2024-04-02 22:45:37 +02:00
|
|
|
version: "3"
|
|
|
|
services:
|
|
|
|
######## App ########
|
|
|
|
lldap:
|
|
|
|
image: nitnelave/lldap:v0.5.0
|
|
|
|
container_name: lldap-app
|
|
|
|
restart: always
|
|
|
|
ports:
|
|
|
|
# For LDAP
|
|
|
|
- "3890:3890"
|
|
|
|
# For the web front-end
|
|
|
|
- "17170:17170"
|
|
|
|
networks:
|
|
|
|
- intern
|
|
|
|
- traefik
|
|
|
|
- mail-relay
|
|
|
|
volumes:
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
- "lldap:/data"
|
2024-04-02 23:39:05 +02:00
|
|
|
depends_on:
|
|
|
|
- lldap-db
|
2024-04-02 22:45:37 +02:00
|
|
|
environment:
|
|
|
|
UID: 1000
|
|
|
|
GID: 1000
|
|
|
|
LLDAP_HTTP_PORT: 17170
|
2024-04-02 22:54:54 +02:00
|
|
|
LLDAP_HTTP_URL: "http://docker10.grote.lan:17170"
|
2024-04-02 22:48:44 +02:00
|
|
|
LLDAP_KEY_SEED: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}"
|
2024-04-02 22:45:37 +02:00
|
|
|
LLDAP_VERBOSE: true
|
2024-04-02 22:48:44 +02:00
|
|
|
LLDAP_JWT_SECRET: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}"
|
2024-04-02 22:54:54 +02:00
|
|
|
LLDAP_LDAP_BASE_DN: "dc=grote,dc=lan"
|
|
|
|
LLDAP_USER_DN: "admin"
|
2024-04-02 22:48:44 +02:00
|
|
|
LLDAP_LDAP_USER_PASS: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') }}"
|
2024-04-02 23:01:08 +02:00
|
|
|
LLDAP_DATABASE_URL: "mysql://lldap-db-user:{{ lookup('keepass', 'lldap_mysql_password', 'password') }}@lldap-db/lldap"
|
2024-04-02 22:45:37 +02:00
|
|
|
LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_reset: true
|
|
|
|
LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <info@mgrote.net>"
|
|
|
|
LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <info@mgrote.net>"
|
2024-04-02 22:54:54 +02:00
|
|
|
LLDAP_SMTP_OPTIONS__SERVER: "mail-relay"
|
|
|
|
LLDAP_SMTP_OPTIONS__PORT: "25"
|
|
|
|
LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "NONE"
|
|
|
|
LLDAP_SMTP_OPTIONS__USER: "info@mgrote.net"
|
2024-04-02 22:45:37 +02:00
|
|
|
|
|
|
|
######## DB ########
|
|
|
|
lldap-db:
|
|
|
|
image: mariadb:10.6.14
|
|
|
|
container_name: lldap-db
|
|
|
|
restart: always
|
|
|
|
volumes:
|
|
|
|
- /etc/localtime:/etc/localtime:ro
|
|
|
|
- /etc/timezone:/etc/timezone:ro
|
|
|
|
- db:/var/lib/mysql
|
|
|
|
environment:
|
2024-04-02 22:54:54 +02:00
|
|
|
MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_root_password', 'password') }}"
|
2024-04-02 23:01:08 +02:00
|
|
|
MYSQL_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_password', 'password') }}"
|
2024-04-02 22:54:54 +02:00
|
|
|
MYSQL_DATABASE: "lldap"
|
|
|
|
MYSQL_USER: "lldap-db-user"
|
|
|
|
MYSQL_INITDB_SKIP_TZINFO: "1"
|
2024-04-02 22:45:37 +02:00
|
|
|
networks:
|
|
|
|
- intern
|
2024-04-02 23:39:05 +02:00
|
|
|
healthcheck:
|
|
|
|
interval: 30s
|
|
|
|
retries: 3
|
|
|
|
test:
|
|
|
|
[
|
|
|
|
"CMD",
|
|
|
|
"healthcheck.sh",
|
|
|
|
"--connect",
|
|
|
|
]
|
|
|
|
timeout: 30s
|
2024-04-02 22:45:37 +02:00
|
|
|
|
|
|
|
######## Volumes ########
|
|
|
|
volumes:
|
|
|
|
lldap:
|
|
|
|
db:
|
|
|
|
######## Networks ########
|
|
|
|
networks:
|
|
|
|
intern:
|
|
|
|
traefik:
|
|
|
|
external: true
|
|
|
|
mail-relay:
|
|
|
|
external: true
|
|
|
|
auth:
|
|
|
|
external: true
|
|
|
|
# ToDo
|
|
|
|
# Secrets
|
|
|
|
# db heraltcheck
|
|
|
|
# https://github.com/lldap/lldap/blob/main/example_configs/keycloak.md
|
|
|
|
# secrets in ekycloak anapssen
|
|
|
|
# dashbaord
|