kanidm01: add kanidm authentication server

- New test-tier VM at 10.69.13.23 with role=auth - Kanidm 1.8 server with HTTPS (443) and LDAPS (636) - ACME certificate from internal CA (auth.home.2rjus.net) - Provisioned groups: admins, users, ssh-users - Provisioned user: torjus - Daily backups at 22:00 (7 versions) - Prometheus monitoring scrape target Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-08 00:13:59 +01:00
parent 732e9b8c22
commit ca0e3fd629
7 changed files with 171 additions and 0 deletions
--- a/terraform/vault/hosts-generated.tf
+++ b/terraform/vault/hosts-generated.tf
@@ -33,6 +33,12 @@ locals {
        "secret/data/shared/homelab-deploy/*",
      ]
    }
+    "kanidm01" = {
+      paths = [
+        "secret/data/hosts/kanidm01/*",
+        "secret/data/kanidm/*",
+      ]
+    }
  
  }

--- a/terraform/vault/secrets.tf
+++ b/terraform/vault/secrets.tf
@@ -102,6 +102,12 @@ locals {
      auto_generate = false
      data          = { nkey = var.homelab_deploy_admin_deployer_nkey }
    }
+
+    # Kanidm idm_admin password
+    "kanidm/idm-admin-password" = {
+      auto_generate   = true
+      password_length = 32
+    }
  }
 }