variant: fcos version: 1.5.0 passwd: users: - name: vladan ssh_authorized_keys: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3" groups: - wheel shell: /bin/bash storage: disks: - device: /dev/vdb wipe_table: true partitions: - number: 1 label: kanidm-data start_mib: 0 size_mib: 10000 filesystems: - path: /var/lib/kanidm device: /dev/disk/by-partlabel/kanidm-data format: xfs label: data with_mount_unit: true wipe_filesystem: true files: - path: /etc/hostname mode: 0644 contents: inline: kanidm.hklbgd.org - path: /etc/kanidm/server.toml contents: local: server.toml mode: 0400 - path: /etc/kanidm/certs/cert1.pem contents: local: certs/cert1.pem mode: 0400 - path: /etc/kanidm/certs/chain1.pem contents: local: certs/chain1.pem mode: 0400 - path: /etc/kanidm/certs/fullchain1.pem contents: local: certs/fullchain1.pem mode: 0400 - path: /etc/kanidm/certs/privkey1.pem contents: local: certs/privkey1.pem mode: 0400 - path: /etc/containers/systemd/kanidm.container contents: inline: | [Unit] Description=Kanidm - a modern and simple identity management platform written in rust. After=network-online.target Wants=network-online.target [Service] TimeoutStartSec=60 [Container] ContainerName=kanidm Image=docker.io/kanidm/server:latest Volume=/var/lib/kanidm:/data:z Volume=/etc/kanidm/server.toml:/data/server.toml:z Volume=/etc/kanidm/certs:/data/certs:z PublishPort=8443:8443 PublishPort=3636:3636 [Install] # Start by default on boot WantedBy=multi-user.target default.target