2 files changed, 22 insertions, 22 deletions
diff --git a/playbooks/roles/kanidm/tasks/main.yml b/playbooks/roles/kanidm/tasks/main.yml
index a004910..7d7adc1 100644
--- a/playbooks/roles/kanidm/tasks/main.yml
+++ b/playbooks/roles/kanidm/tasks/main.yml
@@ -1,19 +1,9 @@
 ---
 
-- name: Build kanidm compose dirs
-  ansible.builtin.file:
-    state: directory
-    dest: '{{ kanidm_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'directory'
+- name: Deploy kanidm
+  ansible.builtin.import_tasks: manage-docker-swarm-service.yml
+  vars:
+    service_name: kanidm
+    template_render_dir: "../templates"
+    service_destination_dir: "{{ kanidm_base }}"
 
-- name: Build kanidm compose files
-  ansible.builtin.template:
-    src: '{{ item.src }}'
-    dest: '{{ kanidm_base }}/{{ item.path }}'
-  with_filetree: '../templates'
-  when: item.state == 'file'
-
-- name: Deploy Kanidm stack
-  ansible.builtin.command:
-    cmd: "docker stack deploy -c {{ kanidm_base }}/stacks/docker-compose.yml kanidm"
diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
index 7f8bfe2..183d77e 100644
--- a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
@@ -4,6 +4,8 @@ services:
     volumes:
       - {{ kanidm_base }}/volumes/data:/data
       - {{ letsencrypt_certs }}:/certs:ro
+    ports:
+      - 3636:3636
     networks:
       - proxy
 {% if homelab_build %}
@@ -15,10 +17,24 @@ services:
         /sbin/kanidmd server -c /data/server.toml
     healthcheck:
       disable: true
+{% else %}
+    healthcheck:
+      test: ["CMD-SHELL", "curl --fail -k https://localhost:8443/status"]
+      retries: 1
+      timeout: 2s
+      interval: 30s
 {% endif %}
+    environment:
+      - TZ={{ timezone }}
+      - DEPLOYMENT_TIME={{ now() }}
     deploy:
       mode: replicated
       replicas: 1
+      update_config:
+        parallelism: 1
+        order: start-first
+        failure_action: rollback
+        monitor: 5s
       labels:
         - traefik.enable=true
         - traefik.swarm.network=proxy
@@ -28,12 +44,6 @@ services:
         - traefik.http.routers.kanidm.entrypoints=websecure
         - traefik.http.services.kanidm.loadbalancer.server.port=8443
         - traefik.http.services.kanidm.loadbalancer.server.scheme=https
-        # ldap
-        - traefik.tcp.routers.kanidm-ldaps.tls.passthrough=true
-        - traefik.tcp.routers.kanidm-ldaps.rule=HostSNI(`*`)
-        - traefik.tcp.routers.kanidm-ldaps.entrypoints=ldaps
-        - traefik.tcp.routers.kanidm-ldaps.service=kanidm-ldaps
-        - traefik.tcp.services.kanidm-ldaps.loadbalancer.server.port=3636
 
 networks:
   proxy: