hklbgd-infra/ignition/kanidm/service.bu

variant: fcos
version: 1.5.0
passwd:
  users:
    - name: vladan
      ssh_authorized_keys:
        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga
      password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3"
      groups:
        - wheel
      shell: /bin/bash
storage:
  disks:
    - device: /dev/vdb
      wipe_table: true
      partitions:
        - number: 1
          label: kanidm-data
          start_mib: 0
          size_mib: 10000
  filesystems:
    - path: /var/lib/kanidm
      device: /dev/disk/by-partlabel/kanidm-data
      format: xfs
      label: data
      with_mount_unit: true
      wipe_filesystem: true
  files:
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: kanidm.hklbgd.org
    - path: /etc/kanidm/server.toml
      contents:
        local: server.toml
      mode: 0400
    - path: /etc/kanidm/certs/cert1.pem
      contents:
        local: certs/cert1.pem
      mode: 0400
    - path: /etc/kanidm/certs/chain1.pem
      contents:
        local: certs/chain1.pem
      mode: 0400
    - path: /etc/kanidm/certs/fullchain1.pem
      contents:
        local: certs/fullchain1.pem
      mode: 0400
    - path: /etc/kanidm/certs/privkey1.pem
      contents:
        local: certs/privkey1.pem
      mode: 0400
    - path: /etc/containers/systemd/kanidm.container
      contents:
        inline: |
          [Unit]
          Description=Kanidm - a modern and simple identity management platform written in rust.
          After=network-online.target
          Wants=network-online.target

          [Service]
          TimeoutStartSec=60

          [Container]
          ContainerName=kanidm
          Image=docker.io/kanidm/server:latest
          Volume=/var/lib/kanidm:/data:z
          Volume=/etc/kanidm/server.toml:/data/server.toml:z
          Volume=/etc/kanidm/certs:/data/certs:z
          PublishPort=8443:8443
          PublishPort=3636:3636

          [Install]
          # Start by default on boot
          WantedBy=multi-user.target default.target
kanidm initial local setup 2024-02-26 18:40:33 +01:00			`variant: fcos`
			`version: 1.5.0`
			`passwd:`
			`users:`
			`- name: vladan`
			`ssh_authorized_keys:`
			`- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga`
			`password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3"`
			`groups:`
			`- wheel`
			`shell: /bin/bash`
			`storage:`
			`disks:`
			`- device: /dev/vdb`
modularize tf infrastructure 2024-03-01 16:34:20 +01:00			`wipe_table: true`
kanidm initial local setup 2024-02-26 18:40:33 +01:00			`partitions:`
			`- number: 1`
modularize tf infrastructure 2024-03-01 16:34:20 +01:00			`label: kanidm-data`
kanidm initial local setup 2024-02-26 18:40:33 +01:00			`start_mib: 0`
			`size_mib: 10000`
			`filesystems:`
			`- path: /var/lib/kanidm`
modularize tf infrastructure 2024-03-01 16:34:20 +01:00			`device: /dev/disk/by-partlabel/kanidm-data`
kanidm initial local setup 2024-02-26 18:40:33 +01:00			`format: xfs`
			`label: data`
			`with_mount_unit: true`
modularize tf infrastructure 2024-03-01 16:34:20 +01:00			`wipe_filesystem: true`
kanidm initial local setup 2024-02-26 18:40:33 +01:00			`files:`
			`- path: /etc/hostname`
			`mode: 0644`
			`contents:`
			`inline: kanidm.hklbgd.org`
			`- path: /etc/kanidm/server.toml`
			`contents:`
			`local: server.toml`
			`mode: 0400`
			`- path: /etc/kanidm/certs/cert1.pem`
			`contents:`
			`local: certs/cert1.pem`
			`mode: 0400`
			`- path: /etc/kanidm/certs/chain1.pem`
			`contents:`
			`local: certs/chain1.pem`
			`mode: 0400`
			`- path: /etc/kanidm/certs/fullchain1.pem`
			`contents:`
			`local: certs/fullchain1.pem`
			`mode: 0400`
			`- path: /etc/kanidm/certs/privkey1.pem`
			`contents:`
			`local: certs/privkey1.pem`
			`mode: 0400`
			`- path: /etc/containers/systemd/kanidm.container`
			`contents:`
			`inline: \|`
			`[Unit]`
			`Description=Kanidm - a modern and simple identity management platform written in rust.`
			`After=network-online.target`
			`Wants=network-online.target`

			`[Service]`
			`TimeoutStartSec=60`

			`[Container]`
			`ContainerName=kanidm`
			`Image=docker.io/kanidm/server:latest`
			`Volume=/var/lib/kanidm:/data:z`
			`Volume=/etc/kanidm/server.toml:/data/server.toml:z`
			`Volume=/etc/kanidm/certs:/data/certs:z`
			`PublishPort=8443:8443`
			`PublishPort=3636:3636`

			`[Install]`
			`# Start by default on boot`
			`WantedBy=multi-user.target default.target`