feat: inital public commit

2025-08-15 19:54:31 -04:00
commit 00315a990a
55 changed files with 2527 additions and 0 deletions
--- a/infra/.terraform.lock.hcl
+++ b/infra/.terraform.lock.hcl
@@ -0,0 +1,16 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/local" {
+  version = "2.5.3"
+  hashes = [
+    "h1:6ADVoHtXiWFhClkKa1vnBycJxqnL0GjHMZAQipa4SEU=",
+  ]
+}
+
+provider "registry.terraform.io/trozz/pocketid" {
+  version = "0.1.5"
+  hashes = [
+    "h1:egwnwPepmLF/OAE96D7RxGlsXYlUVZi3CuFhAH69iVE=",
+  ]
+}
--- a/infra/config.nix
+++ b/infra/config.nix
@@ -0,0 +1,93 @@
+{
+  terraform = {
+    required_providers = {
+      pocketid = {
+        source = "trozz/pocketid";
+      };
+    };
+  };
+  provider.pocketid = {
+    base_url = "https://auth.koon.us";
+    api_token = "\${var.pocketid_api_token}";
+  };
+
+  variable.pocketid_api_token = {
+    type = "string";
+    sensitive = true;
+    description = "PocketID API token";
+  };
+
+  resource.pocketid_client.photos = {
+    name = "Photos";
+    callback_urls = [
+      "https://photos.koon.us/auth/login"
+      "https://photos.koon.us/user-settings"
+      "app.immich:///oauth-callback"
+    ];
+    is_public = false;
+    pkce_enabled = false;
+  };
+
+  resource.pocketid_client.git = {
+    name = "Git";
+    callback_urls = [
+      "https://git.koon.us/user/oauth2/KoonFamily/callback"
+    ];
+    is_public = false;
+    pkce_enabled = false;
+  };
+
+  resource.pocketid_client.docs = {
+    name = "Docs";
+    callback_urls = [
+      "https://docs.koon.us/*"
+    ];
+    is_public = false;
+    pkce_enabled = false;
+  };
+
+  output = {
+    photos_client_id = {
+      value = "\${pocketid_client.photos.id}";
+    };
+    
+    photos_client_secret = {
+      value = "\${pocketid_client.photos.client_secret}";
+      sensitive = true;
+    };
+
+    git_client_id = {
+      value = "\${pocketid_client.git.id}";
+    };
+
+    git_client_secret = {
+      value = "\${pocketid_client.git.client_secret}";
+      sensitive = true;
+    };
+
+    docs_client_id = {
+      value = "\${pocketid_client.docs.id}";
+    };
+
+    docs_client_secret = {
+      value = "\${pocketid_client.docs.client_secret}";
+      sensitive = true;
+    };
+  };
+
+  resource.local_file.oauth_config = {
+    filename = "\${path.module}/../secrets/sops/oauth.yaml";
+    content = ''
+      photos:
+        clientId: ''${pocketid_client.photos.id}
+        clientSecret: ''${pocketid_client.photos.client_secret}
+      git:
+        clientId: ''${pocketid_client.git.id}
+        clientSecret: ''${pocketid_client.git.client_secret}
+      docs:
+        clientId: ''${pocketid_client.docs.id}
+        clientSecret: ''${pocketid_client.docs.client_secret}
+    '';
+    file_permission = "0600";
+  };
+}