homelab/archive/2022.bxl-nas/auth.docker-compose.yaml

90 lines
2.5 KiB
YAML

version: '3.7'
services:
openldap:
container_name: openldap
image: osixia/openldap:latest
ports:
- '389:389'
restart: unless-stopped
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=${ADMIN_PASSWORD}
- LDAP_READONLY_USER=true
- LDAP_READONLY_USER_USERNAME=readonly
- LDAP_READONLY_USER_PASSWORD=${READONLY_PASSWORD}
- LDAP_DOMAIN=bhasher.com
- LDAP_ORGANISATION=Bhasher
- LDAP_RFC2307BIS_SCHEMA=true
- LDAP_TLS=false
volumes:
- /mnt/Main/containers/openldap/ldap:/var/lib/ldap
- /mnt/Main/containers/openldap/slapd.d:/etc/ldap/slapd.d
networks:
- ldap
ldapusermanager:
container_name: ldapusermanager
image: wheelybird/ldap-user-manager:latest
restart: unless-stopped
environment:
- LDAP_URI=ldap://openldap
- LDAP_BASE_DN=dc=bhasher,dc=com
- LDAP_ADMIN_BIND_DN=cn=admin,dc=bhasher,dc=com
- LDAP_ADMINS_GROUP=admin
- SERVER_HOSTNAME=lum.bhasher.com
- NO_HTTPS=true
- ORGANISATION_NAME=Bhasher
- LDAP_REQUIRE_STARTTLS=false
- FORCE_RFC2307BIS=true
- SHOW_POSIX_ATTRIBUTES=false
- LDAP_ADMIN_BIND_PWD=${ADMIN_PASSWORD}
- LDAP_USER_OU=users
- LDAP_GROUP_OU=groups
- LDAP_ACCOUNT_ATTRIBUTE=uid
- LDAP_GROUP_ATTRIBUTE=cn
- USERNAME_FORMAT={first_name}.{last_name}
- ENFORCE_SAFE_SYSTEM_NAMES=false
- PASSWORD_HASH=SHA512CRYPT
- ACCEPT_WEAK_PASSWORDS=false
- LDAP_ACCOUNT_ADDITIONAL_ATTRIBUTES=jpegPhoto^:Profile picture,sshpubkey^+:SSH public key
labels:
- "traefik.enable=true"
- "traefik.http.routers.lum.rule=Host(`lum.bhasher.com`)"
- "traefik.http.routers.lum.entrypoints=internalsecure"
- "traefik.http.services.lum.loadbalancer.server.port=80"
- "traefik.http.routers.lum.tls=true"
- "traefik.http.routers.lum.tls.certresolver=http"
ports:
- 4587:80
networks:
- ldap
- external
authelia:
container_name: authelia
image: authelia/authelia:latest
restart: unless-stopped
environment:
- TZ=Europe/Paris
labels:
- "traefik.enable=true"
- "traefik.http.routers.authelia.rule=Host(`idp.bhasher.com`)"
- "traefik.http.routers.authelia.entrypoints=internalsecure"
- "traefik.http.services.authelia.loadbalancer.server.port=9091"
- "traefik.http.routers.authelia.tls=true"
- "traefik.http.routers.authelia.tls.certresolver=http"
volumes:
- /mnt/Main/containers/authelia:/config
networks:
- ldap
- external
- storage
networks:
ldap:
external:
external: true
storage:
external: true