sdf
This commit is contained in:
traveler
parent
3c8190d18b
commit
fc4617a19b
1 changed files with 17 additions and 41 deletions
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
netgrimoire:
|
netgrimoire:
|
||||||
external: true
|
external: true
|
||||||
|
|
@ -8,11 +7,8 @@ services:
|
||||||
image: postgres:16
|
image: postgres:16
|
||||||
networks:
|
networks:
|
||||||
- netgrimoire
|
- netgrimoire
|
||||||
#user: "1001:998"
|
|
||||||
environment:
|
environment:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
PUID: "1964"
|
|
||||||
PGID: "1964"
|
|
||||||
POSTGRES_DB: lldap
|
POSTGRES_DB: lldap
|
||||||
POSTGRES_USER: lldap
|
POSTGRES_USER: lldap
|
||||||
POSTGRES_PASSWORD: F@lcon13
|
POSTGRES_PASSWORD: F@lcon13
|
||||||
|
|
@ -31,41 +27,30 @@ services:
|
||||||
- node.hostname == docker4
|
- node.hostname == docker4
|
||||||
labels:
|
labels:
|
||||||
gremlin.version: "2026-04-1"
|
gremlin.version: "2026-04-1"
|
||||||
diun.enable: true
|
gremlin.uid.exempt: "true"
|
||||||
|
gremlin.uid.reason: "Postgres requires UID 999 — PUID/PGID not supported"
|
||||||
gremlin.caddy.skip: "true"
|
gremlin.caddy.skip: "true"
|
||||||
gremlin.homepage.skip: "true"
|
gremlin.homepage.skip: "true"
|
||||||
gremlin.monitor.skip: "true"
|
gremlin.monitor.skip: "true"
|
||||||
gremlin.network.skip: "true"
|
gremlin.network.skip: "true"
|
||||||
restart: unless-stopped
|
diun.enable: "true"
|
||||||
|
|
||||||
lldap:
|
lldap:
|
||||||
image: lldap/lldap:stable
|
image: lldap/lldap:stable
|
||||||
networks:
|
networks:
|
||||||
- netgrimoire
|
- netgrimoire
|
||||||
#user: "1001:998"
|
|
||||||
environment:
|
environment:
|
||||||
TZ: America/Chicago
|
TZ: America/Chicago
|
||||||
PUID: "1964"
|
PUID: "1964"
|
||||||
PGID: "1964"
|
PGID: "1964"
|
||||||
|
|
||||||
# Base DN
|
|
||||||
LLDAP_LDAP_BASE_DN: "dc=netgrimoire,dc=com"
|
LLDAP_LDAP_BASE_DN: "dc=netgrimoire,dc=com"
|
||||||
LLDAP_DOMAIN: netgrimoire.com
|
LLDAP_DOMAIN: netgrimoire.com
|
||||||
|
|
||||||
# User/admin bind password (you will replace)
|
|
||||||
LLDAP_LDAP_USER_PASS: F@lcon13
|
LLDAP_LDAP_USER_PASS: F@lcon13
|
||||||
|
|
||||||
# Generated secrets (leave as-is unless you want to rotate)
|
|
||||||
LLDAP_JWT_SECRET: lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
|
LLDAP_JWT_SECRET: lougu9MjGLmLp1SPDkkCBsQm-MdHpGGuOn-wW7FRWRdzglIn1nJRyBQkQ7HDcDh0
|
||||||
LLDAP_KEY_SEED: Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
|
LLDAP_KEY_SEED: Kss_fNlMBH3XRo9aYHo_pI9gWQecQ1v3-yYzULckoWUm-iKIkV2DMygPYyKaN-u_
|
||||||
|
|
||||||
# Postgres
|
|
||||||
LLDAP_DATABASE_URL: postgres://lldap:F@lcon13@lldap-db:5432/lldap
|
LLDAP_DATABASE_URL: postgres://lldap:F@lcon13@lldap-db:5432/lldap
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
- /DockerVol/lldap/data:/data
|
- /DockerVol/lldap/data:/data
|
||||||
|
|
||||||
# Expose to LAN via swarm routing mesh (ingress)
|
|
||||||
ports:
|
ports:
|
||||||
- target: 17170
|
- target: 17170
|
||||||
published: 17170
|
published: 17170
|
||||||
|
|
@ -75,12 +60,6 @@ services:
|
||||||
published: 3890
|
published: 3890
|
||||||
protocol: tcp
|
protocol: tcp
|
||||||
mode: ingress
|
mode: ingress
|
||||||
# If/when you enable LDAPS:
|
|
||||||
# - target: 6360
|
|
||||||
# published: 6360
|
|
||||||
# protocol: tcp
|
|
||||||
# mode: ingress
|
|
||||||
|
|
||||||
deploy:
|
deploy:
|
||||||
restart_policy:
|
restart_policy:
|
||||||
condition: any
|
condition: any
|
||||||
|
|
@ -93,24 +72,21 @@ services:
|
||||||
- node.platform.arch != aarch64
|
- node.platform.arch != aarch64
|
||||||
- node.hostname == docker4
|
- node.hostname == docker4
|
||||||
labels:
|
labels:
|
||||||
|
gremlin.version: "2026-04-1"
|
||||||
|
gremlin.context: "LLDAP exposes port 17170 for web UI and 3890 for LDAP. Both are intentional."
|
||||||
|
|
||||||
|
caddy: ldap.netgrimoire.com
|
||||||
|
caddy.reverse_proxy: lldap:17170
|
||||||
|
caddy.import_1: crowdsec
|
||||||
|
caddy.import_2: authentik
|
||||||
|
|
||||||
|
monitor.name: LLDAP
|
||||||
|
monitor.url: http://lldap:17170
|
||||||
|
|
||||||
|
homepage.group: Authentication
|
||||||
|
homepage.name: LLDAP
|
||||||
|
homepage.icon: ldap.png
|
||||||
|
homepage.href: https://ldap.netgrimoire.com
|
||||||
|
homepage.description: Lightweight LDAP directory
|
||||||
|
|
||||||
diun.enable: "true"
|
diun.enable: "true"
|
||||||
# Homepage
|
|
||||||
- homepage.group=Authentication
|
|
||||||
- homepage.name=LLDAP
|
|
||||||
- homepage.icon=ldap.png
|
|
||||||
- homepage.href=https://ldap.netgrimoire.com
|
|
||||||
- homepage.description=Lightweight LDAP directory
|
|
||||||
|
|
||||||
# Kuma
|
|
||||||
- kuma.lldap.http.name=LLDAP
|
|
||||||
- kuma.lldap.http.url=http://lldap:17170
|
|
||||||
|
|
||||||
# Caddy / Authentik (protect UI)
|
|
||||||
- caddy=ldap.netgrimoire.com
|
|
||||||
- caddy.import=authentik
|
|
||||||
- caddy.reverse_proxy=lldap:17170
|
|
||||||
|
|
||||||
# Diun
|
|
||||||
- diun.enable=true
|
|
||||||
|
|
||||||
restart: unless-stopped
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue