From e5eba51991a0640c6e5d1da0bd78cdbc9d4513f2 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sat, 22 Mar 2025 11:13:20 -0700
Subject: deploy kanidm

---
 .../kanidm/templates/stacks/docker-compose.yml     | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 playbooks/roles/kanidm/templates/stacks/docker-compose.yml

(limited to 'playbooks/roles/kanidm/templates/stacks/docker-compose.yml')

diff --git a/playbooks/roles/kanidm/templates/stacks/docker-compose.yml b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
new file mode 100644
index 0000000..4ce98d2
--- /dev/null
+++ b/playbooks/roles/kanidm/templates/stacks/docker-compose.yml
@@ -0,0 +1,34 @@
+services:
+  kanidm:
+    image: kanidm/server
+    volumes:
+      - {{ kanidm_base }}/volumes/data:/data
+      - {{ traextor_base }}/volumes/certs/letsencrypt:/certs:ro
+    networks:
+      - proxy
+{% if homelab_build %}
+    command:
+      - /bin/sh
+      - -c
+      - |
+        [ ! -f "/certs/{{ kanidm_host }}.pem" ] && sleep 60
+        /sbin/kanidmd server -c /data/server.toml
+    healthcheck:
+      disable: true
+{% endif %}
+    deploy:
+      mode: replicated
+      replicas: 1
+      labels:
+        - traefik.enable=true
+        - traefik.swarm.network=proxy
+        - traefik.http.routers.kanidm.tls=true
+        - traefik.http.routers.kanidm.tls.certResolver=letsencrypt
+        - traefik.http.routers.kanidm.rule=Host(`{{ kanidm_host }}`)
+        - traefik.http.routers.kanidm.entrypoints=websecure
+        - traefik.http.services.kanidm.loadbalancer.server.port=8443
+        - traefik.http.services.kanidm.loadbalancer.server.scheme=https
+
+networks:
+  proxy:
+    external: true
-- 
cgit v1.2.3-70-g09d2