iac_stack/roles/deploy_container_lldap/templates/docker-compose.yml.j2

---
services:
  lldap:
    image: lldap/lldap:${LLDAP_VERSION:-stable}
    container_name: lldap
    volumes:
      - "lldap_data:/data"
      - "./secrets:/secrets:ro"
    networks:
      - traefik
    environment:
      - TZ=Europe/Berlin
      - LLDAP_JWT_SECRET_FILE=/secrets/jwt_secret
      - LLDAP_KEY_SEED_FILE=/secrets/key_seed
      - LLDAP_LDAP_BASE_DN=dc=${LDAP_BASE_DOMAIN},dc=${LDAP_BASE_TLD}
      - LLDAP_LDAP_USER_PASS_FILE=/secrets/ldap_user_pass
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=traefik"
      - "traefik.http.routers.lldap.entrypoints=http"
      - "traefik.http.routers.lldap.rule=Host(`${LLDAP_DOMAIN}`)"
      - "traefik.http.middlewares.lldap-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.lldap.middlewares=lldap-https-redirect"
      - "traefik.http.routers.lldap-secure.entrypoints=https"
      - "traefik.http.routers.lldap-secure.rule=Host(`${LLDAP_DOMAIN}`)"
      - "traefik.http.routers.lldap-secure.tls=true"
      - "traefik.http.routers.lldap-secure.service=lldap"
      - "traefik.http.services.lldap.loadbalancer.server.port=17170"

networks:
  traefik:
    external: true

volumes:
  lldap_data:
    driver: local