Use public TLS cert for kanidm

2024-11-03 18:09:33 +00:00 · 2024-11-03 18:09:33 +00:00 · 50589e5179
commit 50589e5179
parent 9591c52463
4 changed files with 10 additions and 7 deletions
--- a/servers/ansible/playbook.yaml
+++ b/servers/ansible/playbook.yaml
@ -30,6 +30,8 @@
      ansible.posix.synchronize:
        src: ../kanidm/
        dest: /etc/kanidm
+    - name: Make kanidm entrypoint executable
+      file: dest=/etc/kanidm/entrypoint.sh mode=a+x
    - name: Creates kanidm data directory
      file:
        path: /var/opt/kanidm_data
--- a/servers/containers/kanidm.container
+++ b/servers/containers/kanidm.container
@ -15,7 +15,8 @@ Image=docker.io/kanidm/server:latest
 ReadOnly=true
 # Volume=/run/podman/podman.sock:/var/run/docker.sock:z
 Volume=/var/opt/kanidm_data:/data:Z
-Volume=kanidm-certs.volume:/data/certs:z
+# Volume=kanidm-certs.volume:/data/certs:z
+Volume=traefik-certs.volume:/data/certs:ro
 Volume=/etc/kanidm/entrypoint.sh:/entrypoint.sh:ro,z
 Volume=/etc/kanidm/data/server.toml:/data/server.toml:ro,z

--- a/servers/kanidm/data/server.toml
+++ b/servers/kanidm/data/server.toml
@ -45,8 +45,8 @@ db_path = "/data/kanidm.db"
 # db_arc_size = 2048
 #
 #   TLS chain and key in pem format. Both must be present
-tls_chain = "/data/certs/chain.pem"
-tls_key = "/data/certs/key.pem"
+tls_chain = "/data/certs/idm.ellis.link/cert.pem"
+tls_key = "/data/certs/idm.ellis.link/key.pem"
 #
 #   The log level of the server. May be one of info, debug, trace
 #
--- a/servers/kanidm/entrypoint.sh
+++ b/servers/kanidm/entrypoint.sh
@ -2,9 +2,9 @@

 set -e

-if [ ! -f /data/certs/cert.pem ]; then
-    echo "Generating certs"
-    /sbin/kanidmd cert-generate -c /data/server.toml
-fi
+# if [ ! -f /data/certs/cert.pem ]; then
+#     echo "Generating certs"
+#     /sbin/kanidmd cert-generate -c /data/server.toml
+# fi

 /sbin/kanidmd server -c /data/server.toml