48 lines
1.0 KiB
YAML
48 lines
1.0 KiB
YAML
|
---
|
||
|
|
|
||
|
|
- name: Ensure kanidm docker/compose exist
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: /etc/docker/compose/kanidm
|
||
|
|
state: directory
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: 0700
|
||
|
|
|
||
|
|
- name: Build kanidm docker-compose.yml.j2
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: docker-compose.yml.j2
|
||
|
|
dest: /etc/docker/compose/kanidm/docker-compose.yml
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: 0700
|
||
|
|
|
||
|
|
- name: Ensure kanidm docker/compose/data exist
|
||
|
|
ansible.builtin.file:
|
||
|
|
path: /etc/docker/compose/kanidm/data
|
||
|
|
state: directory
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: 0700
|
||
|
|
|
||
|
|
- name: Build kanidm config
|
||
|
|
ansible.builtin.template:
|
||
|
|
src: server.toml.j2
|
||
|
|
dest: /etc/docker/compose/kanidm/data/server.toml
|
||
|
|
owner: root
|
||
|
|
group: root
|
||
|
|
mode: 0755
|
||
|
|
|
||
|
|
- name: Allow LDAPS from rfc1918 networks
|
||
|
|
loop: "{{ rfc1918_networks }}"
|
||
|
|
community.general.ufw:
|
||
|
|
rule: allow
|
||
|
|
proto: tcp
|
||
|
|
port: '3636'
|
||
|
|
from: "{{ item }}"
|
||
|
|
|
||
|
|
- name: Enable kanidm
|
||
|
|
ansible.builtin.systemd_service:
|
||
|
|
state: restarted
|
||
|
|
enabled: true
|
||
|
|
name: docker-compose@kanidm
|