Add kanidm
This commit is contained in:
parent
d3b5e85427
commit
918a906b64
28
config/ca.key
Normal file
28
config/ca.key
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCy7lO5xlCHc4jB
|
||||||
|
th4dqWOtYrhdzMvsooFkQSK7GvVNFrzuhMXZp3iE6ZrXdE4Aku0n8ogR/NpI9stZ
|
||||||
|
9PnrjvTXS6qfVhM0ctmR4b8HhgO+tXVBMicxCK4k+TPYySqorUvzhtmiHy5cWXB/
|
||||||
|
1EB/bb/XN/NG/iv5UQU2j3byOBHWeWUZehWSrRdoYUrw5a5iGPvWCXurXh5I/RYc
|
||||||
|
xp0dGF/JQ73tqhTd96g+nmSPZfhGSuGdcxcR0F9fGNP3cJStBXlM56hfHThfzonq
|
||||||
|
2EUc3L6R77nk+UAieP0bA6PgyT7PNs6mWI7JFDPkNggtU1KivnzF+nL0cFRpFGKk
|
||||||
|
2yoWLCs3AgMBAAECggEAQPq7/SM/63DRoUd5+FujjzviqG3PQMhjJP1il4BaxPwU
|
||||||
|
8KnXEAv5gIs1aDkceqjg5zj0oVOqEgVOJAULHbh0whsAg4zGvK1YxdmtfhX1FjTf
|
||||||
|
uCV2hiAY3eSCJ6AmlcsZYf7+2hloxLDWYhW6towstwPinU2AurHpqr6++4fRMomW
|
||||||
|
RD8lU0RDkh1CtQYyfZ2HZ1U0MD3AMn2Pc5olGGyNmPv8YlkpQpUukAsL2hmYYSdR
|
||||||
|
plrXqGEy7+Z4lXtFMcl4O+1OagIgzxrcO85aT/Nhz/L1vtngcbNw7TYtKMJ2Qe3L
|
||||||
|
iCsTUQPictuzClmOh5Fnp4hPoIQQBJJOUnSdgPoxgQKBgQD35AnVk0RYBAmC299Y
|
||||||
|
DZocc/erJdK0uS+kjs4+P0JgK4djHE8lwPwKd5asBrWy5yx8NFCO/ISyGLnNMIO8
|
||||||
|
3c+lv20XvTCXkAxnwJ7vKEQ3L1Kc9m7E5nfCMVb5YbjCDRcKWDuDlPzpJ1JEz0gQ
|
||||||
|
o1AYX0cMIVhmg6ajXqigYnbojwKBgQC4yMjdcarCw++b09/2xejrNKvkmVC4o7RL
|
||||||
|
xBQoSG9GjFYnuMVs9vchHsjGrUmWDqoyqnwhpgXwugIAMdgpgL8kH7RzpBHbkhtU
|
||||||
|
8vOnuLrCCSfv6G94GRzS9PTsQBRew/k+WLZvJmrlTEUF0bt6x2nA+zlkJeubigSm
|
||||||
|
Ap3B1S9W2QKBgQDueuL/JmuEpXWk//RRWNyfbO2jKIMaPGJaVMyT0/X+YUIhllWK
|
||||||
|
g6u2QjChFN9u2rnQT+AEf2kFkYYGohrK8zXWRmAki20ZEorsscH1YO6njI5U1Tvh
|
||||||
|
j7s9Boye5GWDwmYdHJ88ynO5touOCUBSSVs/50GJqPbLwPHqj6F4kuHEfwKBgGIQ
|
||||||
|
TGkY1aKfER4FhyoTRdTtEvwyUSBr4FcFLB1ks4khGOfjqwJ03hn5mFu3wwGbrr9M
|
||||||
|
squ4zBZA4KbxzOHZrZaiLMXiIIgCNfcTKDOuWY54BXXQSLfXu/BIh2KJb0YLgs6P
|
||||||
|
jeHW5Yviug6oi3JROdJsgLyhUzQsPuNLKCWh2YmhAoGANCt8O/622XtvGgWLWyiM
|
||||||
|
9p7dMROpoj4XX+6+Nl1qhycCzxiDoHUHkh4vns9DlWgniVWFzVahHxdcluf+CFPA
|
||||||
|
Gp9bzPc5C9U8aqKZCQiG1KvsYw/hTHimXVQC8zZrN55HJpt9f0BaB35iCgRifFgb
|
||||||
|
Z3h6lYM7ArSxD9bON/mgi2I=
|
||||||
|
-----END PRIVATE KEY-----
|
21
config/ca.pem
Normal file
21
config/ca.pem
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDazCCAlOgAwIBAgIUDkcNMspZCufA/N0UL3yb4RdrRuIwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwRTELMAkGA1UEBhMCUEwxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
|
||||||
|
GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA2MjQxNjAxMjNaFw0yNTA2
|
||||||
|
MjQxNjAxMjNaMEUxCzAJBgNVBAYTAlBMMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
|
||||||
|
HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
|
||||||
|
AQUAA4IBDwAwggEKAoIBAQCy7lO5xlCHc4jBth4dqWOtYrhdzMvsooFkQSK7GvVN
|
||||||
|
FrzuhMXZp3iE6ZrXdE4Aku0n8ogR/NpI9stZ9PnrjvTXS6qfVhM0ctmR4b8HhgO+
|
||||||
|
tXVBMicxCK4k+TPYySqorUvzhtmiHy5cWXB/1EB/bb/XN/NG/iv5UQU2j3byOBHW
|
||||||
|
eWUZehWSrRdoYUrw5a5iGPvWCXurXh5I/RYcxp0dGF/JQ73tqhTd96g+nmSPZfhG
|
||||||
|
SuGdcxcR0F9fGNP3cJStBXlM56hfHThfzonq2EUc3L6R77nk+UAieP0bA6PgyT7P
|
||||||
|
Ns6mWI7JFDPkNggtU1KivnzF+nL0cFRpFGKk2yoWLCs3AgMBAAGjUzBRMB0GA1Ud
|
||||||
|
DgQWBBR809KyhcwUbdddm3gSRy2XYthIyzAfBgNVHSMEGDAWgBR809KyhcwUbddd
|
||||||
|
m3gSRy2XYthIyzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBL
|
||||||
|
3xZelDDjnJg6u0i4IrwfWSGCWEblT7NBltOBoMKK2zcFMgIjkjYy1Nq+16bzo/yO
|
||||||
|
BAdWKmFZQTgtIvbP9wbv/DPpQOy162fq9UCvgRJA8UMaerg0DXnktiHWgtmjGS9d
|
||||||
|
vTQbkZT4as+sH/Kva6SaDlbUgRuuOt1Qyz4onslkX1megU9Lz1qpTlV7njYXWTN9
|
||||||
|
4Sa3nPnujg0U5FDihE00w4VS7yFJqzhpaXK6ptPhcxkdD5PDrn9Rb9NvfKibao3m
|
||||||
|
iLhZfLBozeXikzhDqCM9p3e25ewSxv1xU0M2lCpfSUDOt1n/+bLkKk2g9x4bpvWu
|
||||||
|
cg+ZhAmx+KpuFRO6LSL9
|
||||||
|
-----END CERTIFICATE-----
|
107
config/kanidm.toml
Normal file
107
config/kanidm.toml
Normal file
@ -0,0 +1,107 @@
|
|||||||
|
# The webserver bind address. Requires TLS certificates.
|
||||||
|
# If the port is set to 443 you may require the
|
||||||
|
# NET_BIND_SERVICE capability.
|
||||||
|
# Defaults to "127.0.0.1:8443"
|
||||||
|
bindaddress = "[::]:8443"
|
||||||
|
# bindaddress = "[::]:80"
|
||||||
|
#
|
||||||
|
# The read-only ldap server bind address. Requires
|
||||||
|
# TLS certificates. If set to 636 you may require
|
||||||
|
# the NET_BIND_SERVICE capability.
|
||||||
|
# Defaults to "" (disabled)
|
||||||
|
# ldapbindaddress = "[::]:3636"
|
||||||
|
#
|
||||||
|
# HTTPS requests can be reverse proxied by a loadbalancer.
|
||||||
|
# To preserve the original IP of the caller, these systems
|
||||||
|
# will often add a header such as "Forwarded" or
|
||||||
|
# "X-Forwarded-For". If set to true, then this header is
|
||||||
|
# respected as the "authoritative" source of the IP of the
|
||||||
|
# connected client. If you are not using a load balancer
|
||||||
|
# then you should leave this value as default.
|
||||||
|
# Defaults to false
|
||||||
|
# trust_x_forward_for = false
|
||||||
|
#
|
||||||
|
# The path to the kanidm database.
|
||||||
|
db_path = "/data/kanidm.db"
|
||||||
|
#
|
||||||
|
# If you have a known filesystem, kanidm can tune the
|
||||||
|
# database page size to match. Valid choices are:
|
||||||
|
# [zfs, other]
|
||||||
|
# If you are unsure about this leave it as the default
|
||||||
|
# (other). After changing this
|
||||||
|
# value you must run a vacuum task.
|
||||||
|
# - zfs:
|
||||||
|
# * sets database pagesize to 64k. You must set
|
||||||
|
# recordsize=64k on the zfs filesystem.
|
||||||
|
# - other:
|
||||||
|
# * sets database pagesize to 4k, matching most
|
||||||
|
# filesystems block sizes.
|
||||||
|
# db_fs_type = "zfs"
|
||||||
|
#
|
||||||
|
# The number of entries to store in the in-memory cache.
|
||||||
|
# Minimum value is 256. If unset
|
||||||
|
# an automatic heuristic is used to scale this.
|
||||||
|
# You should only adjust this value if you experience
|
||||||
|
# memory pressure on your system.
|
||||||
|
# db_arc_size = 2048
|
||||||
|
#
|
||||||
|
# TLS chain and key in pem format. Both must be present
|
||||||
|
|
||||||
|
# docker run --rm -i -t -v kanidmd:/data \
|
||||||
|
# kanidm/server:latest \
|
||||||
|
# kanidmd cert-generate
|
||||||
|
|
||||||
|
tls_chain = "/data/ca.pem"
|
||||||
|
tls_key = "/data/ca.key"
|
||||||
|
verify_ca = false
|
||||||
|
|
||||||
|
#
|
||||||
|
# The log level of the server. May be one of info, debug, trace
|
||||||
|
#
|
||||||
|
# NOTE: this can be overridden by the environment variable
|
||||||
|
# `KANIDM_LOG_LEVEL` at runtime
|
||||||
|
# Defaults to "info"
|
||||||
|
# log_level = "info"
|
||||||
|
#
|
||||||
|
# The DNS domain name of the server. This is used in a
|
||||||
|
# number of security-critical contexts
|
||||||
|
# such as webauthn, so it *must* match your DNS
|
||||||
|
# hostname. It is used to create
|
||||||
|
# security principal names such as `william@idm.example.com`
|
||||||
|
# so that in a (future) trust configuration it is possible
|
||||||
|
# to have unique Security Principal Names (spns) throughout
|
||||||
|
# the topology.
|
||||||
|
#
|
||||||
|
# ⚠️ WARNING ⚠️
|
||||||
|
#
|
||||||
|
# Changing this value WILL break many types of registered
|
||||||
|
# credentials for accounts including but not limited to
|
||||||
|
# webauthn, oauth tokens, and more.
|
||||||
|
# If you change this value you *must* run
|
||||||
|
# `kanidmd domain_name_change` immediately after.
|
||||||
|
# domain = "idm.example.com"
|
||||||
|
domain = "localhost"
|
||||||
|
#
|
||||||
|
# The origin for webauthn. This is the url to the server,
|
||||||
|
# with the port included if it is non-standard (any port
|
||||||
|
# except 443). This must match or be a descendent of the
|
||||||
|
# domain name you configure above. If these two items are
|
||||||
|
# not consistent, the server WILL refuse to start!
|
||||||
|
# origin = "https://idm.example.com"
|
||||||
|
origin = "https://localhost:8443"
|
||||||
|
# origin = "https://idm.example.com:8443"
|
||||||
|
#
|
||||||
|
[online_backup]
|
||||||
|
# The path to the output folder for online backups
|
||||||
|
path = "/data/kanidm/backups/"
|
||||||
|
# The schedule to run online backups (see https://crontab.guru/)
|
||||||
|
# every day at 22:00 UTC (default)
|
||||||
|
schedule = "00 22 * * *"
|
||||||
|
# four times a day at 3 minutes past the hour, every 6th hours
|
||||||
|
# schedule = "03 */6 * * *"
|
||||||
|
# We also support non standard cron syntax, with the following format:
|
||||||
|
# sec min hour day of month month day of week year
|
||||||
|
# (it's very similar to the standard cron syntax, it just allows to specify the seconds
|
||||||
|
# at the beginning and the year at the end)
|
||||||
|
# Number of backups to keep (default 7)
|
||||||
|
# versions = 7
|
@ -1,5 +1,16 @@
|
|||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
|
kanidm-server:
|
||||||
|
image: kanidm/server:latest
|
||||||
|
volumes:
|
||||||
|
- kanidmd:/data
|
||||||
|
- ./config/kanidm.toml:/data/server.toml
|
||||||
|
- ./config/ca.pem:/data/ca.pem
|
||||||
|
- ./config/ca.key:/data/ca.key
|
||||||
|
ports:
|
||||||
|
- 636:3636
|
||||||
|
- 443:8443
|
||||||
|
- 8400:80
|
||||||
quickwit:
|
quickwit:
|
||||||
image: quickwit/quickwit:v0.5.2
|
image: quickwit/quickwit:v0.5.2
|
||||||
command: run
|
command: run
|
||||||
@ -35,3 +46,6 @@ services:
|
|||||||
- '3000:3000'
|
- '3000:3000'
|
||||||
volumes:
|
volumes:
|
||||||
- ./grafana/plugins:/var/lib/grafana/plugins
|
- ./grafana/plugins:/var/lib/grafana/plugins
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
kanidmd:
|
||||||
|
Loading…
Reference in New Issue
Block a user