switched from bitnami ldap to tiredofit ldap due to upstream licensing shenanigans, also added a splunk (for now) just to see the unifi logs - to see if its worth it
This commit is contained in:
@@ -153,7 +153,7 @@ services:
|
||||
emby:
|
||||
container_name: emby
|
||||
# image: emby/embyserver:latest
|
||||
image: emby/embyserver:4.9.1.18
|
||||
image: emby/embyserver:4.9.1.31
|
||||
restart: always
|
||||
network_mode: host
|
||||
environment:
|
||||
@@ -247,7 +247,7 @@ services:
|
||||
- DMS_DEBUG=0
|
||||
- LOG_LEVEL=warn
|
||||
- ACCOUNT_PROVISIONER=LDAP
|
||||
- LDAP_SERVER_HOST=ldap://openldap:1389 # using IP, as we changed over container names (openldap->openldapnew)
|
||||
- LDAP_SERVER_HOST=ldap://openldap:389 # using IP, as we changed over container names
|
||||
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
|
||||
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
||||
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
|
||||
@@ -258,7 +258,7 @@ services:
|
||||
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
|
||||
- ENABLE_SASLAUTHD=1
|
||||
- SASLAUTHD_MECHANISMS=ldap
|
||||
- SASLAUTHD_LDAP_SERVER=ldap://openldap:1389
|
||||
- SASLAUTHD_LDAP_SERVER=ldap://openldap:389
|
||||
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
|
||||
- SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
|
||||
- SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
|
||||
@@ -271,34 +271,60 @@ services:
|
||||
- NET_ADMIN
|
||||
|
||||
openldap:
|
||||
image: bitnami/openldap:latest
|
||||
user: "2000"
|
||||
image: ghcr.io/tiredofit/docker-openldap:2.6-latest
|
||||
container_name: openldap
|
||||
restart: always
|
||||
hostname: openldap
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "last.commit.url=https://api.github.com/repos/bitnami/containers/commits?path=bitnami/openldap"
|
||||
environment:
|
||||
BITNAMI_DEBUG: "true"
|
||||
LDAP_ROOT: "dc=depaoli,dc=id,dc=au"
|
||||
LDAP_ADMIN_USERNAME: "admin"
|
||||
LDAP_SKIP_DEFAULT_TREE: "yes"
|
||||
LDAP_CUSTOM_SCHEMA_DIR: "/schemas"
|
||||
LDAP_CUSTOM_LDIF_DIR: "/ldifs"
|
||||
LDAP_LOGLEVEL: "256"
|
||||
DOMAIN: "depaoli.id.au"
|
||||
BASE_DN: "dc=depaoli,dc=id,dc=au"
|
||||
ENABLE_BACKUP: false
|
||||
env_file:
|
||||
- /srv/docker/config/secrets/ldap-mail-common
|
||||
- /srv/docker/config/secrets/ldap-mail-common
|
||||
tty: true
|
||||
stdin_open: true
|
||||
depends_on:
|
||||
- adguard
|
||||
volumes:
|
||||
- /srv/docker/container/ldap/:/bitnami/openldap/
|
||||
- /srv/docker/container/ldap/bootstrap-schema:/schemas
|
||||
- /srv/docker/container/ldap/bootstrap-ldifs:/ldifs
|
||||
- /srv/docker/container/ldap/data:/var/lib/openldap
|
||||
- /srv/docker/container/ldap/slap.d:/etc/openldap/slapd.d
|
||||
- /srv/docker/container/ldap/bootstrap-schema:/assets/bootstrap-schemas
|
||||
- /srv/docker/container/ldap/bootstrap-ldifs:/assets/bootstrap-ldifs
|
||||
- /srv/docker/container/ldap/custom-scripts:/assets/custom-scripts
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "0.0.0.0:389:1389"
|
||||
- "0.0.0.0:389:389"
|
||||
|
||||
ldap-dev:
|
||||
image: ghcr.io/tiredofit/docker-openldap:2.6-latest
|
||||
container_name: ldap-dev
|
||||
hostname: ldap-dev
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
environment:
|
||||
DOMAIN: "depaoli.id.au"
|
||||
BASE_DN: "dc=depaoli,dc=id,dc=au"
|
||||
LDAP_URLS: "ldap://0.0.0.0:1389"
|
||||
ENABLE_BACKUP: false
|
||||
# Add TLS, replication, etc. here if needed
|
||||
env_file:
|
||||
- /srv/docker/config/secrets/ldap-mail-common
|
||||
tty: true
|
||||
stdin_open: true
|
||||
depends_on:
|
||||
- adguard
|
||||
volumes:
|
||||
- /srv/docker/container/ldap-dev/data:/var/lib/openldap
|
||||
- /srv/docker/container/ldap-dev/slap.d:/etc/openldap/slapd.d
|
||||
- /srv/docker/container/ldap-dev/bootstrap-schema:/assets/bootstrap-schemas
|
||||
- /srv/docker/container/ldap-dev/bootstrap-ldifs:/assets/bootstrap-ldifs
|
||||
- /srv/docker/container/ldap-dev/custom-scripts:/assets/custom-scripts
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
ports:
|
||||
- "0.0.0.0:1389:389"
|
||||
|
||||
# webmail
|
||||
webmail:
|
||||
@@ -361,7 +387,7 @@ services:
|
||||
- seccomp:unconfined
|
||||
depends_on:
|
||||
- adguard
|
||||
- openldap
|
||||
# - openldap
|
||||
volumes:
|
||||
- /srv/docker/container/hass:/config
|
||||
# this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container
|
||||
@@ -1208,3 +1234,28 @@ services:
|
||||
- "traefik.http.routers.homarr.entrypoints=web"
|
||||
- "traefik.http.services.homarr.loadbalancer.server.port=7575"
|
||||
- "last.commit.url=https://api.github.com/repos/homarr-labs/homarr/commits"
|
||||
|
||||
splunk:
|
||||
image: splunk/splunk:latest
|
||||
container_name: splunk
|
||||
environment:
|
||||
- SPLUNK_LICENSE_URI=Free
|
||||
- SPLUNK_START_ARGS=--accept-license
|
||||
- SPLUNK_GENERAL_TERMS=--accept-sgt-current-at-splunk-com
|
||||
ports:
|
||||
- "8000:8000" # Splunk Web
|
||||
- "8088:8088" # HTTP Event Collector (optional)
|
||||
- "9997:9997" # Splunk Indexing
|
||||
- "514:514/udp" # Syslog (UDP)
|
||||
volumes:
|
||||
- /srv/docker/container/splunk/data:/opt/splunk/var
|
||||
- /srv/docker/container/splunk/etc:/opt/splunk/etc
|
||||
env_file:
|
||||
- /srv/docker/config/secrets/splunk
|
||||
restart: unless-stopped
|
||||
labels:
|
||||
- "com.centurylinklabs.watchtower.enable=true"
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.routers.splunk.rule=Host(`splunk.ddp.net`)"
|
||||
- "traefik.http.routers.splunk.entrypoints=web"
|
||||
- "traefik.http.services.splunk.loadbalancer.server.port=8000"
|
||||
|
||||
Reference in New Issue
Block a user