info:
  summary: Install and setup kanidm on openSUSE Tumbleweed JeOS image
  description: |+
               This KankuFile

               * download the latest dki openSUSE Tumbleweed image
               * install kanidm
               * create self-signed CA certificate
               * setup kanidm

domain_name: idm
default_job: idm
login_user: root
login_pass: kankudai

jobs:
 idm:
  -
    use_module: Kanku::Handler::SetJobContext
    options:
      host_interface: eth0
  -
    use_module: Kanku::Handler::OBSCheck
    options:
      project: devel:kanku:images
      package: openSUSE-Tumbleweed-JeOS:ext4
      repository: images_tumbleweed
  -
    use_module: Kanku::Handler::ImageDownload
  -
    use_module: Kanku::Handler::CreateDomain
    options:
      memory: 2G
      vcpu: 2
      use_9p: 1
  -
    use_module: Kanku::Handler::PrepareSSH
  -
    use_module: Kanku::Handler::CopyProfile
  -
    use_module: Kanku::Handler::ExecuteCommandViaSSH
    options:
      commands:
        # Avoid dhcp/dns problems
        - systemctl restart network
        - zypper ref -s
        - zypper -n dup
        # Install recommended packages
        - zypper -n in easy-rsa hostname bind-utils
        - zypper -n in kanidm kanidm-server kanidm-clients openssl hostname bind-utils
        - perl -p -i -e 's/idm.example.com/idm.kanku.devel/' /etc/kanidm/server.toml
        - mkdir -p /var/lib/private/kanidm/
        #- chmod 750 /var/lib/private/
        #- chgrp 61388 /var/lib/private/
        - echo -en "DE\nBavaria\nNuremberg\nKanIDM Test\nKanIDM Test CA\nidm.kanku.devel\n\n"|openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -keyout /var/lib/private/kanidm/key.pem -out /var/lib/private/kanidm/chain.pem
        - cp /var/lib/private/kanidm/chain.pem /etc/pki/trust/anchors/local_ca.pem
        - update-ca-certificates 
        - chown 61388:61388 -R /var/lib/private/kanidm/
        - systemctl enable --now kanidmd
        - kanidmd recover-account admin > /home/kanku/admin.log
        - kanidmd recover-account idm_admin > /home/kanku/idm_admin.log
# FIXME: Find a way to pass the password to kanidm
#  -
#    use_module: Kanku::Handler::ExecuteCommandViaSSH
#    options:
#      username: kanku
#      commands:
#        - echo hallo|kanidm login --name idm_admin --url https://idm.kanku.devel:443
notifiers:
  idm:
    -
      use_module: Kanku::Notifier::Console
      options:
        template: |+
          [% USE Filter::ANSIColor 'color' %]
          ****
          **** To test your setup try to login into kanidm with the users admin/idm_admin
          ****
          # [% "kanku ssh" |color 'blue' +%]
          # [% "kanidm login --name idm_admin --url https://idm.kanku.devel:443" |color 'blue' +%]
          ****
          **** You can find the passwords the following file:
          ****
          **** [% "/home/kanku/admin.log" |color 'yellow' +%]
          **** [% "/home/kanku/idm_admin.log" |color 'yellow' +%]
          ****
          ****
      states: succeed
