version: '3'
services:
  openldap:
    #image: pgarrett/ldap-alpine
    image: ldap-alpine
    environment:
      ORGANISATION_NAME: NORDUnet
      SUFFIX: dc=nordu,dc=net
      ROOT_PW: secretpw
      USER_UID: markus
      USER_GIVEN_NAME: Markus
      USER_SURNAME: Krogh
      USER_EMAIL: markus@nordu.net
      USER_PW: notused
      CA_FILE: /certs/ldap.crt
      KEY_FILE: /certs/ldap.key
      CERT_FILE: /certs/ldap.crt
      TLS_VERIFY_CLIENT: never
    volumes:
      - ./data/ldap/ldif:/ldif
      - ./data/ldap/certs:/certs
      - ./data/ldap/ldap_data:/var/lib/openldap/openldap-data
    ports:
      - "127.0.0.1:6636:636"
  krb5:
    image: heimdal-alpine
    volumes:
      - ./data/keytabs:/opt/keytabs
    environment:
      - PRINCIPALS=pwman:pwmantest markus:test
      - REALM=NORDU.NET
    ports:
      - "127.0.0.1:8888:88"
      - "127.0.0.1:7749:749"
  nginx:
    image: nginx
    volumes: 
      - ./dev/nginx:/etc/nginx/conf.d
    ports:
      - "80:80"
  pwman:
    build: .
    environment:
      LDAP_PASSWORD: secretpw
      LDAP_SERVER: openldap
      LDAP_PORT: 636
      LDAP_SSL_SKIP_VERIFY: "true"
      CSRF_INSECURE: "true"
      CHANGEPW_SCRIPT: /opt/pwman/create-kdc-principal.pl
      KRB5_CONFIG: /opt/pwman/krb5.conf
    volumes:
      - ./data/keytabs:/opt/keytabs
      - ./data/pwman:/opt/pwman
      - ./data/pwman/krb5.conf:/etc/krb5.conf:ro
      - ./data/pwman/pwned-passwords-ordered-2.0.txt:/opt/pwned-passwords-ordered-2.0.txt:ro