[Quadlet]
DefaultDependencies=false

[Unit]
Description=LDAP

After=postgresql.service
Requires=postgresql.service

[Container]
Image=docker.io/lldap/lldap:{{ version['containers']['ldap'] }}

ContainerName=ldap
HostName=ldap
# They are at the same host (for Pasta, it is needed)
AddHost={{ services['postgresql']['domain'] }}.{{ domain['internal'] }}:host-gateway
# For LDAPS - 636 > 6360 nftables
PublishPort={{ services['ldap']['ports']['ldaps'] }}:6360/tcp
# Web UI
PublishPort={{ services['ldap']['ports']['http'] }}:17170/tcp


Volume=%h/containers/ldap/data:/data:rw
Volume=%h/containers/ldap/ssl:/etc/ssl/ldap:ro

# Default
Environment="TZ=Asia/Seoul"

# Domain
Environment="LLDAP_LDAP_BASE_DN={{ domain['dc'] }}"

# LDAPS
Environment="LLDAP_LDAPS_OPTIONS__ENABLED=true"
Environment="LLDAP_LDAPS_OPTIONS__CERT_FILE=/etc/ssl/ldap/ldap.crt"
Environment="LLDAP_LDAPS_OPTIONS__KEY_FILE=/etc/ssl/ldap/ldap.key"
# Secret files' Path
Environment="LLDAP_KEY_SEED_FILE=/run/secrets/LLDAP_KEY_SEED"
Environment="LLDAP_JWT_SECRET_FILE=/run/secrets/LLDAP_JWT_SECRET"

# SMTP options > you can set all of these at the /data/config.toml instead of Environment
# Only `LLDAP_SMTP_OPTIONS__PASSWORD` will be injected by secret
# LLDAP_SMTP_OPTIONS__ENABLE_PASSWORD_RESET=true
# LLDAP_SMTP_OPTIONS__SERVER=smtp.example.com
# LLDAP_SMTP_OPTIONS__PORT=465
# LLDAP_SMTP_OPTIONS__SMTP_ENCRYPTION=TLS
# LLDAP_SMTP_OPTIONS__USER=no-reply@example.com
# LLDAP_SMTP_OPTIONS__PASSWORD=PasswordGoesHere
# LLDAP_SMTP_OPTIONS__FROM=no-reply <no-reply@example.com>
# LLDAP_SMTP_OPTIONS__TO=admin <admin@example.com>

# Database
Secret=LLDAP_DATABASE_URL,type=env

# Secrets
Secret=LLDAP_KEY_SEED,target="/run/secrets/LLDAP_KEY_SEED"
Secret=LLDAP_JWT_SECRET,target="/run/secrets/LLDAP_JWT_SECRET"

[Service]
Restart=always
RestartSec=10s
TimeoutStopSec=120

[Install]
WantedBy=default.target