11 files changed, 108 insertions, 0 deletions

diff --git a/playbooks/kanidm.yml b/playbooks/kanidm.yml
new file mode 100644
index 0000000..0e1c35f
--- /dev/null
+++ b/playbooks/kanidm.yml
@@ -0,0 +1,7 @@
+---
+
+- name: Kanidm setup
+  hosts: kanidm
+  become: true
+  roles:
+    - kanidm
diff --git a/playbooks/roles/kanidm/tasks/main.yml b/playbooks/roles/kanidm/tasks/main.yml
new file mode 100644
index 0000000..a004910
--- /dev/null
+++ b/playbooks/roles/kanidm/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Build kanidm compose dirs
+  ansible.builtin.file:
+    state: directory
+    dest: '{{ kanidm_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'directory'
+
+- name: Build kanidm compose files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ kanidm_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'file'
+
+- name: Deploy Kanidm stack
+  ansible.builtin.command:
+    cmd: "docker stack deploy -c {{ kanidm_base }}/stacks/docker-compose.yml kanidm"
diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..4ce98d2
--- /dev/null
+++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
@@ -0,0 +1,34 @@
+services:
+  kanidm:
+    image: kanidm/server
+    volumes:
+      - {{ kanidm_base }}/volumes/data:/data
+      - {{ traextor_base }}/volumes/certs/letsencrypt:/certs:ro
+    networks:
+      - proxy
+{% if homelab_build %}
+    command:
+      - /bin/sh
+      - -c
+      - |
+        [ ! -f "/certs/{{ kanidm_host }}.pem" ] && sleep 60
+        /sbin/kanidmd server -c /data/server.toml
+    healthcheck:
+      disable: true
+{% endif %}
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.kanidm.tls=true
+        - traefik.http.routers.kanidm.tls.certResolver=letsencrypt
+        - traefik.http.routers.kanidm.rule=Host(`{{ kanidm_host }}`)
+        - traefik.http.routers.kanidm.entrypoints=websecure
+        - traefik.http.services.kanidm.loadbalancer.server.port=8443
+        - traefik.http.services.kanidm.loadbalancer.server.scheme=https
+
+networks:
+  proxy:
+    external: true
diff --git a/playbooks/roles/kanidm/templates/volumes/data/.gitkeep b/playbooks/roles/kanidm/templates/volumes/data/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/kanidm/templates/volumes/data/.gitkeep
diff --git a/playbooks/roles/kanidm/templates/volumes/data/server.toml b/playbooks/roles/kanidm/templates/volumes/data/server.toml
new file mode 100644
index 0000000..5e42bc8
--- /dev/null
+++ b/playbooks/roles/kanidm/templates/volumes/data/server.toml
@@ -0,0 +1,10 @@
+bindaddress = "0.0.0.0:8443"
+ldapbindaddress = "0.0.0.0:3636"
+trust_x_forward_for = true
+db_path = "/data/kanidm.db"
+tls_chain = "/certs/{{ kanidm_host }}.pem"
+tls_key = "/certs/{{ kanidm_host }}.key"
+log_level = "info"
+
+domain = "{{ kanidm_host }}"
+origin = "https://{{ kanidm_host }}"
diff --git a/playbooks/roles/traextor/tasks/main.yml b/playbooks/roles/traextor/tasks/main.yml
new file mode 100644
index 0000000..19074fe
--- /dev/null
+++ b/playbooks/roles/traextor/tasks/main.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Build traextor compose dirs
+  ansible.builtin.file:
+    state: directory
+    dest: '{{ traextor_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'directory'
+
+- name: Build traextor compose files
+  ansible.builtin.template:
+    src: '{{ item.src }}'
+    dest: '{{ traextor_base }}/{{ item.path }}'
+  with_filetree: '../templates'
+  when: item.state == 'file'
+
+- name: Deploy Traextor stack
+  ansible.builtin.command:
+    cmd: "docker stack deploy -c {{ traextor_base }}/stacks/docker-compose.yml traextor"
diff --git a/playbooks/roles/traextor/templates/stacks/docker-compose.yml b/playbooks/roles/traextor/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..9012365
--- /dev/null
+++ b/playbooks/roles/traextor/templates/stacks/docker-compose.yml
@@ -0,0 +1,12 @@
+services:
+  traextor:
+    image: djarbz/traextor
+    volumes:
+      - {{ traextor_base }}/volumes/shared:/shared
+      - {{ traefik_base }}/volumes/certs/acme.json:/acme.json
+      - {{ traextor_base }}/volumes/certs:/certs
+      - /var/run/docker.sock:/var/run/docker.sock
+    command: -H unix:///var/run/docker.sock
+    environment:
+      TZ: {{ timezone }}
+      OUTPUT_DIR: /certs
diff --git a/playbooks/roles/traextor/templates/volumes/certs/.gitkeep b/playbooks/roles/traextor/templates/volumes/certs/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/traextor/templates/volumes/certs/.gitkeep
diff --git a/playbooks/roles/traextor/templates/volumes/shared/.gitkeep b/playbooks/roles/traextor/templates/volumes/shared/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/traextor/templates/volumes/shared/.gitkeep
diff --git a/playbooks/roles/traextor/templates/volumes/traextor/.gitkeep b/playbooks/roles/traextor/templates/volumes/traextor/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/playbooks/roles/traextor/templates/volumes/traextor/.gitkeep
diff --git a/playbooks/traextor.yml b/playbooks/traextor.yml
new file mode 100644
index 0000000..b9a11ea
--- /dev/null
+++ b/playbooks/traextor.yml
@@ -0,0 +1,7 @@
+---
+
+- name: traextor setup
+  hosts: traextor
+  become: true
+  roles:
+    - traextor