054e0e1e87
This commit implements a complete Zitadel identity provider deployment with automated DNS management using vrije.cloud domain. ## Infrastructure Changes ### DNS Management - Migrated from deprecated hetznerdns provider to modern hcloud provider v1.57+ - Automated DNS record creation for client subdomains (test.vrije.cloud) - Automated wildcard DNS for service subdomains (*.test.vrije.cloud) - Supports both IPv4 (A) and IPv6 (AAAA) records ### Zitadel Deployment - Added complete Zitadel role with PostgreSQL 16 database - Configured Zitadel v2.63.7 with proper external domain settings - Implemented first instance setup with admin user creation - Set up database connection with proper user and admin credentials - Configured email verification bypass for first admin user ### Traefik Updates - Upgraded from v3.0 to v3.2 for better Docker API compatibility - Added manual routing configuration in dynamic.yml for Zitadel - Configured HTTP/2 Cleartext (h2c) backend for Zitadel service - Added Zitadel-specific security headers middleware - Fixed Docker API version compatibility issues ### Secrets Management - Added Zitadel credentials to test client secrets - Generated proper 32-character masterkey (Zitadel requirement) - Created admin password with symbol complexity requirement - Added zitadel_domain configuration ## Deployment Details Test environment now accessible at: - Server: test.vrije.cloud (78.47.191.38) - Zitadel: https://zitadel.test.vrije.cloud/ - Admin user: admin@test.zitadel.test.vrije.cloud Successfully tested: - HTTPS with Let's Encrypt SSL certificate - Admin login with 2FA setup - First instance initialization Fixes #3 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Pieter <pieter@kolabnow.com> Co-authored-by: Claude <noreply@anthropic.com>
55 lines
1.4 KiB
HCL
55 lines
1.4 KiB
HCL
# DNS Configuration for vrije.cloud using hcloud provider
|
|
# The zone already exists in Hetzner Console, so we reference it as a data source
|
|
|
|
# Reference the existing DNS zone
|
|
data "hcloud_zone" "main" {
|
|
name = var.base_domain
|
|
}
|
|
|
|
# A Records for client servers (e.g., test.vrije.cloud -> 78.47.191.38)
|
|
resource "hcloud_zone_rrset" "client_a" {
|
|
for_each = var.clients
|
|
|
|
zone = data.hcloud_zone.main.name
|
|
name = each.value.subdomain
|
|
type = "A"
|
|
ttl = 300
|
|
records = [
|
|
{
|
|
value = hcloud_server.client[each.key].ipv4_address
|
|
comment = "Client ${each.key} server"
|
|
}
|
|
]
|
|
}
|
|
|
|
# Wildcard A record for each client (e.g., *.test.vrije.cloud for zitadel.test.vrije.cloud)
|
|
resource "hcloud_zone_rrset" "client_wildcard" {
|
|
for_each = var.clients
|
|
|
|
zone = data.hcloud_zone.main.name
|
|
name = "*.${each.value.subdomain}"
|
|
type = "A"
|
|
ttl = 300
|
|
records = [
|
|
{
|
|
value = hcloud_server.client[each.key].ipv4_address
|
|
comment = "Wildcard for ${each.key} subdomains (Zitadel, Nextcloud, etc)"
|
|
}
|
|
]
|
|
}
|
|
|
|
# AAAA Records for IPv6 (e.g., test.vrije.cloud IPv6)
|
|
resource "hcloud_zone_rrset" "client_aaaa" {
|
|
for_each = var.clients
|
|
|
|
zone = data.hcloud_zone.main.name
|
|
name = each.value.subdomain
|
|
type = "AAAA"
|
|
ttl = 300
|
|
records = [
|
|
{
|
|
value = hcloud_server.client[each.key].ipv6_address
|
|
comment = "Client ${each.key} server IPv6"
|
|
}
|
|
]
|
|
}
|