version: "3.5"

services:
  web:
    image: ${docker_repo:-kopano}/kopano_web:${KWEB_VERSION:-latest}
    restart: unless-stopped
    ports:
      - "${CADDY:-2015}:2015"
      - "${HTTP:-80}:80"
      - "${HTTPS:-443}:443"
    environment:
      - DEFAULTREDIRECT=/meet
      - EMAIL=${EMAIL:-off}
      - FQDN=${FQDNCLEANED?err}
    command: wrapper.sh
    cap_drop:
      - ALL
    cap_add:
      - CHOWN
      - NET_BIND_SERVICE
      - SETGID
      - SETUID
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      - web:/.kweb
    networks:
      web-net:
        aliases:
          - ${FQDNCLEANED?err}

  ldap:
    image: ${docker_repo:-kopano}/${LDAP_CONTAINER:-kopano_ldap_demo}:${LDAP_VERSION:-latest}
    restart: unless-stopped
    container_name: ${COMPOSE_PROJECT_NAME}_ldap
    environment:
      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
      - LDAP_BASE_DN=${LDAP_BASE_DN}
      - LDAP_DOMAIN=${LDAP_DOMAIN}
      - LDAP_ORGANISATION=${LDAP_ORGANISATION}
      - LDAP_READONLY_USER_PASSWORD=${LDAP_READONLY_USER_PASSWORD}
      - LDAP_READONLY_USER=true
    command: "--loglevel info --copy-service"
    volumes:
      - ldap:/var/lib/ldap
      - slapd:/etc/ldap/slapd.d
    networks:
      - ldap-net

  kopano_ssl:
    image: ${docker_repo:-kopano}/kopano_ssl:${SSL_VERSION:-latest}
    environment:
      - FQDN=${FQDN}
      - PKI_COUNTRY=NL
    volumes:
      - kopanossl/:/kopano/ssl

  kopano_kustomer:
    image: kopano/kustomerd:${KUSTOMER_VERSION:-latest}
    restart: unless-stopped
    command: serve
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id\
      - kopanolicenses:/etc/kopano/licenses
      - kopanosocket/:/run/kopano

  kopano_grapi:
    image: ${docker_repo:-kopano}/kopano_core:${CORE_VERSION:-latest}
    restart: unless-stopped
    container_name: ${COMPOSE_PROJECT_NAME}_grapi
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      - kopanosocket/:/run/kopano
    environment:
      - GRAPI_BACKEND=ldap
      - LDAP_BASEDN=${LDAP_SEARCH_BASE}
      - LDAP_BINDDN=${LDAP_BIND_DN}
      - LDAP_BINDPW=${LDAP_BIND_PW}
      - LDAP_URI=${LDAP_SERVER}
      - SERVICE_TO_START=grapi
      - TZ=${TZ}
    networks:
      - kopano-net
      - ldap-net

  kopano_kapi:
    image: ${docker_repo:-kopano}/kopano_core:${CORE_VERSION:-latest}
    restart: unless-stopped
    container_name: ${COMPOSE_PROJECT_NAME}_kapi
    depends_on:
      - kopano_grapi
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      - kopanodata/:/kopano/data
      - kopanosocket/:/run/kopano
      - kopanossl/:/kopano/ssl
    environment:
      - KCCONF_KAPID_INSECURE=${INSECURE}
      - KCCONF_KAPID_LOG_LEVEL=DEBUG
      - KCCONF_KAPID_OIDC_ISSUER_IDENTIFIER=https://${FQDN}
      - SERVICE_TO_START=kapi
      - TZ=${TZ}
    networks:
      - kopano-net
      - web-net

  kopano_konnect:
    image: ${docker_repo:-kopano}/kopano_konnect:${KONNECT_VERSION:-latest}
    restart: unless-stopped
    depends_on:
      - kopano_ssl
      - web
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      - kopanossl/:/kopano/ssl
    environment:
      - allow_client_guests=yes
      - allow_dynamic_client_registration=yes
      - eckey=/kopano/ssl/meet-kwmserver.pem
      - ecparam=/kopano/ssl/ecparam.pem
      - encryption_secret_key=/kopano/ssl/konnectd-encryption.key
      - FQDN=${FQDN}
      - identifier_registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
      - identifier_scopes_conf=/etc/kopano/konnectd-identifier-scopes.yaml
      - KONNECT_BACKEND=ldap
      - LDAP_BASEDN=${LDAP_SEARCH_BASE}
      - LDAP_BINDDN=${LDAP_BIND_DN}
      - LDAP_BINDPW=${LDAP_BIND_PW}
      - LDAP_EMAIL_ATTRIBUTE=mail
      - LDAP_FILTER=(objectClass=organizationalPerson)
      - LDAP_LOGIN_ATTRIBUTE=uid
      - LDAP_NAME_ATTRIBUTE=cn
      - LDAP_SCOPE=sub
      - LDAP_URI=${LDAP_SERVER}
      - LDAP_UUID_ATTRIBUTE_TYPE=text
      - LDAP_UUID_ATTRIBUTE=uidNumber
      - signing_private_key=/kopano/ssl/konnectd-tokens-signing-key.pem
    networks:
      - kopano-net
      - ldap-net
      - web-net

  kopano_kwmserver:
    image: ${docker_repo:-kopano}/kopano_kwmserver:${KWM_VERSION:-latest}
    restart: unless-stopped
    command: wrapper.sh
    depends_on:
      - kopano_kapi
      - kopano_konnect
    environment:
      - enable_guest_api=yes
      - INSECURE=${INSECURE}
      - oidc_issuer_identifier=https://${FQDN}
      - public_guest_access_regexp=^group/public/.*
      - registration_conf=/kopano/ssl/konnectd-identifier-registration.yaml
      - turn_service_credentials_password=${TURN_PASSWORD}
      - turn_service_credentials_user=${TURN_USER}
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
      - kopanossl/:/kopano/ssl
    networks:
      - web-net

  kopano_meet:
    image: ${docker_repo:-kopano}/kopano_meet:${MEET_VERSION:-latest}
    restart: unless-stopped
    environment:
      - KCCONF_MEET_disableFullGAB=false
      - KCCONF_MEET_GRID_WEBAPP=no
      - KCCONF_MEET_guests_enabled=true
      - KCCONF_MEET_useIdentifiedUser=true
      - SERVICE_TO_START=meet
    depends_on:
      - kopano_kapi
      - kopano_konnect
      - kopano_kwmserver
      - web
    volumes:
      - /etc/machine-id:/etc/machine-id
      - /etc/machine-id:/var/lib/dbus/machine-id
    networks:
      - web-net

volumes:
  kopanodata:
  kopanolicenses:
  kopanosocket:
  kopanossl:
  ldap:
  slapd:
  web:

networks:
  kopano-net:
    driver: bridge
  ldap-net:
    driver: bridge
  web-net: