Skip to content

Managing my family cloud resources (just emails for now)

License

Notifications You must be signed in to change notification settings

politician/barissat-infra

Repository files navigation

Barissat family infrastructure

Emails

Primary e-mails

Primary e-mails are hosted on Google workspace personal edition (legacy G-Suite). They match the regex [\w-]+(\+.+)?@PRIMARY-DOMAIN. Examples:

  • first-name@PRIMARY-DOMAIN
  • first-name+anything@PRIMARY-DOMAIN

Forwarded e-mails

Forwarded e-mails are hosted on Forwardemail.net and forwarded to the respective primary emails. They match the regex (.+\.)?[\w-]+(\+.+)?@FORWARDED_DOMAIN. Examples:

  • first-name@FORWARDED_DOMAIN
  • first-name+anything@FORWARDED_DOMAIN
  • anything.first-name@FORWARDED_DOMAIN
  • anything.first-name+anything@FORWARDED_DOMAIN

Aliases

Some family members have one or more aliases. In that case, all the above are valid for both their first name and their aliases.

Contribute

Manage family members and domains

The list of family members and their details is encrypted using SOPS with a key stored in Google KMS.

SOPS configuration lies in .sops.yaml

Before you can edit the list, ensure your workstation is configured with credentials that have access to that key and then run:

sops config.enc.json

Or to edit it in VSCode:

EDITOR="code --wait" sops config.enc.json

Forking

If you want to fork this repo and modify it for your own personal/commercial usage, please do so freely, it is licensed accordingly (Apache 2.0).

Example configuration:

{
  "primary_domain": "lastname.com",
  "forwarded_domains": ["lastname.net", "last.name"],
  "members": [
    {
      "first_name": "John",
      "last_name": "Last Name",
      "recovery_email": "[email protected]",
      "aliases": ["jo"]
    }
  ]
}

Credentials configuration

It is recommended to configure the Google workspace provider with a service account (guide).

Essentially the steps are:

  1. Activate the Admin SDK API in GCP
  2. Create a service account (note its ID which is a long number) and keep the credentials file at hand.
  3. Delegate domain-wide the following OAuth scope to the service account ID https://www.googleapis.com/auth/admin.directory.user
  4. Value for the Terraform variable googleworkspace_customer_id can be found here.
  5. Set the email of the user account you just used to delegate OAuth scopes in the environment variable GOOGLEWORKSPACE_IMPERSONATED_USER_EMAIL (not the service account email).
  6. Set the environment variable GOOGLEWORKSPACE_CREDENTIALS to be either a path to the credentials file either its content without new lines (Select content and press CTRL+J in VSCode).

In my case, steps 1, 2, 6 are automated in my personal infra repo

About

Managing my family cloud resources (just emails for now)

Resources

License

Stars

Watchers

Forks

Languages