Skip to content

Latest commit

 

History

History
79 lines (53 loc) · 3.19 KB

README.md

File metadata and controls

79 lines (53 loc) · 3.19 KB

Barissat family infrastructure

Emails

Primary e-mails

Primary e-mails are hosted on Google workspace personal edition (legacy G-Suite). They match the regex [\w-]+(\+.+)?@PRIMARY-DOMAIN. Examples:

  • first-name@PRIMARY-DOMAIN
  • first-name+anything@PRIMARY-DOMAIN

Forwarded e-mails

Forwarded e-mails are hosted on Forwardemail.net and forwarded to the respective primary emails. They match the regex (.+\.)?[\w-]+(\+.+)?@FORWARDED_DOMAIN. Examples:

  • first-name@FORWARDED_DOMAIN
  • first-name+anything@FORWARDED_DOMAIN
  • anything.first-name@FORWARDED_DOMAIN
  • anything.first-name+anything@FORWARDED_DOMAIN

Aliases

Some family members have one or more aliases. In that case, all the above are valid for both their first name and their aliases.

Contribute

Manage family members and domains

The list of family members and their details is encrypted using SOPS with a key stored in Google KMS.

SOPS configuration lies in .sops.yaml

Before you can edit the list, ensure your workstation is configured with credentials that have access to that key and then run:

sops config.enc.json

Or to edit it in VSCode:

EDITOR="code --wait" sops config.enc.json

Forking

If you want to fork this repo and modify it for your own personal/commercial usage, please do so freely, it is licensed accordingly (Apache 2.0).

Example configuration:

{
  "primary_domain": "lastname.com",
  "forwarded_domains": ["lastname.net", "last.name"],
  "members": [
    {
      "first_name": "John",
      "last_name": "Last Name",
      "recovery_email": "john@gmail.com",
      "aliases": ["jo"]
    }
  ]
}

Credentials configuration

It is recommended to configure the Google workspace provider with a service account (guide).

Essentially the steps are:

  1. Activate the Admin SDK API in GCP
  2. Create a service account (note its ID which is a long number) and keep the credentials file at hand.
  3. Delegate domain-wide the following OAuth scope to the service account ID https://www.googleapis.com/auth/admin.directory.user
  4. Value for the Terraform variable googleworkspace_customer_id can be found here.
  5. Set the email of the user account you just used to delegate OAuth scopes in the environment variable GOOGLEWORKSPACE_IMPERSONATED_USER_EMAIL (not the service account email).
  6. Set the environment variable GOOGLEWORKSPACE_CREDENTIALS to be either a path to the credentials file either its content without new lines (Select content and press CTRL+J in VSCode).

In my case, steps 1, 2, 6 are automated in my personal infra repo