version: "3"

services:
  web:
    image: abiosoft/caddy:0.10.4
    container_name: web
    restart: always
    privileged: true
    links:
      - kwebapp
      #- kzpush
    ports:
      - "10080:80"
      - "10443:443"
    volumes:
      - ./web/Caddyfile:/etc/Caddyfile
      - ./data/web:/root/.caddy

  ldap:
    build: ldap/
    #image: osixia/openldap:1.2.2
    container_name: ldap
    ports:
      - 389:389
    environment:
      - LDAP_ORGANISATION="Kopano Demo"
      - LDAP_DOMAIN=kopano.demo
      - LDAP_BASE_DN=dc=kopano,dc=demo
      - LDAP_ADMIN_PASSWORD=kopano123
      - LDAP_READONLY_USER=true
      - LDAP_READONLY_USER_PASSWORD=kopano123
    command: --loglevel debug --copy-service
    volumes:
      #- ./ldap/bootstrap:/container/service/slapd/assets/config/bootstrap/ldif/custom
      - ./data/ldap/var/lib/ldap:/var/lib/ldap
      - ./data/ldap/etc/ldap/slapd.d:/etc/ldap/slapd.d
    networks:
      - kopanonet


  ldap-admin:
    image: osixia/phpldapadmin:0.7.2
    container_name: ldap-admin
    depends_on:
      - ldap
    environment:
      - PHPLDAPADMIN_LDAP_HOSTS=ldap
      - PHPLDAPADMIN_HTTPS=false
    command: -l debug
    links:
      - ldap
    ports:
      - "8081:80"

  mail:
    image: tvial/docker-mailserver:release-v6.1.0
    restart: always
    hostname: mail
    domainname: kopano.demo # change here
    container_name: mail
    depends_on:
      - ldap
    links:
      - ldap
    ports:
      - "25:25"
    volumes:
      - ./data/mail/data:/var/mail
      - ./data/mail/state:/var/mail-state
      - ./mail/config:/tmp/docker-mailserver/
      #- ./data/web/acme-v01.api.letsencrypt.org/sites/mail.kopano.demo:/tmp/ssl:ro
    environment:
      - TZ=Europe/Berlin
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - ONE_DIR=1
      - DMS_DEBUG=0
      - SSL_TYPE=manual
      #- SSL_CERT_PATH=/tmp/ssl/mail.kopano.demo.crt
      #- SSL_KEY_PATH=/tmp/ssl/mail.kopano.demo.key
      - ENABLE_LDAP=1
      - LDAP_SERVER_HOST=ldaps://ldap:636
      - LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
      - LDAP_BIND_DN=cn=readonly,DC=kopano,DC=demo
      - LDAP_BIND_PW=kopano123
      - LDAP_QUERY_FILTER_USER=(&(objectClass=user)(|(mail=%s)(otherMailbox=%s)))
      - LDAP_QUERY_FILTER_GROUP=(&(objectclass=group)(mail=%s))
      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=user)(otherMailbox=%s))
      - LDAP_QUERY_FILTER_DOMAIN=(&(|(mail=*@%s)(otherMailbox=*@%s)(mailGroupMember=*@%s))(kopanoAccount=1)(|(objectClass=user)(objectclass=group)))
      - ENABLE_SASLAUTHD=1
      - SASLAUTHD_LDAP_SERVER=ldaps://ldap:363
      - SASLAUTHD_LDAP_BIND_DN=cn=cn=readonly,DC=kopano,DC=demo
      - SASLAUTHD_LDAP_PASSWORD=kopano123
      - SASLAUTHD_LDAP_SEARCH_BASE=OU=users,DC=kopano,DC=demo
      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
      - SASLAUTHD_MECHANISMS=ldap
      - POSTMASTER_ADDRESS=postmaster@kopano.demo
      - SMTP_ONLY=1
      - PERMIT_DOCKER=network
      - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
      - POSTFIX_DAGENT=lmtp:kdagent:2003
      - REPORT_RECIPIENT=1
    networks:
      - kopanonet
    cap_add:
      - NET_ADMIN
      - SYS_PTRACE

  # TODO find good example ldap container
  db:
    image: mariadb:10.3.10-bionic
    restart: always
    container_name: kopano_db
    volumes:
      - ./data/mysql/:/var/lib/mysql
    environment:
      - MYSQL_ROOT_PASSWORD=kopano123
      - MYSQL_USER=kopanodbuser
      - MYSQL_PASSWORD=kopanodbpw
      - MYSQL_DATABASE=kopano
    healthcheck:
      test: ["CMD-SHELL", 'mysql --database=$$MYSQL_DATABASE --password=$$MYSQL_ROOT_PASSWORD --execute="SELECT count(table_name) > 0 FROM information_schema.tables;" --skip-column-names -B']
      interval: 30s
      timeout: 10s
      retries: 4
    networks:
      - kopanonet
  
  kwebapp:
    image: zokradonh/kopano_webapp:latest
    hostname: kwebapp
    container_name: kopano_webapp
    links:
      - kserver
    volumes:
      - ./data/z-push-states/:/var/lib/z-push/
      - ./ssl/:/kopano/ssl
      - ./data/socket/:/run/kopano
    environment:
      - TZ=Europe/Berlin
    networks:
      - web
      - kopanonet

  kssl:
    image: zokradonh/kopano_ssl
    container_name: kopano_ssl
    volumes:
      - ./data/ssl/:/kopano/ssl

  kserver:
    image: zokradonh/kopano_core:latest
    hostname: kserver
    container_name: kopano_server
    links:
      - db
      - ldap
    depends_on:
      - db
      - ldap
      - kssl
    environment:
      - SERVICE_TO_START=server
      - TZ=Europe/Berlin
      - KCCONF_SERVER_COREDUMP_ENABLED=no
      - KCCONF_SERVER_LOG_LEVEL=4
      - KCCONF_SERVER_MYSQL_HOST=db
      - KCCONF_SERVER_MYSQL_PORT=3306
      - KCCONF_SERVER_MYSQL_DATABASE=kopano
      - KCCONF_SERVER_MYSQL_USER=kopanodbuser
      - KCCONF_SERVER_MYSQL_PASSWORD=kopanodbpw
      - KCCONF_SERVER_SERVER_SSL_KEY_FILE=/kopano/ssl/kserver.pem
      - KCCONF_SERVER_SERVER_SSL_CA_FILE=/kopano/ssl/ca.pem
      - KCCONF_SERVER_SERVER_NAME=Kopano
      - KCCONF_SERVER_SSLKEYS_PATH=/kopano/ssl/clients
      - KCCONF_SERVER_PROXY_HEADER=* # delete line if webapp is not behind reverse proxy
      - KCCONF_SERVER_SYSTEM_EMAIL_ADDRESS=hostmaster@domain.tld  #change here
      - KCCONF_SERVER_DISABLED_FEATURES=pop3
      - KCCONF_LDAP_LDAP_URI=ldap://ldap:389
      - KCCONF_LDAP_LDAP_BIND_USER=cn=readonly,DC=kopano,DC=demo
      - KCCONF_LDAP_LDAP_BIND_PASSWD=kopano123
      - KCCONF_LDAP_LDAP_SEARCH_BASE=OU=users,dc=kopano,dc=demo
      - KCUNCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.openldap.cfg #delete if you want openldap
      - KCCOMMENT_LDAP_1=!include /usr/share/kopano/ldap.active-directory.cfg #delete if you want openldap
      #- ADDITIONAL_KOPANO_PACKAGES=kopano-migration-imap
    networks:
      - kopanonet
    volumes:
      - ./data/kopano/:/kopano/data
      - ./data/ssl/:/kopano/ssl

networks:
  web:
  kopanonet:
    driver: bridge