summaryrefslogtreecommitdiff
path: root/playbooks/roles/kanidm/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/roles/kanidm/tasks/main.yml')
-rw-r--r--playbooks/roles/kanidm/tasks/main.yml47
1 files changed, 47 insertions, 0 deletions
diff --git a/playbooks/roles/kanidm/tasks/main.yml b/playbooks/roles/kanidm/tasks/main.yml
new file mode 100644
index 0000000..37cc0da
--- /dev/null
+++ b/playbooks/roles/kanidm/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+
+- name: Ensure kanidm docker/compose exist
+ ansible.builtin.file:
+ path: /etc/docker/compose/kanidm
+ state: directory
+ owner: root
+ group: root
+ mode: 0700
+
+- name: Build kanidm docker-compose.yml.j2
+ ansible.builtin.template:
+ src: docker-compose.yml.j2
+ dest: /etc/docker/compose/kanidm/docker-compose.yml
+ owner: root
+ group: root
+ mode: 0700
+
+- name: Ensure kanidm docker/compose/data exist
+ ansible.builtin.file:
+ path: /etc/docker/compose/kanidm/data
+ state: directory
+ owner: root
+ group: root
+ mode: 0700
+
+- name: Build kanidm config
+ ansible.builtin.template:
+ src: server.toml.j2
+ dest: /etc/docker/compose/kanidm/data/server.toml
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Allow LDAPS from rfc1918 networks
+ loop: "{{ rfc1918_networks }}"
+ community.general.ufw:
+ rule: allow
+ proto: tcp
+ port: '3636'
+ from: "{{ item }}"
+
+- name: Enable kanidm
+ ansible.builtin.systemd_service:
+ state: restarted
+ enabled: true
+ name: docker-compose@kanidm
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-22 17:33:06 +0000