version: "3"
services:
######## App ########
  lldap:
    image: nitnelave/lldap:v0.5.0
    container_name: lldap-app
    restart: always
    ports:
      # For LDAP
      - "3890:3890"
      # For the web front-end
      - "17170:17170"
    networks:
      - intern
      - traefik
      - mail-relay
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - "lldap:/data"
    depends_on:
      - lldap-db
    environment:
      UID: 1000
      GID: 1000

######## DB ########
  lldap-db:
    image: mariadb:10.6.14
    container_name: lldap-db
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_root_password', 'password') }}"
      MYSQL_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_password', 'password') }}"
      MYSQL_DATABASE: "lldap"
      MYSQL_USER: "lldap-db-user"
      MYSQL_INITDB_SKIP_TZINFO: "1"
    networks:
      - intern
    healthcheck:
      interval: 30s
      retries: 3
      test:
        [
          "CMD",
          "healthcheck.sh",
          "--connect",
        ]
      timeout: 30s

######## Volumes ########
volumes:
  lldap:
  db:
######## Networks ########
networks:
  intern:
  traefik:
    external: true
  mail-relay:
    external: true
  auth:
    external: true
# ToDo
# Secrets
# db heraltcheck
# https://github.com/lldap/lldap/blob/main/example_configs/keycloak.md
# secrets in ekycloak anapssen
# dashbaord