    = "AAAA"
 }


@@ -1104,8 +1104,8 @@ resource "hcloud_server" "homedir" {
 }

 resource "hcloud_volume" "homedir" {
-  name = "homedir"
-  size = 100
+  name      = "homedir"
+  size      = 100
  server_id = hcloud_server.homedir.id
 }


--- a/tf-stage2/keycloak.tf
+++ b/tf-stage2/keycloak.tf
@@ -10,54 +10,54 @@ data "external" "vault_keycloak" {
    "vault_keycloak_admin_password",
    "vault_keycloak_smtp_user",
    "vault_keycloak_smtp_password",
-    "--format", "json"]
+  "--format", "json"]
 }

 data "external" "vault_google" {
  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_google.yml",
    "vault_google_recaptcha_site_key",
    "vault_google_recaptcha_secret_key",
-    "--format", "json"]
+  "--format", "json"]
 }

 data "external" "vault_github" {
  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_github.yml",
    "vault_github_oauth_app_client_id",
    "vault_github_oauth_app_client_secret",
-    "--format", "json"]
+  "--format", "json"]
 }

 data "external" "vault_monitoring" {
  program = ["${path.module}/../misc/get_key.py", "group_vars/all/vault_monitoring.yml",
    "vault_monitoring_grafana_client_secret",
-    "--format", "json"]
+  "--format", "json"]
 }

 provider "keycloak" {
  client_id = "admin-cli"
-  username = data.external.vault_keycloak.result.vault_keycloak_admin_user
-  password = data.external.vault_keycloak.result.vault_keycloak_admin_password
-  url = "https://accounts.archlinux.org"
+  username  = data.external.vault_keycloak.result.vault_keycloak_admin_user
+  password  = data.external.vault_keycloak.result.vault_keycloak_admin_password
+  url       = "https://accounts.archlinux.org"
 }

 variable "gitlab_instance" {
  default = {
-    root_url = "https://gitlab.archlinux.org"
+    root_url          = "https://gitlab.archlinux.org"
    saml_redirect_url = "https://gitlab.archlinux.org/users/auth/saml/callback"
  }
 }

 resource "keycloak_realm" "archlinux" {
-  realm = "archlinux"
-  enabled = true
-  remember_me = true
-  display_name = "Arch Linux"
+  realm             = "archlinux"
+  enabled           = true
+  remember_me       = true
+  display_name      = "Arch Linux"
  display_name_html = "<div class=\"kc-logo-text\"><span>Arch Linux</span></div>"

-  reset_password_allowed = true
-  verify_email = true
+  reset_password_allowed   = true
+  verify_email             = true
  login_with_email_allowed = true
-  password_policy = "length(8) and notUsername"
+  password_policy          = "length(8) and notUsername"

  web_authn_policy {
    relying_party_entity_name = "Arch Linux SSO"
@@ -65,21 +65,21 @@ resource "keycloak_realm" "archlinux" {
    signature_algorithms      = ["ES256", "RS256", "ES512", "RS512"]
  }

-  login_theme = "archlinux"
+  login_theme   = "archlinux"
  account_theme = "archlinux"
-  admin_theme = "archlinux"
+  admin_theme   = "archlinux"

-  browser_flow = "Arch Browser"
-  registration_flow = "Arch Registration"
+  browser_flow           = "Arch Browser"
+  registration_flow      = "Arch Registration"
  reset_credentials_flow = "Arch Reset Credentials"

  smtp_server {
-    host = "mail.archlinux.org"
-    from = "accounts@archlinux.org"
-    port = "587"
+    host              = "mail.archlinux.org"
+    from              = "accounts@archlinux.org"
+    port              = "587"
    from_display_name = "Arch Linux Accounts"
-    ssl = false
-    starttls = true
+    ssl               = false
+    starttls          = true

    auth {
      username = data.external.vault_keycloak.result.vault_keycloak_smtp_user
@@ -98,70 +98,70 @@ resource "keycloak_realm" "archlinux" {
      strict_transport_security           = "max-age=31536000; includeSubDomains"
    }
    brute_force_detection {
-      permanent_lockout                 = false
-      max_login_failures                = 30
-      wait_increment_seconds            = 60
-      quick_login_check_milli_seconds   = 1000
-      minimum_quick_login_wait_seconds  = 60
-      max_failure_wait_seconds          = 900
-      failure_reset_time_seconds        = 43200
+      permanent_lockout                = false
+      max_login_failures               = 30
+      wait_increment_seconds           = 60
+      quick_login_check_milli_seconds  = 1000
+      minimum_quick_login_wait_seconds = 60
+      max_failure_wait_seconds         = 900
+      failure_reset_time_seconds       = 43200
    }
  }
 }

 resource "keycloak_required_action" "configure_otp" {
-  realm_id  = "archlinux"
-  alias     = "CONFIGURE_TOTP"
-  enabled   = true
-  name      = "Configure OTP"
-  priority  = 0
+  realm_id = "archlinux"
+  alias    = "CONFIGURE_TOTP"
+  enabled  = true
+  name     = "Configure OTP"
+  priority = 0
 }

 resource "keycloak_required_action" "update_password" {
-  realm_id  = "archlinux"
-  alias     = "UPDATE_PASSWORD"
-  enabled   = true
-  name      = "Update Password"
-  priority  = 20
+  realm_id = "archlinux"
+  alias    = "UPDATE_PASSWORD"
+  enabled  = true
+  name     = "Update Password"
+  priority = 20
 }

 resource "keycloak_required_action" "update_profile" {
-  realm_id  = "archlinux"
-  alias     = "UPDATE_PROFILE"
-  enabled   = true
-  name      = "Update Profile"
-  priority  = 30
+  realm_id = "archlinux"
+  alias    = "UPDATE_PROFILE"
+  enabled  = true
+  name     = "Update Profile"
+  priority = 30
 }

 resource "keycloak_required_action" "verify_email" {
-  realm_id  = "archlinux"
-  alias     = "VERIFY_EMAIL"
-  enabled   = true
-  name      = "Verify Email"
-  priority  = 40
+  realm_id = "archlinux"
+  alias    = "VERIFY_EMAIL"
+  enabled  = true
+  name     = "Verify Email"
+  priority = 40
 }

 resource "keycloak_required_action" "update_user_locale" {
-  realm_id  = "archlinux"
-  alias     = "update_user_locale"
-  enabled   = true
-  name      = "Update User Locale"
-  priority  = 50
+  realm_id = "archlinux"
+  alias    = "update_user_locale"
+  enabled  = true
+  name     = "Update User Locale"
+  priority = 50
 }

 resource "keycloak_required_action" "webauthn_register" {
-  realm_id  = "archlinux"
-  alias     = "webauthn-register"
-  enabled   = true
-  name      = "Webauthn Register"
-  priority  = 60
+  realm_id = "archlinux"
+  alias    = "webauthn-register"
+  enabled  = true
+  name     = "Webauthn Register"
+  priority = 60
 }

 resource "keycloak_realm_events" "realm_events" {
  realm_id = "archlinux"

-  events_enabled       = true
-  events_expiration    = 7889238  # 3 months
+  events_enabled    = true
+  events_expiration = 7889238 # 3 months

  admin_events_enabled         = true
  admin_events_details_enabled = true
@@ -171,47 +171,47 @@ resource "keycloak_realm_events" "realm_events" {
  ]

  events_listeners = [
-    "jboss-logging", # keycloak enables the 'jboss-logging' event listener by default.
+    "jboss-logging",    # keycloak enables the 'jboss-logging' event listener by default.
    "metrics-listener", # enable the prometheus exporter (keycloak-metrics-spi)
  ]
 }

 resource "keycloak_oidc_identity_provider" "realm_identity_provider" {
-  realm = "archlinux"
-  alias = "github"
-  provider_id = "github"
-  authorization_url = "https://accounts.archlinux.org/auth/realms/archlinux/broker/github/endpoint"
-  client_id = data.external.vault_github.result.vault_github_oauth_app_client_id
-  client_secret = data.external.vault_github.result.vault_github_oauth_app_client_secret
-  token_url = ""
-  default_scopes = ""
+  realm                        = "archlinux"
+  alias                        = "github"
+  provider_id                  = "github"
+  authorization_url            = "https://accounts.archlinux.org/auth/realms/archlinux/broker/github/endpoint"
+  client_id                    = data.external.vault_github.result.vault_github_oauth_app_client_id
+  client_secret                = data.external.vault_github.result.vault_github_oauth_app_client_secret
+  token_url                    = ""
+  default_scopes               = ""
  post_broker_login_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
-  enabled = false
-  trust_email = false
-  store_token = false
-  backchannel_supported = false
+  enabled                      = false
+  trust_email                  = false
+  store_token                  = false
+  backchannel_supported        = false
  extra_config = {
    syncMode = "IMPORT"
  }
 }

 resource "keycloak_saml_client" "saml_gitlab" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = "saml_gitlab"

-  name = "Arch Linux Accounts"
+  name    = "Arch Linux Accounts"
  enabled = true

  signature_algorithm = "RSA_SHA256"
-  sign_documents = true
-  sign_assertions = true
+  sign_documents      = true
+  sign_assertions     = true

  valid_redirect_uris = [
    var.gitlab_instance.saml_redirect_url
  ]

-  root_url = var.gitlab_instance.root_url
-  base_url = "/"
+  root_url                   = var.gitlab_instance.root_url
+  base_url                   = "/"
  master_saml_processing_url = var.gitlab_instance.saml_redirect_url
  idp_initiated_sso_url_name = "saml_gitlab"

@@ -221,61 +221,61 @@ resource "keycloak_saml_client" "saml_gitlab" {
 // This client is only used for the return URL redirect hack!
 // See roles/gitlab/tasks/main.yml
 resource "keycloak_openid_client" "openid_gitlab" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = "openid_gitlab"

-  name = "Arch Linux Accounts"
+  name    = "Arch Linux Accounts"
  enabled = true

-  access_type = "PUBLIC"
+  access_type           = "PUBLIC"
  standard_flow_enabled = true
-  full_scope_allowed = false
+  full_scope_allowed    = false
  valid_redirect_uris = [
    "https://gitlab.archlinux.org"
  ]
 }

 resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_email" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = keycloak_saml_client.saml_gitlab.id

-  name = "email"
-  user_property = "Email"
-  friendly_name = "Email"
-  saml_attribute_name = "email"
+  name                       = "email"
+  user_property              = "Email"
+  friendly_name              = "Email"
+  saml_attribute_name        = "email"
  saml_attribute_name_format = "Basic"
 }

 resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_first_name" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = keycloak_saml_client.saml_gitlab.id

-  name = "first_name"
-  user_property = "FirstName"
-  friendly_name = "First Name"
-  saml_attribute_name = "first_name"
+  name                       = "first_name"
+  user_property              = "FirstName"
+  friendly_name              = "First Name"
+  saml_attribute_name        = "first_name"
  saml_attribute_name_format = "Basic"
 }

 resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_last_name" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = keycloak_saml_client.saml_gitlab.id

-  name = "last_name"
-  user_property = "LastName"
-  friendly_name = "Last Name"
-  saml_attribute_name = "last_name"
+  name                       = "last_name"
+  user_property              = "LastName"
+  friendly_name              = "Last Name"
+  saml_attribute_name        = "last_name"
  saml_attribute_name_format = "Basic"
 }

 resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  client_id = keycloak_saml_client.saml_gitlab.id

-  name = "username"
-  user_property = "Username"
-  friendly_name = "Username"
-  saml_attribute_name = "username"
+  name                       = "username"
+  user_property              = "Username"
+  friendly_name              = "Username"
+  saml_attribute_name        = "username"
  saml_attribute_name_format = "Basic"
 }

@@ -305,101 +305,101 @@ resource "keycloak_saml_user_property_protocol_mapper" "gitlab_saml_username" {
 //    |- Testers
 resource "keycloak_group" "staff" {
  realm_id = "archlinux"
-  name = "Arch Linux Staff"
+  name     = "Arch Linux Staff"
 }

 resource "keycloak_group" "staff_groups" {
  for_each = toset(["DevOps", "Developers", "Trusted Users", "Wiki", "Forum", "Security Team", "IRC", "Archweb", "Bug Wranglers"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff.id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "staff_wiki_groups" {
  for_each = toset(["Admins"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff_groups["Wiki"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "staff_forum_groups" {
  for_each = toset(["Admins", "Mods"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff_groups["Forum"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "staff_securityteam_groups" {
  for_each = toset(["Admins", "Members"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff_groups["Security Team"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "staff_irc_groups" {
  for_each = toset(["Ops"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff_groups["IRC"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "staff_archweb_groups" {
  for_each = toset(["Mirrorlist Maintainers"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.staff_groups["Archweb"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "externalcontributors" {
  realm_id = "archlinux"
-  name = "External Contributors"
+  name     = "External Contributors"
 }

 resource "keycloak_group" "externalcontributors_groups" {
  for_each = toset(["Security Team", "Archweb"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.externalcontributors.id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "externalcontributors_securityteam_groups" {
  for_each = toset(["Reporters"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.externalcontributors_groups["Security Team"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_group" "externalcontributors_archweb_groups" {
  for_each = toset(["Testers"])

-  realm_id = "archlinux"
+  realm_id  = "archlinux"
  parent_id = keycloak_group.externalcontributors_groups["Archweb"].id
-  name = each.value
+  name      = each.value
 }

 resource "keycloak_role" "devops" {
-  realm_id = "archlinux"
-  name = "DevOps"
+  realm_id    = "archlinux"
+  name        = "DevOps"
  description = "Role held by members of the DevOps group"
 }

 resource "keycloak_role" "staff" {
-  realm_id = "archlinux"
-  name = "Staff"
+  realm_id    = "archlinux"
+  name        = "Staff"
  description = "Role held by all Arch Linux staff"
 }

 resource "keycloak_role" "externalcontributor" {
-  realm_id = "archlinux"
-  name = "External Contributor"
+  realm_id    = "archlinux"
+  name        = "External Contributor"
  description = "Role held by external contributors working on Arch Linux projects without further access"
 }

@@ -429,59 +429,59 @@ resource "keycloak_group_roles" "externalcontributor" {

 // Add new custom registration flow with reCAPTCHA
 resource "keycloak_authentication_flow" "arch_registration_flow" {
-  realm_id = "archlinux"
-  alias = "Arch Registration"
+  realm_id    = "archlinux"
+  alias       = "Arch Registration"
  description = "Customized Registration flow that forces enables ReCAPTCHA."
 }

 resource "keycloak_authentication_subflow" "registration_form" {
-  realm_id = "archlinux"
-  alias = "Registration Form"
+  realm_id          = "archlinux"
+  alias             = "Registration Form"
  parent_flow_alias = keycloak_authentication_flow.arch_registration_flow.alias
-  provider_id = "form-flow"
-  authenticator = "registration-page-form"
-  requirement = "REQUIRED"
+  provider_id       = "form-flow"
+  authenticator     = "registration-page-form"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_execution" "registration_user_creation" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
-  authenticator = "registration-user-creation"
-  requirement = "REQUIRED"
+  authenticator     = "registration-user-creation"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_execution" "registration_profile_action" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
-  authenticator = "registration-profile-action"
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.registration_user_creation]
+  authenticator     = "registration-profile-action"
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.registration_user_creation]
 }

 resource "keycloak_authentication_execution" "registration_password_action" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
-  authenticator = "registration-password-action"
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.registration_profile_action]
+  authenticator     = "registration-password-action"
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.registration_profile_action]
 }

 resource "keycloak_authentication_execution" "registration_recaptcha_action" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.registration_form.alias
-  authenticator = "registration-recaptcha-action"
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.registration_password_action]
+  authenticator     = "registration-recaptcha-action"
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.registration_password_action]
 }

 resource "keycloak_authentication_execution_config" "registration_recaptcha_action_config" {
-  realm_id = "archlinux"
-  alias = "reCAPTCHA config"
+  realm_id     = "archlinux"
+  alias        = "reCAPTCHA config"
  execution_id = keycloak_authentication_execution.registration_recaptcha_action.id
  config = {
    "useRecaptchaNet" = "false",
-    "site.key" = data.external.vault_google.result.vault_google_recaptcha_site_key
-    "secret" = data.external.vault_google.result.vault_google_recaptcha_secret_key
+    "site.key"        = data.external.vault_google.result.vault_google_recaptcha_site_key
+    "secret"          = data.external.vault_google.result.vault_google_recaptcha_secret_key
  }
 }

@@ -511,78 +511,78 @@ resource "keycloak_authentication_execution_config" "registration_recaptcha_acti
 // tables on the Keycloak Postgres DB! Quality Red Hat software right there.

 resource "keycloak_authentication_flow" "arch_browser_flow" {
-  realm_id = "archlinux"
-  alias = "Arch Browser"
+  realm_id    = "archlinux"
+  alias       = "Arch Browser"
  description = "Customized Browser flow that forces 2FA."
 }

 resource "keycloak_authentication_execution" "cookie" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
-  authenticator = "auth-cookie"
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_flow.arch_browser_flow]
+  authenticator     = "auth-cookie"
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_flow.arch_browser_flow]
 }

 resource "keycloak_authentication_execution" "identity_provider_redirector" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
-  authenticator = "identity-provider-redirector"
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.cookie]
+  authenticator     = "identity-provider-redirector"
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.cookie]
 }

 resource "keycloak_authentication_subflow" "password_and_2fa" {
-  realm_id = "archlinux"
-  alias = "Password and 2FA subflow"
+  realm_id          = "archlinux"
+  alias             = "Password and 2FA subflow"
  parent_flow_alias = keycloak_authentication_flow.arch_browser_flow.alias
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.identity_provider_redirector]
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.identity_provider_redirector]
 }

 resource "keycloak_authentication_execution" "username_password_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.password_and_2fa.alias
-  authenticator = "auth-username-password-form"
-  requirement = "REQUIRED"
+  authenticator     = "auth-username-password-form"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_subflow" "_2fa" {
-  realm_id = "archlinux"
-  alias = "2FA subflow"
+  realm_id          = "archlinux"
+  alias             = "2FA subflow"
  parent_flow_alias = keycloak_authentication_subflow.password_and_2fa.alias
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.username_password_form]
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.username_password_form]
 }

 resource "keycloak_authentication_execution" "webauthn_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow._2fa.alias
-  authenticator = "webauthn-authenticator"
-  requirement = "ALTERNATIVE"
+  authenticator     = "webauthn-authenticator"
+  requirement       = "ALTERNATIVE"
 }

 resource "keycloak_authentication_execution" "otp_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow._2fa.alias
-  authenticator = "auth-otp-form"
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.webauthn_form]
+  authenticator     = "auth-otp-form"
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.webauthn_form]
 }

 resource "keycloak_authentication_subflow" "otp_default" {
-  realm_id = "archlinux"
-  alias = "OTP Default Subflow"
+  realm_id          = "archlinux"
+  alias             = "OTP Default Subflow"
  parent_flow_alias = keycloak_authentication_subflow._2fa.alias
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.otp_form]
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.otp_form]
 }

 resource "keycloak_authentication_execution" "otp_default_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.otp_default.alias
-  authenticator = "auth-otp-form"
-  requirement = "REQUIRED"
+  authenticator     = "auth-otp-form"
+  requirement       = "REQUIRED"
 }

 // Add new custom post-Identity Provider login flow with forced OTP for some user roles
@@ -594,39 +594,39 @@ resource "keycloak_authentication_execution" "otp_default_form" {
 //    |- OTP Form (R)

 resource "keycloak_authentication_flow" "arch_post_ipr_flow" {
-  realm_id = "archlinux"
-  alias = "Arch Post IPR Flow"
+  realm_id    = "archlinux"
+  alias       = "Arch Post IPR Flow"
  description = "Post IPR login flow that forces 2FA."
 }

 resource "keycloak_authentication_execution" "ipr_webauthn_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
-  authenticator = "webauthn-authenticator"
-  requirement = "ALTERNATIVE"
+  authenticator     = "webauthn-authenticator"
+  requirement       = "ALTERNATIVE"
 }

 resource "keycloak_authentication_execution" "ipr_otp_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
-  authenticator = "auth-otp-form"
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.ipr_webauthn_form]
+  authenticator     = "auth-otp-form"
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.ipr_webauthn_form]
 }

 resource "keycloak_authentication_subflow" "ipr_otp_default" {
-  realm_id = "archlinux"
-  alias = "IPR OTP Default Subflow"
+  realm_id          = "archlinux"
+  alias             = "IPR OTP Default Subflow"
  parent_flow_alias = keycloak_authentication_flow.arch_post_ipr_flow.alias
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.ipr_otp_form]
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.ipr_otp_form]
 }

 resource "keycloak_authentication_execution" "ipr_otp_default_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.ipr_otp_default.alias
-  authenticator = "auth-otp-form"
-  requirement = "REQUIRED"
+  authenticator     = "auth-otp-form"
+  requirement       = "REQUIRED"
 }

 // Add new custom Reset Credentials flow that asks users to verify 2FA before resetting their password
@@ -644,106 +644,106 @@ resource "keycloak_authentication_execution" "ipr_otp_default_form" {
 // |- Reset Password (R)

 resource "keycloak_authentication_flow" "arch_reset_credentials_flow" {
-  realm_id = "archlinux"
-  alias = "Arch Reset Credentials"
+  realm_id    = "archlinux"
+  alias       = "Arch Reset Credentials"
  description = "Reset credentials flow that forces 2FA verification before password reset."
 }

 resource "keycloak_authentication_execution" "rc_choose_user" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
-  authenticator = "reset-credentials-choose-user"
-  requirement = "REQUIRED"
+  authenticator     = "reset-credentials-choose-user"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_execution" "rc_reset_email" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
-  authenticator = "reset-credential-email"
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.rc_choose_user]
+  authenticator     = "reset-credential-email"
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.rc_choose_user]
 }

 resource "keycloak_authentication_subflow" "rc_conditional_2fa" {
-  realm_id = "archlinux"
-  alias = "Conditional Reset Credentials 2FA Subflow"
+  realm_id          = "archlinux"
+  alias             = "Conditional Reset Credentials 2FA Subflow"
  parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
-  requirement = "CONDITIONAL"
-  depends_on = [keycloak_authentication_execution.rc_choose_user]
+  requirement       = "CONDITIONAL"
+  depends_on        = [keycloak_authentication_execution.rc_choose_user]
 }

 resource "keycloak_authentication_execution" "rc_2fa_condition" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.rc_conditional_2fa.alias
-  authenticator = "conditional-user-configured"
-  requirement = "REQUIRED"
+  authenticator     = "conditional-user-configured"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_subflow" "rc_2fa" {
-  realm_id = "archlinux"
-  alias = "Reset Credentials 2FA Subflow"
+  realm_id          = "archlinux"
+  alias             = "Reset Credentials 2FA Subflow"
  parent_flow_alias = keycloak_authentication_subflow.rc_conditional_2fa.alias
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_execution.rc_2fa_condition]
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_execution.rc_2fa_condition]
 }

 resource "keycloak_authentication_execution" "rc_webauthn_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
-  authenticator = "webauthn-authenticator"
-  requirement = "ALTERNATIVE"
+  authenticator     = "webauthn-authenticator"
+  requirement       = "ALTERNATIVE"
 }

 resource "keycloak_authentication_execution" "rc_otp_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
-  authenticator = "auth-otp-form"
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.rc_webauthn_form]
+  authenticator     = "auth-otp-form"
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.rc_webauthn_form]
 }

 resource "keycloak_authentication_subflow" "rc_otp_default" {
-  realm_id = "archlinux"
-  alias = "Reset Credentials OTP Default Subflow"
+  realm_id          = "archlinux"
+  alias             = "Reset Credentials OTP Default Subflow"
  parent_flow_alias = keycloak_authentication_subflow.rc_2fa.alias
-  requirement = "ALTERNATIVE"
-  depends_on = [keycloak_authentication_execution.rc_otp_form]
+  requirement       = "ALTERNATIVE"
+  depends_on        = [keycloak_authentication_execution.rc_otp_form]
 }

 resource "keycloak_authentication_execution" "rc_otp_default_form" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_subflow.rc_otp_default.alias
-  authenticator = "auth-otp-form"
-  requirement = "REQUIRED"
+  authenticator     = "auth-otp-form"
+  requirement       = "REQUIRED"
 }

 resource "keycloak_authentication_execution" "rc_reset_password" {
-  realm_id = "archlinux"
+  realm_id          = "archlinux"
  parent_flow_alias = keycloak_authentication_flow.arch_reset_credentials_flow.alias
-  authenticator = "reset-password"
-  requirement = "REQUIRED"
-  depends_on = [keycloak_authentication_subflow.rc_conditional_2fa]
+  authenticator     = "reset-password"
+  requirement       = "REQUIRED"
+  depends_on        = [keycloak_authentication_subflow.rc_conditional_2fa]
 }

 output "gitlab_saml_configuration" {
  value = {
-    issuer = keycloak_saml_client.saml_gitlab.client_id
-    assertion_consumer_service_url = var.gitlab_instance.saml_redirect_url
-    admin_groups = [keycloak_role.devops.name]
-    idp_sso_target_url = "https://accounts.archlinux.org/auth/realms/archlinux/protocol/saml/clients/${keycloak_saml_client.saml_gitlab.client_id}"
+    issuer                          = keycloak_saml_client.saml_gitlab.client_id
+    assertion_consumer_service_url  = var.gitlab_instance.saml_redirect_url
+    admin_groups                    = [keycloak_role.devops.name]
+    idp_sso_target_url              = "https://accounts.archlinux.org/auth/realms/archlinux/protocol/saml/clients/${keycloak_saml_client.saml_gitlab.client_id}"
    signing_certificate_fingerprint = keycloak_saml_client.saml_gitlab.signing_certificate
  }
 }

 resource "keycloak_openid_client" "grafana_openid_client" {
-  realm_id = "archlinux"
-  client_id = "openid_grafana"
-  client_secret   = data.external.vault_monitoring.result.vault_monitoring_grafana_client_secret
+  realm_id      = "archlinux"
+  client_id     = "openid_grafana"
+  client_secret = data.external.vault_monitoring.result.vault_monitoring_grafana_client_secret

-  name = "Grafana"
+  name    = "Grafana"
  enabled = true

-  access_type = "CONFIDENTIAL"
+  access_type           = "CONFIDENTIAL"
  standard_flow_enabled = true
  valid_redirect_uris = [
    "https://monitoring.archlinux.org",
@@ -752,12 +752,12 @@ resource "keycloak_openid_client" "grafana_openid_client" {
 }

 resource "keycloak_openid_user_realm_role_protocol_mapper" "user_realm_role_mapper" {
-  realm_id        = "archlinux"
-  client_id       = keycloak_openid_client.grafana_openid_client.id
-  name            = "user realms"
+  realm_id  = "archlinux"
+  client_id = keycloak_openid_client.grafana_openid_client.id
+  name      = "user realms"

-  claim_name      = "roles"
-  multivalued     = true
-  add_to_id_token = false
+  claim_name          = "roles"
+  multivalued         = true
+  add_to_id_token     = false
  add_to_access_token = false
 }