ddp/docker-compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

convert to nfrastack ldap, and rename openldap to ldap, added a mqtt dev temporarily and made uptime-kuma tag be able to update in the :2 releases

Browse Source
This commit is contained in:
Damien De Paoli
2026-01-08 16:33:23 +11:00
parent 9241b4091f
commit d23aaca635
2 changed files with 44 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
docker-compose.yml
View File

@@ -191,7 +191,7 @@ services:
- "last.commit.url=https://api.github.com/repos/docker-mailserver/docker-mailserver/commits" - "last.commit.url=https://api.github.com/repos/docker-mailserver/docker-mailserver/commits"
depends_on: depends_on:
- adguard - adguard
- openldap - ldap
volumes: volumes:
- /srv/docker/container/mail/data:/var/mail - /srv/docker/container/mail/data:/var/mail
- /srv/docker/container/mail/state:/var/mail-state - /srv/docker/container/mail/state:/var/mail-state
@@ -233,7 +233,7 @@ services:
- DMS_DEBUG=0 - DMS_DEBUG=0
- LOG_LEVEL=warn - LOG_LEVEL=warn
- ACCOUNT_PROVISIONER=LDAP - ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=ldap://openldap:389 # using IP, as we changed over container names - LDAP_SERVER_HOST=ldap://ldap:389 # using IP, as we changed over container names
- LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au - LDAP_SEARCH_BASE=dc=depaoli,dc=id,dc=au
- LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE)) - LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
@@ -244,7 +244,7 @@ services:
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n)) - DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uid=%n))
- ENABLE_SASLAUTHD=1 - ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap - SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap://openldap:389 - SASLAUTHD_LDAP_SERVER=ldap://ldap:389
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=depaoli,dc=id,dc=au
- SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au - SASLAUTHD_LDAP_SEARCH_BASE=ou=users,dc=depaoli,dc=id,dc=au
- SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person)) - SASLAUTHD_LDAP_FILTER=(&(uid=%U)(objectClass=person))
@@ -256,18 +256,21 @@ services:
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
openldap: ldap:
image: ghcr.io/tiredofit/docker-openldap:2.6-latest image: docker.io/nfrastack/openldap:2.6
container_name: openldap container_name: ldap
hostname: openldap hostname: ldap
restart: unless-stopped restart: unless-stopped
labels: labels:
- "com.centurylinklabs.watchtower.enable=true" - "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/tiredofit/docker-openldap/releases/latest" - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
environment: environment:
DOMAIN: "depaoli.id.au" DOMAIN: "depaoli.id.au"
BASE_DN: "dc=depaoli,dc=id,dc=au" BASE_DN: "dc=depaoli,dc=id,dc=au"
ORGANIZATION: "De Paoli"
ENABLE_BACKUP: false ENABLE_BACKUP: false
ENABLE_TLS: "false"
ENABLE_REPLICATION: "false"
env_file: env_file:
- /srv/docker/config/secrets/ldap-mail-common - /srv/docker/config/secrets/ldap-mail-common
tty: true tty: true
@@ -275,29 +278,30 @@ services:
depends_on: depends_on:
- adguard - adguard
volumes: volumes:
- /srv/docker/container/ldap/data:/var/lib/openldap - /srv/docker/container/ldap/data:/data/db
- /srv/docker/container/ldap/slap.d:/etc/openldap/slapd.d - /srv/docker/container/ldap/slap.d:/data/config
- /srv/docker/container/ldap/custom-scripts:/container/data/openldap/config/bootstrap/custom
- /srv/docker/container/ldap/bootstrap-schema:/assets/bootstrap-schemas - /srv/docker/container/ldap/bootstrap-schema:/assets/bootstrap-schemas
- /srv/docker/container/ldap/bootstrap-ldifs:/assets/bootstrap-ldifs - /srv/docker/container/ldap/bootstrap-ldifs:/assets/bootstrap-ldifs
- /srv/docker/container/ldap/custom-scripts:/assets/custom-scripts
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "0.0.0.0:389:389" - "0.0.0.0:389:389"
ldap-dev: ldap-dev:
image: ghcr.io/tiredofit/docker-openldap:2.6-latest image: docker.io/nfrastack/openldap:2.6
container_name: ldap-dev container_name: ldap-dev
hostname: ldap-dev hostname: ldap-dev
restart: unless-stopped restart: unless-stopped
labels: labels:
- "com.centurylinklabs.watchtower.enable=true" - "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/tiredofit/docker-openldap/releases/latest" - "last.commit.url=https://api.github.com/repos/nfrastack/container-openldap/releases/latest"
environment: environment:
DOMAIN: "depaoli.id.au" DOMAIN: "depaoli.id.au"
BASE_DN: "dc=depaoli,dc=id,dc=au" BASE_DN: "dc=depaoli,dc=id,dc=au"
LDAP_URLS: "ldap://0.0.0.0:1389" ORGANIZATION: "De Paoli"
ENABLE_BACKUP: false ENABLE_BACKUP: false
# Add TLS, replication, etc. here if needed ENABLE_TLS: "false"
ENABLE_REPLICATION: "false"
env_file: env_file:
- /srv/docker/config/secrets/ldap-mail-common - /srv/docker/config/secrets/ldap-mail-common
tty: true tty: true
@@ -305,11 +309,11 @@ services:
depends_on: depends_on:
- adguard - adguard
volumes: volumes:
- /srv/docker/container/ldap-dev/data:/var/lib/openldap - /srv/docker/container/ldap-dev/data:/data/db
- /srv/docker/container/ldap-dev/slap.d:/etc/openldap/slapd.d - /srv/docker/container/ldap-dev/slap.d:/data/config
- /srv/docker/container/ldap-dev/custom-scripts:/container/data/openldap/config/bootstrap/custom
- /srv/docker/container/ldap-dev/bootstrap-schema:/assets/bootstrap-schemas - /srv/docker/container/ldap-dev/bootstrap-schema:/assets/bootstrap-schemas
- /srv/docker/container/ldap-dev/bootstrap-ldifs:/assets/bootstrap-ldifs - /srv/docker/container/ldap-dev/bootstrap-ldifs:/assets/bootstrap-ldifs
- /srv/docker/container/ldap-dev/custom-scripts:/assets/custom-scripts
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "0.0.0.0:1389:389" - "0.0.0.0:1389:389"
@@ -336,7 +340,7 @@ services:
depends_on: depends_on:
- adguard - adguard
- mail - mail
- openldap - ldap
environment: environment:
- ROUNDCUBEMAIL_DB_TYPE=sqlite - ROUNDCUBEMAIL_DB_TYPE=sqlite
- ROUNDCUBEMAIL_SKIN=elastic - ROUNDCUBEMAIL_SKIN=elastic
@@ -376,7 +380,7 @@ services:
- seccomp:unconfined - seccomp:unconfined
depends_on: depends_on:
- adguard - adguard
# - openldap - ldap
volumes: volumes:
- /srv/docker/container/hass:/config - /srv/docker/container/hass:/config
# this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container # this line adds known hosts file to /root's .ssh so the 'command line authenticaion' works on login on every new container
@@ -428,6 +432,22 @@ services:
# to note with network_mode: host, this works via localhost --> traefik routes this to http://127.0.0.1:8095" # to note with network_mode: host, this works via localhost --> traefik routes this to http://127.0.0.1:8095"
- "traefik.http.services.mass.loadbalancer.server.port=8095" - "traefik.http.services.mass.loadbalancer.server.port=8095"
mosquitto-dev:
container_name: mosquitto-dev
image: eclipse-mosquitto:latest
restart: always
volumes:
- /srv/docker/container/mosquitto-dev:/mosquitto
- /srv/docker/container/mosquitto-dev/data:/mosquitto/data
- /srv/docker/container/mosquitto-dev/log:/mosquitto/log
- /etc/localtime:/etc/localtime:ro
labels:
- "com.centurylinklabs.watchtower.enable=true"
- "last.commit.url=https://api.github.com/repos/eclipse/mosquitto/commits"
ports:
- "0.0.0.0:10883:1883"
- "0.0.0.0:18883:8883"
mosquitto: mosquitto:
container_name: mosquitto container_name: mosquitto
image: eclipse-mosquitto:latest image: eclipse-mosquitto:latest
@@ -842,7 +862,6 @@ services:
restart: always restart: always
depends_on: depends_on:
- adguard - adguard
- openldap
volumes: volumes:
- /srv/docker/container/vaultwarden:/data - /srv/docker/container/vaultwarden:/data
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
@@ -920,7 +939,7 @@ services:
- "/etc/localtime:/etc/localtime:ro" - "/etc/localtime:/etc/localtime:ro"
mon: mon:
image: louislam/uptime-kuma:2.0.2 image: louislam/uptime-kuma:2
container_name: mon container_name: mon
restart: always restart: always
volumes: volumes:
@@ -1171,7 +1190,7 @@ services:
- /srv/docker/container/samba/mara-bin:/root/mara-bin - /srv/docker/container/samba/mara-bin:/root/mara-bin
depends_on: depends_on:
- adguard - adguard
- openldap - ldap
labels: labels:
- "com.centurylinklabs.watchtower.enable=true" - "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=false" - "traefik.enable=false"
@@ -1196,7 +1215,7 @@ services:
- /srv/docker/container/ftp/mara-bin:/root/mara-bin - /srv/docker/container/ftp/mara-bin:/root/mara-bin
depends_on: depends_on:
- adguard - adguard
- openldap - ldap
labels: labels:
- "com.centurylinklabs.watchtower.enable=true" - "com.centurylinklabs.watchtower.enable=true"
- "traefik.enable=false" - "traefik.enable=false"

1
secrets/ldap-mail-common
View File

@@ -3,5 +3,6 @@ LDAP_ADMIN_PASSWORD=a_real_admin_pass_word_for_2o20
LDAP_BIND_PW=${LDAP_ADMIN_PASSWORD} LDAP_BIND_PW=${LDAP_ADMIN_PASSWORD}
# needed for tiredofit containers # needed for tiredofit containers
ADMIN_PASS=${LDAP_ADMIN_PASSWORD} ADMIN_PASS=${LDAP_ADMIN_PASSWORD}
CONFIG_PASS=another_config_password_for_2025
# to note, this is unused at the moment as SASL doesnt work, but leaving this set as it wont impact anything # to note, this is unused at the moment as SASL doesnt work, but leaving this set as it wont impact anything
SASLAUTHD_LDAP_PASSWORD=${LDAP_ADMIN_PASSWORD} SASLAUTHD_LDAP_PASSWORD=${LDAP_ADMIN_PASSWORD}