Waow

1 files changed, 16 insertions, 6 deletions

diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
index 7f8bfe2..183d77e 100644
--- a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
@@ -4,6 +4,8 @@ services:
     volumes:
       - {{ kanidm_base }}/volumes/data:/data
       - {{ letsencrypt_certs }}:/certs:ro
+    ports:
+      - 3636:3636
     networks:
       - proxy
 {% if homelab_build %}
@@ -15,10 +17,24 @@ services:
         /sbin/kanidmd server -c /data/server.toml
     healthcheck:
       disable: true
+{% else %}
+    healthcheck:
+      test: ["CMD-SHELL", "curl --fail -k https://localhost:8443/status"]
+      retries: 1
+      timeout: 2s
+      interval: 30s
 {% endif %}
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
     deploy:
       mode: replicated
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+        failure_action: rollback
+        monitor: 5s
       labels:
         - traefik.enable=true
         - traefik.swarm.network=proxy
@@ -28,12 +44,6 @@ services:
         - traefik.http.routers.kanidm.entrypoints=websecure
         - traefik.http.services.kanidm.loadbalancer.server.port=8443
         - traefik.http.services.kanidm.loadbalancer.server.scheme=https
-        # ldap
-        - traefik.tcp.routers.kanidm-ldaps.tls.passthrough=true
-        - traefik.tcp.routers.kanidm-ldaps.rule=HostSNI(`*`)
-        - traefik.tcp.routers.kanidm-ldaps.entrypoints=ldaps
-        - traefik.tcp.routers.kanidm-ldaps.service=kanidm-ldaps
-        - traefik.tcp.services.kanidm-ldaps.loadbalancer.server.port=3636
 
 networks:
   proxy: