mirror of
https://github.com/kanidm/kanidm.git
synced 2025-02-23 12:37:00 +01:00
3b3c029e30
* fix: outdated poetry.toml entries * fix: better handling errors on startup in radius_entrypoint * fix: radiusd eap config, removing dh_file per error message in freeradius startup * fix: updating docs to be a little clearer and reflect new config * fix: fixing up handling dhparam, trying to throw better errors * fix: unified how the config path is found in pykanidm radius, new default config path --------- Co-authored-by: Firstyear <william@blackhats.net.au>
71 lines
1.9 KiB
Docker
71 lines
1.9 KiB
Docker
ARG BASE_IMAGE=opensuse/tumbleweed:latest
|
|
# ARG BASE_IMAGE=opensuse/leap:15.5
|
|
|
|
# FROM ${BASE_IMAGE} as repos
|
|
FROM ${BASE_IMAGE}
|
|
|
|
ADD ../scripts/zypper_fixing.sh /zypper_fixing.sh
|
|
RUN /zypper_fixing.sh
|
|
|
|
# ======================
|
|
# FROM repos
|
|
ARG RADIUS_USER=radiusd
|
|
EXPOSE 1812 1813
|
|
ENV KANIDM_CONFIG_FILE="/data/kanidm"
|
|
|
|
RUN zypper install -y \
|
|
freeradius-client \
|
|
freeradius-server \
|
|
freeradius-server-python3 \
|
|
freeradius-server-utils \
|
|
hostname \
|
|
python3 \
|
|
python3-devel \
|
|
python3-pip \
|
|
timezone \
|
|
iproute2 \
|
|
iputils \
|
|
openssl \
|
|
curl
|
|
|
|
# Don't put in the TZ at build time - it needs to be bind mounted at runtime
|
|
# else we are forcing things on people.
|
|
# RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
|
|
|
|
ADD rlm_python/mods-available/ /etc/raddb/mods-available/
|
|
COPY rlm_python/sites-available/ /etc/raddb/sites-available/
|
|
|
|
# Set a working directory of /etc/raddb
|
|
WORKDIR /etc/raddb
|
|
|
|
# Enable the python and cache module.
|
|
RUN ln -s /etc/raddb/mods-available/python3 /etc/raddb/mods-enabled/python3 && \
|
|
ln -s /etc/raddb/sites-available/check-eap-tls /etc/raddb/sites-enabled/check-eap-tls
|
|
|
|
# disable auth via methods we don't support!
|
|
RUN rm /etc/raddb/mods-available/sql && \
|
|
rm /etc/raddb/mods-enabled/{passwd,totp}
|
|
|
|
# Allows the radiusd user to write to the directory
|
|
RUN chown -R $RADIUS_USER. /etc/raddb/ && \
|
|
chmod 775 /etc/raddb/certs && \
|
|
chmod 640 /etc/raddb/clients.conf
|
|
|
|
RUN mkdir -p /pkg/pykanidm/
|
|
COPY pykanidm/ /pkg/pykanidm/
|
|
|
|
# install the package and its dependencies
|
|
RUN python3 -m pip install \
|
|
--break-system-packages \
|
|
--no-cache-dir \
|
|
--no-warn-script-location \
|
|
/pkg/pykanidm
|
|
|
|
COPY rlm_python/radius_entrypoint.py /radius_entrypoint.py
|
|
|
|
RUN mkdir /data && chown radiusd /data
|
|
RUN chmod a+r /etc/raddb/certs/ -R
|
|
USER $RADIUS_USER
|
|
|
|
CMD [ "/usr/bin/python3", "/radius_entrypoint.py" ]
|