Port Table

Port	Service
4200	Paperless
5000	SMTP4Dev
5173	Fundelio Vite App
8443	Kanidm

Django Admin Page

http://localhost:8000/admin/ (the final slash is required)

Install docker development stack

Get a development shell:

nix develop

Set up the mc-admin database:

docker compose run mc-admin python manage.py makemigrations
docker compose run mc-admin python manage.py migrate

Start the docker stack:

docker compose up -d

For OIDC to work, you'll need to set up a couple of things:

• The domain auth.local should resolve to localhost

Prepare kanidm for everything:

# Generate certs
docker compose run kanidm kanidmd cert-generate

# Get idm_admin password
docker compose run kanidm kanidmd recover-account idm_admin

Note down the previously generated idm_admin password, you'll need it.

Set up OIDC:

# Login the kanidm cli
docker compose run kanidm-cli kanidm login -D idm_admin

# NOTE: Do not use the username "admin" or "idm_admin"
USERNAME=username

# Create person and groups
docker compose run kanidm-cli kanidm person create $USERNAME $USERNAME
docker compose run kanidm-cli kanidm group create mc-admin_users
docker compose run kanidm-cli kanidm group add-members mc-admin_users $USERNAME

# Create and configure the oauth2 client system
docker compose run kanidm-cli kanidm system oauth2 create mc-admin mc-admin http://localhost:8080/accounts/oidc/kanidm/login/callback/
docker compose run kanidm-cli kanidm system oauth2 update-scope-map mc-admin mc-admin_users email profile openid groups

# Output the client secret
docker compose run kanidm-cli kanidm system oauth2 show-basic-secret mc-admin

Put that secret into the .env file.

Now, setup your personal account with credentials:

docker compose run kanidm-cli kanidm person credential create-reset-token $USERNAME

Afterwards, reload the docker env:

docker compose up -d