homeserver/docker-compose/lldap/docker-compose.yml.j2

version: "3"
services:
######## App ########
  lldap:
    image: nitnelave/lldap:v0.5.0
    container_name: lldap-app
    restart: always
    ports:
      # For LDAP
      - "3890:3890"
      # For the web front-end
      - "17170:17170"
    networks:
      - intern
      - traefik
      - mail-relay
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - "lldap:/data"
    depends_on:
      - lldap-db
    environment:
      UID: 1000
      GID: 1000
      LLDAP_HTTP_PORT: 17170
      LLDAP_HTTP_URL: "http://docker10.grote.lan:17170"
      LLDAP_KEY_SEED: "{{ lookup('keepass', 'lldap_key_seed', 'password') }}"
      LLDAP_VERBOSE: true
      LLDAP_JWT_SECRET: "{{ lookup('keepass', 'lldap_jwt_secret', 'password') }}"
      LLDAP_LDAP_BASE_DN: "dc=grote,dc=lan"
      LLDAP_USER_DN: "admin"
      LLDAP_LDAP_USER_PASS: "{{ lookup('keepass', 'lldap_ldap_user_pass', 'password') }}"
      LLDAP_DATABASE_URL: "mysql://lldap-db-user:{{ lookup('keepass', 'lldap_mysql_password', 'password') }}@lldap-db/lldap"
      LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_reset: true
      LLDAP_SMTP_OPTIONS__FROM: "LLDAP Admin <info@mgrote.net>"
      LLDAP_SMTP_OPTIONS__REPLY_TO: "Do not reply <info@mgrote.net>"
      LLDAP_SMTP_OPTIONS__SERVER: "mail-relay"
      LLDAP_SMTP_OPTIONS__PORT: "25"
      LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION: "NONE"
      LLDAP_SMTP_OPTIONS__USER: "info@mgrote.net"

######## DB ########
  lldap-db:
    image: mariadb:10.6.14
    container_name: lldap-db
    restart: always
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
      - db:/var/lib/mysql
    environment:
      MYSQL_ROOT_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_root_password', 'password') }}"
      MYSQL_PASSWORD: "{{ lookup('keepass', 'lldap_mysql_password', 'password') }}"
      MYSQL_DATABASE: "lldap"
      MYSQL_USER: "lldap-db-user"
      MYSQL_INITDB_SKIP_TZINFO: "1"
    networks:
      - intern
    healthcheck:
      interval: 30s
      retries: 3
      test:
        [
          "CMD",
          "healthcheck.sh",
          "--connect",
        ]
      timeout: 30s

######## Volumes ########
volumes:
  lldap:
  db:
######## Networks ########
networks:
  intern:
  traefik:
    external: true
  mail-relay:
    external: true
  auth:
    external: true
# ToDo
# Secrets
# db heraltcheck
# https://github.com/lldap/lldap/blob/main/example_configs/keycloak.md
# secrets in ekycloak anapssen
# dashbaord