1.0.0 Release IaaS

config/services/containers/infra/ldap/ldap.container.j2

@@ -0,0 +1,64 @@
+[Quadlet]
+DefaultDependencies=false
+
+[Unit]
+Description=LDAP
+
+After=postgresql.service
+Requires=postgresql.service
+
+[Container]
+Image=docker.io/lldap/lldap:{{ version['containers']['ldap'] }}
+
+ContainerName=ldap
+HostName=ldap
+# They are at the same host (for Pasta, it is needed)
+AddHost={{ infra_uri['postgresql']['domain'] }}:host-gateway
+# For LDAPS - 636 > 6360 nftables
+PublishPort=6360:6360/tcp
+# Web UI
+PublishPort=17170:17170/tcp
+
+
+Volume=%h/containers/ldap/data:/data:rw
+Volume=%h/containers/ldap/ssl:/etc/ssl/ldap:ro
+
+# Default
+Environment="TZ=Asia/Seoul"
+
+# Domain
+Environment="LLDAP_LDAP_BASE_DN=dc=ilnmors,dc=internal"
+
+# LDAPS
+Environment="LLDAP_LDAPS_OPTIONS__ENABLED=true"
+Environment="LLDAP_LDAPS_OPTIONS__CERT_FILE=/etc/ssl/ldap/ldap.crt"
+Environment="LLDAP_LDAPS_OPTIONS__KEY_FILE=/etc/ssl/ldap/ldap.key"
+# Secret files' Path
+Environment="LLDAP_KEY_SEED_FILE=/run/secrets/LLDAP_KEY_SEED"
+Environment="LLDAP_JWT_SECRET_FILE=/run/secrets/LLDAP_JWT_SECRET"
+
+# SMTP options > you can set all of these at the /data/config.toml instead of Environment
+# Only `LLDAP_SMTP_OPTIONS__PASSWORD` will be injected by secret
+# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
+# LLDAP_SMTP_OPTIONS__SERVER=smtp.example.com
+# LLDAP_SMTP_OPTIONS__PORT=465
+# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS
+# LLDAP_SMTP_OPTIONS__USER=no-reply@example.com
+# LLDAP_SMTP_OPTIONS__PASSWORD=PasswordGoesHere
+# LLDAP_SMTP_OPTIONS__FROM=no-reply <no-reply@example.com>
+# LLDAP_SMTP_OPTIONS__TO=admin <admin@example.com>
+
+# Database
+Secret=LLDAP_DATABASE_URL,type=env
+
+# Secrets
+Secret=LLDAP_KEY_SEED,target="/run/secrets/LLDAP_KEY_SEED"
+Secret=LLDAP_JWT_SECRET,target="/run/secrets/LLDAP_JWT_SECRET"
+
+[Service]
+Restart=always
+RestartSec=10s
+TimeoutStopSec=120
+
+[Install]
+WantedBy=default.target