# vim:ff=unix:ts=2:sw=2:ai:expandtab
---
version: '3.5'
services:
  crond:
    build:
      context: crond/
    restart: always
    volumes:
      - /run/docker.sock:/run/docker.sock

  ldap:
    build:
      context: slapd/
    environment:
      LDAP_ROOTPASS: &password "${LDAP_ROOTPASS:-foo}"
      LDAP_DOMAIN: "${LDAP_DOMAIN:-shore.co.il}"
      LDAP_ORGANIZATION: "${LDAP_ORGANIZATION:-shore}"
      #SLAPD_DEBUG_LEVEL: "any"
      SSL_DHPARAMS_FILE: /var/ssl/dhparams
    hostname: "${LDAP_HOSTNAME:-ldap}.${LDAP_DOMAIN:-shore.co.il}"
    restart: always
    volumes:
      - _run_slapd:/run/slapd
      - ldap:/var/lib/ldap
      - backup_ldap:/var/backups/ldap
      - /var/ssl/dhparams:/var/ssl/dhparams:ro

  ldap-account-manager:
    build:
      context: ldap-account-manager/
    depends_on:
      - ldap
    environment:
      LAM_PASSWORD: *password  # pragma: allowlist secret
      LDAP_ADMIN_DN: "cn=admin,${LDAP_BASE_DN:-dc=shore,dc=co,dc=il}"
      LDAP_BASE_DN: &base_dn "${LDAP_BASE_DN:-dc=shore,dc=co,dc=il}"
    hostname: lam.shore.co.il
    restart: always
    volumes:
      - _run_slapd:/run/slapd

  # nss-pam-ldapd:
  #   build:
  #     context: nss-pam-ldapd/
  #   command: /usr/sbin/nslcd --debug --nofork
  #   depends_on:
  #     - ldap
  #   environment:
  #     LDAP_BASE_DN: *base_dn
  #   volumes:
  #     - _run_slapd:/run/slapd

volumes:
  _run_slapd:
    name: run_slapd
  ldap:
  backup_ldap:
    labels:
      snapshot: 'true'

networks:
  default:
    name: shore