Dotfiles

Commit Graph

Author	SHA1	Message	Date
The_miro	9e708556d5	setup: replace proxmox-vm target with proxmox-lxc in image builder The previous proxmox-vm target (virt-customize + QCOW2) is replaced with a proper Proxmox LXC CT template builder: - Exports container rootfs as .tar.zst (same mechanism as the lxc target) - Asks for CT ID, storage, bridge, memory, cores, disk size - Generates pve-ct-<VMID>.conf with the required FreeIPA LXC options: unprivileged: 0 lxc.apparmor.profile: unconfined lxc.cap.drop: lxc.mount.auto: proc:rw sys:rw cgroup:rw lxc.cgroup2.devices.allow: a - Generates proxmox-lxc-setup.txt with the full 6-step setup guide (upload, pct create, apply LXC opts, set env vars, start, Keycloak) - Optionally uploads template + conf to Proxmox host via SCP if a host is provided Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-18 11:27:50 +02:00
The_miro	f66775ce54	setup: add FreeIPA image builder and Keycloak integration freeipa-image-builder.sh: TUI chooser that builds a FreeIPA server image and exports it to four target formats: docker — builds via podman/docker, optional registry push lxc — exports container rootfs as .tar.zst Proxmox CT template, generates pct import instructions proxmox-vm — downloads Rocky/Fedora cloud image, customizes with virt-customize, outputs QCOW2 + cloud-init user-data.yml oci-archive — skopeo OCI tarball for air-gapped import Keycloak TUI option generates the full constellation: docker-compose.yml FreeIPA + Keycloak + PostgreSQL stack .env pre-filled env template (passwords placeholder) keycloak-configure.sh post-start Keycloak REST API config script image/Dockerfile: Fedora 41 + freeipa-server-dns + ansible-core, systemd-enabled container (CMD /sbin/init). image/ipa-first-boot.{sh,service}: systemd oneshot that runs ipa-server-install on first container/VM boot from env vars (IPA_DOMAIN, IPA_ADMIN_PASSWORD, IPA_DM_PASSWORD, and optionals). ConditionPathExists=!/etc/ipa/default.conf makes it idempotent. image/keycloak-configure.sh: Keycloak REST API automation that: - waits for Keycloak readiness - creates a realm - wires FreeIPA LDAP user federation (READ_ONLY, vendor=rhds) - adds attribute mappers: email, firstName, lastName, uidNumber - adds group mapper (IPA groups → Keycloak groups, cn=groups,cn=accounts) - triggers an initial full user sync image/docker-compose.yml: freeipa + postgres + keycloak services on a private 172.30.0.0/24 bridge; FreeIPA has a fixed IP so Keycloak can resolve it via extra_hosts. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-18 11:22:48 +02:00

Author

SHA1

Message

Date

The_miro

9e708556d5

setup: replace proxmox-vm target with proxmox-lxc in image builder

The previous proxmox-vm target (virt-customize + QCOW2) is replaced with
a proper Proxmox LXC CT template builder:

- Exports container rootfs as .tar.zst (same mechanism as the lxc target)
- Asks for CT ID, storage, bridge, memory, cores, disk size
- Generates pve-ct-<VMID>.conf with the required FreeIPA LXC options:
    unprivileged: 0
    lxc.apparmor.profile: unconfined
    lxc.cap.drop:
    lxc.mount.auto: proc:rw sys:rw cgroup:rw
    lxc.cgroup2.devices.allow: a
- Generates proxmox-lxc-setup.txt with the full 6-step setup guide
  (upload, pct create, apply LXC opts, set env vars, start, Keycloak)
- Optionally uploads template + conf to Proxmox host via SCP if a
  host is provided

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-18 11:27:50 +02:00

The_miro

f66775ce54

setup: add FreeIPA image builder and Keycloak integration

freeipa-image-builder.sh: TUI chooser that builds a FreeIPA server image
and exports it to four target formats:
  docker      — builds via podman/docker, optional registry push
  lxc         — exports container rootfs as .tar.zst Proxmox CT template,
                 generates pct import instructions
  proxmox-vm  — downloads Rocky/Fedora cloud image, customizes with
                 virt-customize, outputs QCOW2 + cloud-init user-data.yml
  oci-archive — skopeo OCI tarball for air-gapped import

Keycloak TUI option generates the full constellation:
  docker-compose.yml   FreeIPA + Keycloak + PostgreSQL stack
  .env                 pre-filled env template (passwords placeholder)
  keycloak-configure.sh  post-start Keycloak REST API config script

image/Dockerfile: Fedora 41 + freeipa-server-dns + ansible-core,
systemd-enabled container (CMD /sbin/init).

image/ipa-first-boot.{sh,service}: systemd oneshot that runs
ipa-server-install on first container/VM boot from env vars
(IPA_DOMAIN, IPA_ADMIN_PASSWORD, IPA_DM_PASSWORD, and optionals).
ConditionPathExists=!/etc/ipa/default.conf makes it idempotent.

image/keycloak-configure.sh: Keycloak REST API automation that:
  - waits for Keycloak readiness
  - creates a realm
  - wires FreeIPA LDAP user federation (READ_ONLY, vendor=rhds)
  - adds attribute mappers: email, firstName, lastName, uidNumber
  - adds group mapper (IPA groups → Keycloak groups, cn=groups,cn=accounts)
  - triggers an initial full user sync

image/docker-compose.yml: freeipa + postgres + keycloak services on
a private 172.30.0.0/24 bridge; FreeIPA has a fixed IP so Keycloak
can resolve it via extra_hosts.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-05-18 11:22:48 +02:00

2 Commits (e25dd231cb55cba6ad0e3ba5b962e40135cd8743)