Primary e-mails are hosted on Google workspace personal edition (legacy G-Suite). They match the regex [\w-]+(\+.+)?@PRIMARY-DOMAIN
. Examples:
- first-name@PRIMARY-DOMAIN
- first-name+anything@PRIMARY-DOMAIN
Forwarded e-mails are hosted on Forwardemail.net and forwarded to the respective primary emails. They match the regex (.+\.)?[\w-]+(\+.+)?@FORWARDED_DOMAIN
. Examples:
- first-name@FORWARDED_DOMAIN
- first-name+anything@FORWARDED_DOMAIN
- anything.first-name@FORWARDED_DOMAIN
- anything.first-name+anything@FORWARDED_DOMAIN
Some family members have one or more aliases. In that case, all the above are valid for both their first name and their aliases.
The list of family members and their details is encrypted using SOPS with a key stored in Google KMS.
SOPS configuration lies in .sops.yaml
Before you can edit the list, ensure your workstation is configured with credentials that have access to that key and then run:
sops config.enc.json
Or to edit it in VSCode:
EDITOR="code --wait" sops config.enc.json
If you want to fork this repo and modify it for your own personal/commercial usage, please do so freely, it is licensed accordingly (Apache 2.0).
Example configuration:
{
"primary_domain": "lastname.com",
"forwarded_domains": ["lastname.net", "last.name"],
"members": [
{
"first_name": "John",
"last_name": "Last Name",
"recovery_email": "[email protected]",
"aliases": ["jo"]
}
]
}
It is recommended to configure the Google workspace provider with a service account (guide).
Essentially the steps are:
- Activate the Admin SDK API in GCP
- Create a service account (note its ID which is a long number) and keep the credentials file at hand.
- Delegate domain-wide the following OAuth scope to the service account ID
https://www.googleapis.com/auth/admin.directory.user
- Value for the Terraform variable
googleworkspace_customer_id
can be found here. - Set the email of the user account you just used to delegate OAuth scopes in the environment variable
GOOGLEWORKSPACE_IMPERSONATED_USER_EMAIL
(not the service account email). - Set the environment variable
GOOGLEWORKSPACE_CREDENTIALS
to be either a path to the credentials file either its content without new lines (Select content and pressCTRL+J
in VSCode).
In my case, steps 1, 2, 6 are automated in my personal infra repo