secrets:
  AUTHELIA_JWT_SECRET:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_JWT_SECRET
  AUTHELIA_SESSION_SECRET:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_SESSION_SECRET
  AUTHELIA_STORAGE_PASSWORD:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_PASSWORD
  AUTHELIA_STORAGE_ENCRYPTION_KEY:
    file: ${PWD}/config/authelia/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY
  LLDAP_JWT_SECRET:
    file: ${PWD}/config/lldap/secrets/LLDAP_JWT_SECRET
  LLDAP_PASSWORD:
    file: ${PWD}/config/lldap/secrets/LLDAP_PASSWORD
  LLDAP_STORAGE_PASSWORD:
    file: ${PWD}/config/lldap/secrets/LLDAP_STORAGE_PASSWORD

services:
  proxy:
    build:
      context: ./
      dockerfile_inline: |
        FROM caddy:2.10
        RUN apk add jinja2-cli
        COPY config/caddy/Caddyfile.j2 /etc/caddy/Caddyfile.j2
        COPY config.json /etc/caddy/config.json
        RUN jinja2 /etc/caddy/Caddyfile.j2 /etc/caddy/config.json -D domain='${URL}' > /etc/caddy/Caddyfile
    container_name: proxy.${URL}
    depends_on:
      - authelia
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./key.pem:/ssl/certs/key.pem
      - ./cert.pem:/ssl/certs/cert.pem
      - caddy-config:/config
    networks:
      apperture:
    
  whoami:
    container_name: apperture-whoami
    image: docker.io/traefik/whoami
    restart: unless-stopped
    networks:
      apperture:
    environment:
      TZ: 'Europe/London'
      
  authelia:
    container_name: apperture-authelia
    image: authelia/authelia
    depends_on:
      authelia-postgres:
        condition: service_healthy
      lldap:
        condition: service_healthy
    restart: unless-stopped
    volumes:
      - ./config/authelia/config/configuration.yml:/config/configuration.yml:ro
    secrets: [
        AUTHELIA_JWT_SECRET,
        AUTHELIA_SESSION_SECRET,
        AUTHELIA_STORAGE_PASSWORD,
        AUTHELIA_STORAGE_ENCRYPTION_KEY,
        LLDAP_PASSWORD]
    environment:
      TZ: 'Europe/London'
      AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE: '/run/secrets/AUTHELIA_JWT_SECRET'
      AUTHELIA_SESSION_SECRET_FILE: '/run/secrets/AUTHELIA_SESSION_SECRET'
      AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE: '/run/secrets/AUTHELIA_STORAGE_PASSWORD'
      AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE: '/run/secrets/AUTHELIA_STORAGE_ENCRYPTION_KEY'
      AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE: '/run/secrets/LLDAP_PASSWORD'
      URL: ${URL}
    networks:
      apperture:
    command: ["authelia", "--config.experimental.filters", "template"]

  authelia-postgres:
    container_name: apperture-authelia-postgres
    image: postgres
    restart: unless-stopped
    secrets: [AUTHELIA_STORAGE_PASSWORD]
    environment:
      POSTGRES_USER: authelia
      POSTGRES_PASSWORD_FILE: /run/secrets/AUTHELIA_STORAGE_PASSWORD
      POSTGRES_DB: authelia
    networks:
      apperture:
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U authelia"]
      interval: 5s
      timeout: 5s
      retries: 5    

  lldap:
    container_name: apperture-lldap
    image: nitnelave/lldap:stable
    restart: unless-stopped
    depends_on:
      lldap-postgres:
        condition: service_healthy
    secrets: [LLDAP_JWT_SECRET, LLDAP_PASSWORD, LLDAP_STORAGE_PASSWORD]
    environment:
      UID: 1000
      GID: 1000
      TZ: Europe/London
      LLDAP_JWT_SECRET_FILE: /run/secrets/LLDAP_JWT_SECRET
      LLDAP_LDAP_USER_PASS_FILE: /run/secrets/LLDAP_PASSWORD
      LLDAP_LDAP_BASE_DN: dc=example,dc=com
      LLDAP_DATABASE_URL: postgres://lldap:lldap@lldap-postgres/lldap
      # Example bind: cn=admin,ou=people,dc=example,dc=com
    volumes:
      - lldap-data:/data
    networks:
      apperture:

  lldap-postgres:
    container_name: apperture-lldap-postgres
    image: postgres
    restart: unless-stopped
    secrets: [LLDAP_STORAGE_PASSWORD]
    environment:
      POSTGRES_USER: lldap
      POSTGRES_PASSWORD: lldap
      #POSTGRES_PASSWORD_FILE: /run/secrets/LLDAP_STORAGE_PASSWORD
      POSTGRES_DB: lldap
    volumes:
      - lldap-postgres-data:/var/lib/postgresql/data
    networks:
      apperture:
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U lldap"]
      interval: 5s
      timeout: 5s
      retries: 5 

  homer:
    image: b4bz/homer
    container_name: apperture-homer
    depends_on:
      homer-bootstrap:
        condition: service_completed_successfully
    volumes:
      - ./config/homer:/www/assets
    ports:
      - 8080:8080
    environment:
      - INIT_ASSETS=1 
    restart: unless-stopped
    networks:
      apperture:

  homer-bootstrap:
    build:
      dockerfile_inline: |
        FROM python:3.12-alpine
        RUN pip install pyyaml
        COPY ./homer-bootstrap /app
        RUN mkdir -p /proxy-bootstrap /configs /app/homer
        ENTRYPOINT ["python3", "/app/configure_homepage.py"]
    container_name: apperture-homer-bootstrap
    environment:
      ORGANISATION: ${ORGANISATION}
      TITLE: ${TITLE}
      DOMAIN: ${URL}
    networks:
      apperture:
    volumes:
      - ./config.json:/proxy-bootstrap/config.json
      - ./config/homer:/configs

networks:
  apperture:
    name: apperture_apperture

volumes:
  lldap-data:
  lldap-postgres-data:
  caddy-config: