GitLab

- Change from a single backup that's overwritten everytime to a
  multiple, dated backups.
- Save the last 30 days of backups.
- Save backups under the host's /var/backups instead of a Docker volume.
  Easier to backup.
- Add a restore script so that at least I would have some idea on how to
  restore this backup. Last thing I want to do when I need this backup
is to try and figure out how to restore it.

The changes are very, very rare. I'm changing the backup method to
saving tarballs as snapshots and saving the last few and this change in
the spirit of things.

The -v flags is already set in the alias.

To be integrated with the Nginx web proxy.

The SSL-terminating proxy should have that hostname.

The external name for it.

- GitLab CI templates.
- Pre-commit snippet.
- Address pre-commit issues.

A lot of different fixes. What I have in production right now.

Run as a limited user and bind to the regular HTTP port using file
capabilities.

- Relax the permission on /etc/ssl to allow generating snakeoil
certificate and key.
- Grant the slapd binary CAP_NET_BIND_SERVICE to allow binding to
privileged ports.
- Change owner of /etc/ldap/ldap.conf to allow modifying it in
entrypoint.
- Prepopulate volumes with the correct ownership, permissions and
directory structure to avoid doing it in the entrypoint without root.

- Use port 8080 (http-alt) instead of port 80 (a priviliged port).
- Run Apache with the www-data user.
- Enable the Apache status module.

- Update base image to Debian Buster.
- Install pamtester in the image.

Use the Docker Hub images for caching and keep the names the same were
applicable.

Instead of a persistent volume with the configuration, use environment
variables.

- Use a single volume for the config and data LDAP directories, easier
to keep in sync in different cases (backups, migration).
- Add backup script, save to backup volume.
- Allow passing the location of the SSL key and cert to enable SSL,
otherwise a self-signed certificate and key are generated with the FQDN
of the container.
- Drop the dockerfile-lint linter, didn't give any useful advice.
- Change base image to Debian Buster.
- Set stopsignal for the container.
- Allow setting the log level.
- Unset the cleartext root password environment variable.

- Set the client configuration (/etc/ldap/ldap.conf) according to the
environment variables.
- Add LDAP_REQCERT environment variable to set the certificate
validation.

- hadolint and docker-compose config.
- Fix what hadolint complained about.

- Name the slapd service as ldap (in case it's replaced by a different
LDAP server).
- Allow overriding the default environment variables (preparation for an
actual deployment).

- Specify the `/run/slapd` volume in the Dockerfile.
- Document TCP ports and Unix socket for slapd.

- Use a patch to change the configuration files (instead of fiddling
with sed).
- Don't log the healthcheck requests.

network to communicate with other containers.

- ldap-account-manager is not available on Debian buster right now, use
Debian sid instead.
- Document the default password.