version: '3.7'
services:
  freeipa:
    image: freeipa/freeipa-server:rocky-8
    restart: unless-stopped
    hostname: freeipa.local.netgrimoire.com
    environment:
      - IPA_SERVER_HOSTNAME=freeipa.local.netgrimoire.com
      - TZ=America/Chicago
      - PGID=998
      - PUID=1001
    tty: true
    stdin_open: true
    cap_add:
      - NET_ADMIN
      - SYS_TIME  
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - /DockerVol/freeipa:/data
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
      - net.ipv6.conf.lo.disable_ipv6=0
    security_opt:
      - "seccomp:unconfined"
    command:
      - -U
      - --domain=local.netgrimoire.com
      - --realm=local.netgrimoire.com
      - --http-pin=F@lcon12
      - --dirsrv-pin=F@lcon12
      - --ds-password=F@lcon12
      - --admin-password=F@lcon12
      - --no-host-dns
      - --unattended
    ports:
      - "80:80"
      - "443:443"
      - "389:389"
      - "636:636"
      - "88:88"
      - "464:464"
      - "88:88/udp"
      - "464:464/udp"
      - "123:123/udp"
      - "7389:7389"
      - "9443:9443"
      - "9444:9444"
      - "9445:9445"
#volumes:
 # freeipavol: