diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-04-27 21:15:30 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-04-27 21:25:52 -0700 |
| commit | daef0cf448af17357b552245f39067a9d340ce3d (patch) | |
| tree | f65a660f7232f057b0c14e477c166006bfb83f87 /playbooks/roles/kanidm | |
| parent | 1dcdfe34a74708f88aad68af965f4bb5c79adff1 (diff) | |
| download | infra-daef0cf448af17357b552245f39067a9d340ce3d.tar.gz infra-daef0cf448af17357b552245f39067a9d340ce3d.zip | |
Waow
Diffstat (limited to 'playbooks/roles/kanidm')
| -rw-r--r-- | playbooks/roles/kanidm/tasks/main.yml | 22 | ||||
| -rw-r--r-- | playbooks/roles/kanidm/templates/stacks/docker-compose.yml | 22 |
2 files changed, 22 insertions, 22 deletions
diff --git a/playbooks/roles/kanidm/tasks/main.yml b/playbooks/roles/kanidm/tasks/main.yml index a004910..7d7adc1 100644 --- a/playbooks/roles/kanidm/tasks/main.yml +++ b/playbooks/roles/kanidm/tasks/main.yml @@ -1,19 +1,9 @@ --- -- name: Build kanidm compose dirs - ansible.builtin.file: - state: directory - dest: '{{ kanidm_base }}/{{ item.path }}' - with_filetree: '../templates' - when: item.state == 'directory' +- name: Deploy kanidm + ansible.builtin.import_tasks: manage-docker-swarm-service.yml + vars: + service_name: kanidm + template_render_dir: "../templates" + service_destination_dir: "{{ kanidm_base }}" -- name: Build kanidm compose files - ansible.builtin.template: - src: '{{ item.src }}' - dest: '{{ kanidm_base }}/{{ item.path }}' - with_filetree: '../templates' - when: item.state == 'file' - -- name: Deploy Kanidm stack - ansible.builtin.command: - cmd: "docker stack deploy -c {{ kanidm_base }}/stacks/docker-compose.yml kanidm" diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml index 7f8bfe2..183d77e 100644 --- a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml +++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml @@ -4,6 +4,8 @@ services: volumes: - {{ kanidm_base }}/volumes/data:/data - {{ letsencrypt_certs }}:/certs:ro + ports: + - 3636:3636 networks: - proxy {% if homelab_build %} @@ -15,10 +17,24 @@ services: /sbin/kanidmd server -c /data/server.toml healthcheck: disable: true +{% else %} + healthcheck: + test: ["CMD-SHELL", "curl --fail -k https://localhost:8443/status"] + retries: 1 + timeout: 2s + interval: 30s {% endif %} + environment: + - TZ={{ timezone }} + - DEPLOYMENT_TIME={{ now() }} deploy: mode: replicated replicas: 1 + update_config: + parallelism: 1 + order: start-first + failure_action: rollback + monitor: 5s labels: - traefik.enable=true - traefik.swarm.network=proxy @@ -28,12 +44,6 @@ services: - traefik.http.routers.kanidm.entrypoints=websecure - traefik.http.services.kanidm.loadbalancer.server.port=8443 - traefik.http.services.kanidm.loadbalancer.server.scheme=https - # ldap - - traefik.tcp.routers.kanidm-ldaps.tls.passthrough=true - - traefik.tcp.routers.kanidm-ldaps.rule=HostSNI(`*`) - - traefik.tcp.routers.kanidm-ldaps.entrypoints=ldaps - - traefik.tcp.routers.kanidm-ldaps.service=kanidm-ldaps - - traefik.tcp.services.kanidm-ldaps.loadbalancer.server.port=3636 networks: proxy: |