hatecomputers
/
infra
6
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add certbot

This commit is contained in:
Elizabeth Hunt 2024-03-18 17:36:03 -04:00
parent c8cf576e33
commit fac223d9b8
7 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
deploy.yml
View File

@ -8,3 +8,6 @@
- name: Certbot certificate cloudflare setup
ansible.builtin.import_playbook: playbooks/deploy-certbot.yml
- name: Kanidm
ansible.builtin.import_playbook: playbooks/deploy-kanidm.yml

3
group_vars/kanidm.yml Normal file
View File

@ -0,0 +1,3 @@
---
kanidm_domain: auth.hatecomputers.club

6
playbooks/deploy-kanidm.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: Kanidm setup
hosts: kanidm
roles:
- kanidm

2
playbooks/roles/certbot/tasks/main.yml
View File

@ -11,7 +11,7 @@
ansible.builtin.template:
src: cloudflare-credentials.ini.j2
dest: "{{ cloudflare_credentials_destination }}"
mode: o=rw
mode: 0700
- name: Ensure existance of {{ certbot_post_hook_dir }}
ansible.builtin.file:

39
playbooks/roles/kanidm/tasks/main.yml Normal file
View File

@ -0,0 +1,39 @@
---
- name: Ensure kanidm docker/compose exist
ansible.builtin.file:
path: /etc/docker/compose/kanidm
state: directory
owner: root
group: root
mode: 0700
- name: Build kanidm docker-compose.yml.j2
ansible.builtin.template:
src: docker-compose.yml.j2
dest: /etc/docker/compose/kanidm/docker-compose.yml
owner: root
group: root
mode: 0700
- name: Ensure kanidm docker/compose/data exist
ansible.builtin.file:
path: /etc/docker/compose/kanidm/data
state: directory
owner: root
group: root
mode: 0700
- name: Build kanidm config
ansible.builtin.template:
src: server.toml.j2
dest: /etc/docker/compose/kanidm/data/server.toml
owner: root
group: root
mode: 0755
- name: Enable kanidm
ansible.builtin.systemd_service:
state: restarted
enabled: true
name: docker-compose@kanidm

13
playbooks/roles/kanidm/templates/docker-compose.yml.j2 Normal file
View File

@ -0,0 +1,13 @@
version: '3'
services:
kanidm:
image: kanidm/server:latest
restart: always
volumes:
- ./data:/data
- /etc/letsencrypt:/certs:ro
ports:
- 127.0.0.1:8443:8443
- 0.0.0.0:3636:3636

10
playbooks/roles/kanidm/templates/server.toml.j2 Normal file
View File

@ -0,0 +1,10 @@
bindaddress = "[::]:8443"
ldapbindaddress = "[::]:3636"
trust_x_forward_for = true
db_path = "/data/kanidm.db"
tls_chain = "/certs/live/{{ kanidm_domain }}/fullchain.pem"
tls_key = "/certs/live/{{ kanidm_domain }}/privkey.pem"
log_level = "info"
domain = "{{ kanidm_domain }}"
origin = "https://{{ kanidm_domain }}"