services:
  lldap_db:
    container_name: lldap_db
    image: docker.io/library/postgres:17.6
    restart: unless-stopped
    environment:
      - POSTGRES_USER=${POSTGRES_USER}
      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
      - POSTGRES_DB=${POSTGRES_DB}
    volumes:
      - ${APPDATA_PATH}/lldap/db:/var/lib/postgresql/data
    networks:
      - backend
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -d ${POSTGRES_DB} -U ${POSTGRES_USER}"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s

  lldap:
    container_name: lldap
    image: ghcr.io/lldap/lldap:v0.6.1-alpine-rootless
    restart: unless-stopped
    depends_on:
      lldap_db:
        condition: service_healthy
    environment:
      - UID=${PUID}
      - GID=${PGID}
      - TZ=${TZ}
      - LLDAP_JWT_SECRET=${LLDAP_JWT_SECRET}
      - LLDAP_KEY_SEED=${LLDAP_KEY_SEED}
      - LLDAP_LDAP_BASE_DN=${LLDAP_LDAP_BASE_DN}
      - LLDAP_LDAP_USER_DN=${LLDAP_LDAP_USER_DN}
      - LLDAP_LDAP_USER_PASS=${LLDAP_LDAP_USER_PASS}
      - LLDAP_LDAP_USER_EMAIL=${LLDAP_LDAP_USER_EMAIL}
      - LLDAP_DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@lldap_db/${POSTGRES_DB}
    volumes:
      - ${APPDATA_PATH}/lldap/data:/data
    ports:
      - ${PORT}:17170
    networks:
      - frontend
      - backend

networks:
  frontend:
    external: true
  backend:
    external: true