homeserver/docker-compose/lldap/docker-compose.yml.j2

90 lines
2.4 KiB
Text
Raw Normal View History

2024-04-02 22:45:37 +02:00
version: "3"
services:
######## App ########
lldap:
image: nitnelave/lldap:v0.5.0
container_name: lldap-app
restart: always
ports:
# For LDAP
- "3890:3890"
# For the web front-end
- "17170:17170"
networks:
- intern
- traefik
- mail-relay
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- "lldap:/data"
2024-04-02 23:39:05 +02:00
depends_on:
- lldap-db
2024-04-02 22:45:37 +02:00
environment:
UID: 1000
GID: 1000
LLDAP_HTTP_PORT: 17170
2024-04-02 22:54:54 +02:00
LLDAP_HTTP_URL: "http://docker10.grote.lan:17170"
2024-04-02 22:48:44 +02:00
LLDAP_KEY_SEED: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}"
2024-04-02 22:45:37 +02:00
LLDAP_VERBOSE: true
2024-04-02 22:48:44 +02:00
LLDAP_JWT_SECRET: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}"
2024-04-02 22:54:54 +02:00
LLDAP_LDAP_BASE_DN: "dc=grote,dc=lan"
LLDAP_USER_DN: "admin"
2024-04-02 22:48:44 +02:00
LLDAP_LDAP_USER_PASS: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') }}"
2024-04-02 23:01:08 +02:00
LLDAP_DATABASE_URL: "mysql://lldap-db-user:{{ lookup('keepass', 'lldap_mysql_password', 'password') }}@lldap-db/lldap"
2024-04-02 22:45:37 +02:00
LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_reset: true
LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <info@mgrote.net>"
LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <info@mgrote.net>"
2024-04-02 22:54:54 +02:00
LLDAP_SMTP_OPTIONS__SERVER: "mail-relay"
LLDAP_SMTP_OPTIONS__PORT: "25"
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "NONE"
LLDAP_SMTP_OPTIONS__USER: "info@mgrote.net"
2024-04-02 22:45:37 +02:00
######## DB ########
lldap-db:
image: mariadb:10.6.14
container_name: lldap-db
restart: always
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/timezone:/etc/timezone:ro
- db:/var/lib/mysql
environment:
2024-04-02 22:54:54 +02:00
MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_root_password', 'password') }}"
2024-04-02 23:01:08 +02:00
MYSQL_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_password', 'password') }}"
2024-04-02 22:54:54 +02:00
MYSQL_DATABASE: "lldap"
MYSQL_USER: "lldap-db-user"
MYSQL_INITDB_SKIP_TZINFO: "1"
2024-04-02 22:45:37 +02:00
networks:
- intern
2024-04-02 23:39:05 +02:00
healthcheck:
interval: 30s
retries: 3
test:
[
"CMD",
"healthcheck.sh",
"--connect",
]
timeout: 30s
2024-04-02 22:45:37 +02:00
######## Volumes ########
volumes:
lldap:
db:
######## Networks ########
networks:
intern:
traefik:
external: true
mail-relay:
external: true
auth:
external: true
# ToDo
# Secrets
# db heraltcheck
# https://github.com/lldap/lldap/blob/main/example_configs/keycloak.md
# secrets in ekycloak anapssen
# dashbaord