services:
  pocketbase:
    image: git.stuve.uni-ulm.de/stuve-it/stuve-it-backend:latest
    #command:
    #  - "--debug"
    container_name: stuve_it_backend
    restart: unless-stopped
    volumes:
      - pb_data:/pb_data
    healthcheck:
      test: wget --no-verbose --tries=1 --spider http://localhost:8090/api/health || exit 1
      interval: 5s
      timeout: 5s
      retries: 5
    environment:

      LDAP_URL: "ldap://dc.stuve.uni-ulm.de"

      LDAP_BIND_DN: "cn=ldapsync,ou=systemaccounts,ou=user,dc=stuve,dc=uni-ulm,dc=de"
      LDAP_BIND_PASSWORD: "***************"

      LDAP_BASE_DN: "ou=useraccounts,ou=user,dc=stuve,dc=uni-ulm,dc=de"
      LDAP_USER_FILTER: "(|(objectCategory=person)(objectClass=user))"

      LDAP_ADMIN_GROUP_DN: "cn=ref-computer,ou=groups,ou=user,dc=stuve,dc=uni-ulm,dc=de"

      LDAP_GROUP_FILTER: "(objectClass=group)"
      LDAP_GROUP_BASE_DN: "ou=groups,ou=user,dc=stuve,dc=uni-ulm,dc=de"

      LDAP_SYNC_SCHEDULE: "*/1 * * * *"

    networks:
      - traefik-network
    labels:
      # enable traefik for this container
      - "traefik.enable=true"

      # https entrypoint
      - "traefik.http.routers.it-tools_https.rule=Host(`it.stuve.uni-ulm.de`) && (PathPrefix(`/_/`) || PathPrefix(`/api/`))"
      - "traefik.http.routers.it-tools_https.entrypoints=websecure"
      - "traefik.http.routers.it-tools_https.tls=true"
      - "traefik.http.routers.it-tools_https.tls.certResolver=http_resolver"

      # the internal port of the container
      - "traefik.http.services.it-tools.loadbalancer.server.port=8090"

volumes:
  pb_data:

networks:
  traefik-network:
    name: traefik-network
    external: true