services:
  mealie:
    extends:
      file: ${TEMPLATES_PATH}
      service: default
    image: ghcr.io/mealie-recipes/mealie:latest
    container_name: mealie
    ports:
      - "4006:9000"
    networks:
      - ip6net
    volumes:
      - ${SERVICE_PATH}/mealie/data:/app/data/
    environment:
      ALLOW_SIGNUP: false
      BASE_URL: https://mealie.${PUBLIC_DOMAIN}
      # Database Settings
      DB_ENGINE: postgres
      POSTGRES_USER: mealie
      POSTGRES_PASSWORD: ${MEALIE_DATABASE_PASSWORD}
      POSTGRES_SERVER: postgres
      POSTGRES_PORT: 5432
      POSTGRES_DB: mealie
      # LDAP Authentication
      LDAP_AUTH_ENABLED: true
      LDAP_SERVER_URL: ldap://lldap:3890
      LDAP_BASE_DN: ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
      LDAP_ID_ATTRIBUTE: uid
      LDAP_NAME_ATTRIBUTE: displayName
      LDAP_MAIL_ATTRIBUTE: mail
      LDAP_QUERY_BIND: cn=readonly_user,ou=people,dc=${SECOND_LEVEL_DOMAIN},dc=${TOP_LEVEL_DOMAIN}
      LDAP_QUERY_PASSWORD: ${LLDAP_READONLY_USER_PASSWORD}
      # LDAP_USER_FILTER: (memberof=cn=mealie,ou=groups,dc=example,dc=com)
      # LDAP_ADMIN_FILTER: (memberof=cn=mealie-admin,ou=groups,dc=example,dc=com)

    labels:
      # Watchtower
      - "com.centurylinklabs.watchtower.enable=true"
      # Traefik
      - "traefik.enable=true"
      - "traefik.http.routers.mealie.rule=Host(`mealie.${PUBLIC_DOMAIN}`)"
      - "traefik.http.routers.mealie.entrypoints=https"
      - "traefik.http.routers.mealie.tls.certresolver=myresolver"
      - "traefik.http.routers.mealie.tls=true"
      # Middlewares
      - "traefik.http.routers.mealie.middlewares=crowdsec-bouncer@file"