diff --git a/kanidm/Dockerfile b/kanidm/Dockerfile
new file mode 100644
index 0000000..9d13581
--- /dev/null
+++ b/kanidm/Dockerfile
@@ -0,0 +1,63 @@
+FROM almalinux:9 AS builder
+
+ARG KANIDM_VERSION
+ARG KANIDM_FEATURES
+ARG KANIDM_BUILD_PROFILE="container_generic"
+ARG KANIDM_BUILD_OPTIONS=""
+
+# Set the build profile
+ENV KANIDM_BUILD_PROFILE=${KANIDM_BUILD_PROFILE:-container_generic}
+ENV RUSTFLAGS="-Clinker=clang -Clink-arg=-fuse-ld=/usr/bin/ld.mold"
+
+RUN dnf install -y epel-release dnf-plugins-core \
+  && dnf update -y \
+  && dnf config-manager --enable crb \
+  && dnf clean all \
+  && rm -rf /var/cache/yum
+
+RUN dnf install -y clang mold pam-devel openssl-devel git make automake gawk systemd-libs systemd-devel systemd-udev \
+  && dnf clean all \
+  && rm -rf /var/cache/yum
+
+# Get Rust
+ENV RUSTUP_HOME=/root/.rustup
+ENV CARGO_HOME=/root/.cargo
+ENV PATH=/root/.cargo/bin:${PATH}
+RUN curl -s --proto '=https' --tlsv1.3 -sSf 'https://sh.rustup.rs' | sh -s -- -y --no-modify-path || true
+
+RUN git clone --branch $KANIDM_VERSION --depth 1 https://github.com/kanidm/kanidm.git /usr/src/kanidm
+
+WORKDIR /usr/src/kanidm
+
+# Exports don't persist through RUN statements.
+RUN make release/kanidmd
+RUN make release/kanidm
+
+FROM almalinux:9
+
+COPY *.repo /etc/yum.repos.d/
+
+RUN dnf install -y openssl sqlite pam kubectl \
+  && dnf clean all \
+  && rm -rf /var/cache/yum
+
+COPY --from=builder /usr/src/kanidm/target/release/kanidmd /sbin/
+COPY --from=builder /usr/src/kanidm/target/release/kanidm /sbin/
+COPY --from=builder /usr/src/kanidm/server/core/static /hpkg
+RUN chmod +x /sbin/kanidmd
+
+WORKDIR /data
+
+EXPOSE 8443 3636
+
+ENV RUST_BACKTRACE=1
+
+HEALTHCHECK \
+    --interval=60s \
+    --timeout=10s \
+    --start-period=60s \
+    --start-interval=5s \
+    --retries=3 \
+    CMD [ "/sbin/kanidmd", "healthcheck", "-c", "/data/server.toml"]
+
+CMD [ "/sbin/kanidmd", "server", "-c", "/data/server.toml"]
diff --git a/kanidm/Makefile b/kanidm/Makefile
new file mode 100644
index 0000000..2d007cd
--- /dev/null
+++ b/kanidm/Makefile
@@ -0,0 +1,16 @@
+VERSION=1.6.2
+BUILD=1
+IMAGE=kanidm
+REGISTRY=gitea.geekhome.org/ghp
+
+.PHONY: build push all
+
+build:
+	docker build $(NO_CACHE) \
+		--build-arg KANIDM_VERSION=v$(VERSION) \
+		-t $(REGISTRY)/$(IMAGE):$(VERSION)-$(BUILD) .
+
+push:
+	docker push $(REGISTRY)/$(IMAGE):$(VERSION)-$(BUILD)
+
+all: build push
diff --git a/kanidm/kubernetes.repo b/kanidm/kubernetes.repo
new file mode 100644
index 0000000..20d610f
--- /dev/null
+++ b/kanidm/kubernetes.repo
@@ -0,0 +1,6 @@
+[kubernetes]
+name=Kubernetes
+baseurl=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/
+enabled=1
+gpgcheck=1
+gpgkey=https://pkgs.k8s.io/core:/stable:/v1.32/rpm/repodata/repomd.xml.key