initial docker setup

project/db/lldap/lldap.yml

@@ -0,0 +1,46 @@
+secrets:
+  LLDAP_JWT_SECRET:
+    file: ${DB_PATH}/lldap/secrets/LLDAP_JWT_SECRET
+  LLDAP_KEY_SEED:
+    file: ${DB_PATH}/lldap/secrets/LLDAP_KEY_SEED
+
+services:
+  lldap:
+    extends:
+      file: ${TEMPLATES_PATH}
+      service: default
+    container_name: lldap
+    image: lldap/lldap:latest
+    ports:
+      # For LDAP, not recommended to expose, see Usage section.
+      - "3890:3890"
+      # For LDAPS (LDAP Over SSL), enable port if LLDAP_LDAPS_OPTIONS__ENABLED set true, look env below
+      # - "6360:6360"
+      # For the web front-end
+      - "17170:17170"
+    volumes:
+      - "${DB_PATH}/lldap/data:/data"
+    environment:
+      - LLDAP_JWT_SECRET=/run/secrets/LLDAP_JWT_SECRET
+      - LLDAP_KEY_SEED=/run/secrets/LLDAP_KEY_SEED
+      - LLDAP_LDAP_BASE_DN=dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
+      # If using LDAPS, set enabled true and configure cert and key path
+      # - LLDAP_LDAPS_OPTIONS__ENABLED=true
+      # - LLDAP_LDAPS_OPTIONS__CERT_FILE=/data/certfile.crt
+      # - LLDAP_LDAPS_OPTIONS__KEY_FILE=/data/keyfile.key
+      # You can also set a different database:
+      - LLDAP_DATABASE_URL=postgres://lldap:${LLDAP_DB_PASSWORD}@postgres/lldap
+    labels:
+      # Watchtower
+      - "com.centurylinklabs.watchtower.enable=true"
+      # Traefik
+      - "traefik.enable=true"
+      - "traefik.http.routers.lldap.rule=Host(`ldap.${PUBLIC_DOMAIN}`)"
+      - "traefik.http.routers.lldap.entrypoints=https"
+      - "traefik.http.routers.lldap.tls=true"
+      - "traefik.http.routers.lldap.tls.certresolver=myresolver"
+      - "traefik.http.routers.lldap.service=lldap-service"
+      - "traefik.http.services.lldap-service.loadbalancer.server.port=17170"
+      - "traefik.http.services.lldap-service.loadbalancer.server.scheme=http"
+      # middlewares
+      - "traefik.http.routers.lldap.middlewares=crowdsec-bouncer@file"