vladan/hklbgd-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
hklbgd-infra/kanidm/service.bu

76 lines
2.1 KiB
Text
Raw Blame History

variant: fcos
version: 1.5.0
passwd:
users:
- name: vladan
ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFtUc2UvKFGSSlP3RRXUIToDYh8a8pg5DqDkJS+nBTG vladan@jenga
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHEY82J6Za3qkt7N6hZIOMEBeUna1dmsQjFZm3rIQzzz vladan@proxmox-coreos
password_hash: "$y$j9T$kBtBBkINmXh6lxmBqCJkr1$bA1fjZ5pC4CUr6VUnRe2FAWrW5tb6lfX/7.38axa5S3"
groups:
- wheel
shell: /bin/bash
storage:
disks:
- device: /dev/vdb
wipe_table: false
partitions:
- number: 1
label: kanidm
start_mib: 0
size_mib: 10000
filesystems:
- path: /var/lib/kanidm
device: /dev/disk/by-partlabel/kanidm
format: xfs
label: data
with_mount_unit: true
wipe_filesystem: false
files:
- path: /etc/hostname
mode: 0644
contents:
inline: kanidm.hklbgd.org
- path: /etc/kanidm/server.toml
contents:
local: server.toml
mode: 0400
- path: /etc/kanidm/certs/cert1.pem
contents:
local: certs/cert1.pem
mode: 0400
- path: /etc/kanidm/certs/chain1.pem
contents:
local: certs/chain1.pem
mode: 0400
- path: /etc/kanidm/certs/fullchain1.pem
contents:
local: certs/fullchain1.pem
mode: 0400
- path: /etc/kanidm/certs/privkey1.pem
contents:
local: certs/privkey1.pem
mode: 0400
- path: /etc/containers/systemd/kanidm.container
contents:
inline: |
[Unit]
Description=Kanidm - a modern and simple identity management platform written in rust.
After=network-online.target
Wants=network-online.target
[Service]
TimeoutStartSec=60
[Container]
ContainerName=kanidm
Image=docker.io/kanidm/server:latest
Volume=/var/lib/kanidm:/data:z
Volume=/etc/kanidm/server.toml:/data/server.toml:z
Volume=/etc/kanidm/certs:/data/certs:z
PublishPort=8443:8443
PublishPort=3636:3636
[Install]
# Start by default on boot
WantedBy=multi-user.target default.target
Reference in a new issue View git blame Copy permalink