homeserver/docker-compose/lldap/docker-compose.yml.j2

version: "3"
services:
######## App ########
  lldap:
    image: nitnelave/lldap:stable
    container_name: lldap-app
    restart: always
    ports:
      # For LDAP
      - "3890:3890"
      # For the web front-end
      - "17170:17170"
    networks:
      - intern
      - nw_aaa
      - traefik
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - "lldap:/data"
    environment:
      - UID=1000
      - GID=1000
      - LLDAP_JWT_SECRET={{ lookup('keepass', 'LLDAP_JWT_SECRET', 'password') }}
      - LLDAP_LDAP_USER_PASS={{ lookup('keepass', 'LLDAP_LDAP_USER_PASS', 'password') }}
      #- LLDAP_USER_DN="LLDAP-ADMIN"
      - LLDAP_LDAP_BASE_DN=dc=grote,dc=lan
      - LLDAP_DATABASE_URL=mysql://lldap-db-user:{{ lookup('keepass', 'LLDAP_MYSQL_PASSWORD', 'password') }}@lldap-db/lldap
      - LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_reset=true
      - LLDAP_SMTP_OPTIONS__SERVER=smtp.strato.de
      - LLDAP_SMTP_OPTIONS__PORT=587
      - LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=STARTTLS
      - LLDAP_SMTP_OPTIONS__USER=info@mgrote.net
      - LLDAP_SMTP_OPTIONS__PASSWORD={{ lookup('keepass', 'postfix_absender_passwort', 'password') }}
      - LLDAP_SMTP_OPTIONS__FROM="LLDAP Admin <info@mgrote.net>"
      - LLDAP_SMTP_OPTIONS__REPLY_TO="Do not reply <info@mgrote.net>"
      #- LLDAP_KEY_FILE={{ lookup('keepass', 'LLDAP_KEY_FILE', 'password') }}
      #- LLDAP_VERBOSE=true
      - LLDAP_HTTP_URL="http://docker10.grote.lan:17170" # The public URL of the server, for password reset links.
    labels:
      - com.centurylinklabs.watchtower.enable=true
      - com.centurylinklabs.watchtower.depends-on=lldap-db
######## DB ########
  nextcloud-db:
    image: mariadb:10
    container_name: lldap-db
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - db:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD={{ lookup('keepass', 'LLDAP_MYSQL_ROOT_PASSWORD', 'password') }}
      - MYSQL_PASSWORD={{ lookup('keepass', 'LLDAP_MYSQL_PASSWORD', 'password') }}
      - MYSQL_DATABASE=lldap
      - MYSQL_USER=lldap-db-user
      - MYSQL_INITDB_SKIP_TZINFO=1
    networks:
      - intern
    labels:
      - com.centurylinklabs.watchtower.enable=true

######## Volumes ########
volumes:
  lldap:
  db:
######## Networks ########
networks:
  nw_aaa:
    external: true
  intern:
  traefik:
    external: true


## (example with "password"): - LLDAP_SMTP_OPTIONS__PASSWORD
## Whether to enabled password reset via email, from LLDAP.