init commit

.env.example

@@ -0,0 +1,52 @@
+# Service name
+#
+SERVICE_NAME=freeipa
+IP_ADDRESS=0.0.0.0
+EXTERNAL_PORT=8443
+
+# Docker image
+#
+DOCKER_IMAGE_FREEIPA=freeipa/freeipa-server
+DOCKER_IMAGE_BACKUP=vasyakrg/backup
+
+# Container name
+#
+CONTAINER_NAME_FREEIPA=server
+CONTAINER_NAME_BACKUP=backup
+
+# Backup settings
+#
+BACKUP_DIR=/srv/backup
+BACKUP_SCHEDULE=@day/3
+
+S3_APPLICATION_KEY=<PASS_HERE>
+S3_ACCOUNT_ID=<PASS_HERE>
+S3_HOST_BASE=<PASS_HERE>
+S3_BACKET=<PASS_HERE>
+S3_PATH=<PASS_HERE>/freeipa
+
+# FreeIPA IP
+#
+IPA_SERVER_IP=<PASS_HERE>
+
+# DNS settings
+#
+#DNS_SERVER=8.8.8.8
+#DNS_SEARCH=<PASS_HERE>
+
+# FreeIPA hostname
+#
+FREEIPA_HOST=dss1.<PASS_HERE>
+
+# Email for letsencrypt
+#
+LETSENCRYPT_EMAIL=<PASS_HERE>
+
+# Use letsencrypt certificates
+#
+USE_LETSENCRYPT_CERTS=0
+
+# Container data path on the host
+# Summary container data path will be "${SERVICE_DATA}/${CONTAINER_NAME_FREEIPA}"
+#
+SERVICE_DATA=/srv/freeipa/data

.gitignore

@@ -0,0 +1 @@
+.env

README.me

@@ -0,0 +1,8 @@
+# FreeIPA
+единая точка авторизации для других сервисов по типу Active Directory
+
+
+##### Автор
+- **Vassiliy Yegorov** - *Initial work* - [vasyakrg](https://github.com/vasyakrg)
+- [сайт](vk.com/realmanual)
+- [youtube](youtube.com/realmanual)

docker-compose.yml

@@ -0,0 +1,75 @@
+version: '3.5'
+
+services:
+  backup:
+    image: ${DOCKER_IMAGE_BACKUP}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_BACKUP}
+    command: freeipa backup --service freeipa_${FREEIPA_HOST} --data /backup/data S3://${S3_PATH} --container ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - ${SERVICE_DATA}:/backup/data
+    environment:
+      - BACKUP_SCHEDULE=${BACKUP_SCHEDULE}
+      - FREEIPA_HOST=${FREEIPA_HOST}
+      - SERVICE_NAME=${SERVICE_NAME}
+      - CONTAINER_NAME_FREEIPA=${CONTAINER_NAME_FREEIPA}
+      - S3_APPLICATION_KEY=${S3_APPLICATION_KEY}
+      - S3_ACCOUNT_ID=${S3_ACCOUNT_ID}
+      - S3_HOST_BASE=${S3_HOST_BASE}
+      - S3_PATH=${S3_PATH}
+      - S3_BACKET=${S3_BACKET}
+    tmpfs:
+      - /tmp
+    networks:
+      - freeipa
+
+  freeipa:
+    image: ${DOCKER_IMAGE_FREEIPA}
+    container_name: ${SERVICE_NAME}_${CONTAINER_NAME_FREEIPA}
+    volumes:
+    - ${SERVICE_DATA}:/data
+    - /sys/fs/cgroup:/sys/fs/cgroup:ro
+    tmpfs:
+    - /run
+    - /tmp
+    ports:
+    - "53:53/udp"
+    - "53:53"
+    - ${IP_ADDRESS}:${EXTERNAL_PORT}:443
+    - "389:389"
+    - "636:636"
+    - "88:88"
+    - "464:464"
+    - "88:88/udp"
+    - "464:464/udp"
+    - "123:123/udp"
+    - "7389:7389"
+    - "9443:9443"
+    - "9444:9444"
+    - "9445:9445"
+    expose:
+    - 443
+
+    environment:
+    - FREEIPA_HOST=${FREEIPA_HOST}
+    # - USE_LETSENCRYPT_CERTS=${USE_LETSENCRYPT_CERTS}
+    - IPA_SERVER_IP=${IPA_SERVER_IP}
+    - VIRTUAL_HOST=${FREEIPA_HOST}
+    # - LETSENCRYPT_HOST=${FREEIPA_HOST}
+    # - LETSENCRYPT_EMAIL=${LETSENCRYPT_EMAIL}
+    - VIRTUAL_PROTO=https
+    - VIRTUAL_PORT=443
+#    - HTTPS_METHOD=noredirect
+    hostname: ${FREEIPA_HOST}
+    restart: always
+    sysctls:
+    - net.ipv6.conf.all.disable_ipv6=0
+    - net.ipv6.conf.lo.disable_ipv6=0
+    - net.ipv6.conf.eth0.disable_ipv6=0
+    cap_add:
+      - SYS_TIME
+    networks:
+    - freeipa
+
+networks:
+  freeipa: