commit f562b0fa187c8d11e12502501ce5853bebd00704 Author: Vassiliy Yegorov Date: Thu Dec 26 16:19:24 2019 +0700 init commit diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..3374d93 --- /dev/null +++ b/.env.example @@ -0,0 +1,52 @@ +# Service name +# +SERVICE_NAME=freeipa +IP_ADDRESS=0.0.0.0 +EXTERNAL_PORT=8443 + +# Docker image +# +DOCKER_IMAGE_FREEIPA=freeipa/freeipa-server +DOCKER_IMAGE_BACKUP=vasyakrg/backup + +# Container name +# +CONTAINER_NAME_FREEIPA=server +CONTAINER_NAME_BACKUP=backup + +# Backup settings +# +BACKUP_DIR=/srv/backup +BACKUP_SCHEDULE=@day/3 + +S3_APPLICATION_KEY= +S3_ACCOUNT_ID= +S3_HOST_BASE= +S3_BACKET= +S3_PATH=/freeipa + +# FreeIPA IP +# +IPA_SERVER_IP= + +# DNS settings +# +#DNS_SERVER=8.8.8.8 +#DNS_SEARCH= + +# FreeIPA hostname +# +FREEIPA_HOST=dss1. + +# Email for letsencrypt +# +LETSENCRYPT_EMAIL= + +# Use letsencrypt certificates +# +USE_LETSENCRYPT_CERTS=0 + +# Container data path on the host +# Summary container data path will be "${SERVICE_DATA}/${CONTAINER_NAME_FREEIPA}" +# +SERVICE_DATA=/srv/freeipa/data diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c49bd7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.env diff --git a/README.me b/README.me new file mode 100644 index 0000000..e4773a1 --- /dev/null +++ b/README.me @@ -0,0 +1,8 @@ +# FreeIPA +единая точка авторизации для других сервисов по типу Active Directory + + +##### Автор +- **Vassiliy Yegorov** - *Initial work* - [vasyakrg](https://github.com/vasyakrg) +- [сайт](vk.com/realmanual) +- [youtube](youtube.com/realmanual) diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..f4176d4 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,75 @@ +version: '3.5' + +services: + backup: + image: ${DOCKER_IMAGE_BACKUP} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP} + command: freeipa backup --service freeipa_${FREEIPA_HOST} --data /backup/data S3://${S3_PATH} --container ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA} + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ${SERVICE_DATA}:/backup/data + environment: + - BACKUP_SCHEDULE=${BACKUP_SCHEDULE} + - FREEIPA_HOST=${FREEIPA_HOST} + - SERVICE_NAME=${SERVICE_NAME} + - CONTAINER_NAME_FREEIPA=${CONTAINER_NAME_FREEIPA} + - S3_APPLICATION_KEY=${S3_APPLICATION_KEY} + - S3_ACCOUNT_ID=${S3_ACCOUNT_ID} + - S3_HOST_BASE=${S3_HOST_BASE} + - S3_PATH=${S3_PATH} + - S3_BACKET=${S3_BACKET} + tmpfs: + - /tmp + networks: + - freeipa + + freeipa: + image: ${DOCKER_IMAGE_FREEIPA} + container_name: ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA} + volumes: + - ${SERVICE_DATA}:/data + - /sys/fs/cgroup:/sys/fs/cgroup:ro + tmpfs: + - /run + - /tmp + ports: + - "53:53/udp" + - "53:53" + - ${IP_ADDRESS}:${EXTERNAL_PORT}:443 + - "389:389" + - "636:636" + - "88:88" + - "464:464" + - "88:88/udp" + - "464:464/udp" + - "123:123/udp" + - "7389:7389" + - "9443:9443" + - "9444:9444" + - "9445:9445" + expose: + - 443 + + environment: + - FREEIPA_HOST=${FREEIPA_HOST} + # - USE_LETSENCRYPT_CERTS=${USE_LETSENCRYPT_CERTS} + - IPA_SERVER_IP=${IPA_SERVER_IP} + - VIRTUAL_HOST=${FREEIPA_HOST} + # - LETSENCRYPT_HOST=${FREEIPA_HOST} + # - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL} + - VIRTUAL_PROTO=https + - VIRTUAL_PORT=443 +# - HTTPS_METHOD=noredirect + hostname: ${FREEIPA_HOST} + restart: always + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + - net.ipv6.conf.lo.disable_ipv6=0 + - net.ipv6.conf.eth0.disable_ipv6=0 + cap_add: + - SYS_TIME + networks: + - freeipa + +networks: + freeipa: