group_vars/prod

@@ -136,4 +136,5 @@ oauth_global:
 
 oidc_global:
   provider_url: https://uffd.warpzone.ms
-  logout_url: https://uffd.warpzone.ms/logout
\ No newline at end of file
+  logout_url: https://uffd.warpzone.ms/logout
+  ldap_base_dn: "dc=warpzone,dc=ms"

group_vars/test

@@ -47,10 +47,11 @@ oauth_global:
 oidc_global:
   provider_url: https://uffd.test-warpzone.de
   logout_url: https://uffd.test-warpzone.de/logout
+  ldap_base_dn: "dc=test-warpzone,dc=de"
 
 # Matrix Settings 
 matrix:
-  domain: matrix.warpzone.ms
-  public_url: https://matrix.warpzone.ms
-  identity_server: https://matrix.warpzone.ms
-  notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.warpzone.ms"
\ No newline at end of file
+  domain: matrix.test-warpzone.de
+  public_url: https://matrix.test-warpzone.de
+  identity_server: https://matrix.test-warpzone.de
+  notifications_room_id: "!QxrpmOPYwofaPFqKMY:matrix.test-warpzone.de"

host_vars/ogg

@@ -36,9 +36,8 @@ webserver_domains:
   - "fridgeserver.warpzone.lan"
   - "grafana.warpzone.lan"
   - "services.warpzone.lan"
-  - "ha-.warpzone.lan"
+  - "ha.warpzone.lan"
   - "omada.warpzone.lan"
-  - "pihole.warpzone.lan"
   - "tasmoadmin.warpzone.lan"
   - "zigbee2mqtt.warpzone.lan"
 
@@ -74,7 +73,6 @@ alert:
     - { name: "mqtt-tgfloat-1" } 
     - { name: "nodered-app-1" }
     - { name: "omada-app-1" }
-    - { name: "pihole-app-1" }
     - { name: "tasmoadmin-app-1" }
     - { name: "traefik-app-1" }
     - { name: "watchtower-app-1" }

host_vars/pihole

+
+# Host spezifische Variablen
+
+motd_lines:
+  - "pihole - Interner pihole DNS @ warpzone"
+  - "Haupt-IP @ eth0: {{ansible_eth0.ipv4.address}}"
+  - "IPv6-IP @ eth0: {{ ext_ip6 }}"
+
+debian_sources:
+  - "deb http://ftp2.de.debian.org/debian/ bookworm main contrib non-free non-free-firmware"
+  - "deb http://ftp.debian.org/debian bookworm-updates main contrib non-free non-free-firmware"
+  - "deb http://security.debian.org/ bookworm-security main contrib non-free non-free-firmware"
+  - "deb https://download.docker.com/linux/debian bookworm stable"
+
+debian_keys_id:
+
+debian_keys_url:
+  - "https://download.docker.com/linux/debian/gpg"
+
+
+# Primäre IP Adressen des Hosts
+#ext_ip4: <keine>
+ext_ip6: 2a02:1799:7:1337::2
+int_ip4: 10.0.0.2
+
+
+# Art des Hosts: physical, vm, lxc
+host_type: "lxc"
+
+# SSL deaktivieren
+webserver_ssl: false
+
+# Liste der gehosteten Domänen
+webserver_domains:
+  - "pihole.warpzone.lan"
+
+administratorenteam:
+  - "void"
+  - "sandhome"
+  - "3d"
+  - "jabertwo"
+
+# Monitoring aktivieren
+alert:
+  load:
+    warn: 15
+    crit: 30
+  containers:
+    - { name: "dockerstats-app-1" }
+    - { name: "pihole-app-1" }
+  disks:
+    - { mountpoint: "/", warn: "1 GB", crit: "512 MB" }
\ No newline at end of file

host_vars/test-warpzone-de

@@ -58,6 +58,7 @@ administratorenteam:
   - "void"
   - "sandhome"
   - "jabertwo"
+  - "supervirus"
 
 # Docker konfigurationen 
 docker:

host_vars/webserver

@@ -39,6 +39,7 @@ webserver_domains:
   - "ldap.warpzone.ms"
   - "keycloak.warpzone.ms"
   - "md.warpzone.ms"
+  - "privatebin.warpzone.ms"
 #  - "turn.warpzone.ms"
   - "wiki.warpzone.ms"
   - "www.warpzone.ms"
@@ -82,9 +83,6 @@ alert:
     - { name: "icinga-app-1" }
     - { name: "icinga-db-1" }
     - { name: "icinga-graphite-1" }
-    - { name: "keycloak-app-1" }
-    - { name: "keycloak-db-1" }
-    - { name: "keycloak-sync-group-active-1" }
     - { name: "ldap-openldap-1" }
     - { name: "ldap-phpldapadmin-1" }
     - { name: "mail-admin-1" }
@@ -109,6 +107,7 @@ alert:
     - { name: "matterbridge-wz-1" }
     - { name: "matterbridge-web-1" }
     - { name: "matterbridge-restarter-1" }
+    - { name: "privatebin-app-1" }
     - { name: "traefik-app-1" }
     - { name: "uffd-app-1" }
     - { name: "uffd-db-1" }

hosts.yml

@@ -37,6 +37,10 @@ prod:
     carrot:
       ansible_ssh_host: 192.168.0.202
       ansible_user: root
+    
+    pihole:
+      ansible_ssh_host: 10.0.0.2
+      ansible_user: root
 
     # Öffentlicher Webserver Warpzone
     # VM auf Tiffany

intern/docker_homeassistant/templates/config/configuration.yaml

@@ -132,6 +132,50 @@ sensor:
       - 'date_time'
 
 automation ansible:
+
+  # Autodiscovery für Licht Hackcenter
+  
+  # Das Licht Hackcenter besteht eigentlich aus zwei geräten, einem DALI-Controller und einem Tasmota-Schalter. 
+  # - Der Tasmota Schalter, schaltet generell den Strom ein und aus.
+  # - Der Dali Controller ist für die Regelung der Helligkeit verantwortlich. (Wertebereich 0 - 255)
+
+  # Die Automatisierung erstellt eine Autodiscovery-Konfiguration für HomeAssistant, 
+  # die beide Geräte als ein Licht darstellt.
+  # Die Autodiscovery Message wird automatisch beim Start von HomeAssistant gesendet.
+
+  - alias: ANSIBLE_autodiscovery_light_hackcenter
+    description: "MQTT Autodiscovery für Licht Hackcenter"
+    mode: single
+    triggers:
+      - trigger: homeassistant
+        event: start
+    action:
+      - service: mqtt.publish
+        data:
+          topic: "homeassistant/light/licht_hackcenter_01/config"
+          retain: true
+          qos: 0
+          payload: >
+            {
+              "name": "Licht Hackcenter",
+              "unique_id": "licht_hackcenter_01",
+              "object_id": "licht_hackcenter",
+              "state_topic": "stat/tasmota_B1233C/POWER",
+              "command_topic": "cmnd/tasmota_B1233C/Power1",
+              "brightness_state_topic": "light/dali_out",
+              "brightness_command_topic": "light/dali_in",
+              "qos": 0,
+              "payload_on": "ON",
+              "payload_off": "OFF",
+              "optimistic": false,
+              "device": {
+                "identifiers": ["licht_hackcenter_01"],
+                "name": "Licht Hackcenter",
+                "manufacturer": "warpzone",
+                "model": "DALI"
+              }
+            }
+
   # Abluft dauerhaft an
   - alias: ANSIBLE_Abluft_dauer_an
     description: Verhindert Ausschalten der Abluft und setzt festen Wert bei schließen der Zone
@@ -176,93 +220,6 @@ automation ansible:
             target:
               device_id: 96844a416179e61fff99195b6a16522e
 
-  # Licht im Hackcenter dimmen
-  - alias: ANSIBLE_dali_licht_hackcenter_helligkeit-anpassen
-    description: Ruft den Helper aus um per MQTT das Licht zu dimmen
-    trigger:
-      - platform: state
-        entity_id:
-          - input_number.dali_licht_hackcenter
-        for:
-          hours: 0
-          minutes: 0
-          seconds: 0
-    action:
-      - service: mqtt.publish
-        data:
-          topic: light/dali
-          payload_template: "{{ '{{' }} states('input_number.dali_licht_hackcenter') | int {{ '}}' }}"
-    mode: restart
-
-  - alias: ANSIBLE_Dimmer_Hackcenter_down
-    description: ""
-    mode: single
-    triggers:
-      - domain: mqtt
-        device_id: 868d603a22c4f1f6d5cc6d050f962e1a
-        type: action
-        subtype: rotate_left
-        trigger: device
-      - domain: mqtt
-        device_id: a35a891d445fc54d0aab7c5e2fce40a1
-        type: action
-        subtype: rotate_left
-        trigger: device
-    conditions: []
-    actions:
-      - repeat:
-          count: 25
-          sequence:
-            - target:
-                entity_id: input_number.dali_licht_hackcenter
-              data: {}
-              action: input_number.decrement
-
-  - alias: ANSIBLE_Dimmer_Hackcenter_up
-    description: ""
-    mode: single
-    triggers:
-      - domain: mqtt
-        device_id: 868d603a22c4f1f6d5cc6d050f962e1a
-        type: action
-        subtype: rotate_right
-        trigger: device
-      - domain: mqtt
-        device_id: a35a891d445fc54d0aab7c5e2fce40a1
-        type: action
-        subtype: rotate_right
-        trigger: device
-    conditions: []
-    actions:
-      - repeat:
-          count: 25
-          sequence:
-            - target:
-                entity_id: input_number.dali_licht_hackcenter
-              data: {}
-              action: input_number.increment
-
-  - alias: ANSIBLE_Dimmer_Hackcenter_toggle
-    description: ""
-    mode: single
-    triggers:
-      - domain: mqtt
-        device_id: 868d603a22c4f1f6d5cc6d050f962e1a
-        type: action
-        subtype: single
-        trigger: device
-      - domain: mqtt
-        device_id: a35a891d445fc54d0aab7c5e2fce40a1
-        type: action
-        subtype: single
-        trigger: device
-    conditions: []
-    actions:
-      - type: toggle
-        device_id: f65f71ef46e86492b79d75223670013a
-        entity_id: c522db6731a33bd27763830ddd2740e2
-        domain: switch
-
   - alias: ANSIBLE_Zonenshutdown
     mode: single
     triggers:
@@ -333,7 +290,7 @@ automation ansible:
             data:
               skip_condition: true
             target:
-              entity_id: automation.ansible_hackcenter_licht_nach_shutdown
+              entity_id: automation.ANSIBLE_hackcenter_licht_nach_shutdown
 
   - alias: ANSIBLE_Zonenboot
     mode: single
@@ -838,6 +795,23 @@ automation ansible:
           area_id: NoAutoOn
     mode: single
 
+  - alias: ANSIBLE_hackcenter_licht_nach_shutdown
+    description: ""
+    mode: single
+    triggers: []
+    conditions: []
+    actions:
+      - delay:
+          hours: 0
+          minutes: 3
+          seconds: 0
+          milliseconds: 0
+      - action: light.turn_off
+        metadata: {}
+        data: {}
+        target:
+          device_id: c4f8f83fb287ba7b1d66b674a1564c75
+
   - alias: ANSIBLE_ZONE_backcenter_an
     description: ""
     triggers: []
@@ -989,37 +963,4 @@ automation ansible:
         data: {}
         target:
           area_id: schnackcenter
-    mode: single
-
-  - alias: ANSIBLE_Hackcenter_licht_nach_shutdown
-    description: ""
-    mode: restart
-    triggers: []
-    conditions: []
-    actions:
-      - metadata: {}
-        data:
-          value: 255
-        target:
-          entity_id: input_number.dali_licht_hackcenter
-        action: input_number.set_value
-      - delay:
-          hours: 0
-          minutes: 1
-          seconds: 0
-          milliseconds: 0
-      - metadata: {}
-        data:
-          value: 150
-        target:
-          entity_id: input_number.dali_licht_hackcenter
-        action: input_number.set_value
-      - delay:
-          hours: 0
-          minutes: 0
-          seconds: 10
-          milliseconds: 0
-      - type: turn_off
-        device_id: f65f71ef46e86492b79d75223670013a
-        entity_id: c522db6731a33bd27763830ddd2740e2
-        domain: switch
\ No newline at end of file
+    mode: single
\ No newline at end of file

intern/docker_pihole/templates/dnsmasq/09-localnet.conf

-
-# DNS Entries in the Format:
-# address=/double-click.net/127.0.0.1
-{% for domain in webserver_domains %}
-address=/{{domain}}/192.168.0.201
-{% endfor %}
\ No newline at end of file

keyfiles/supervirus.pub

+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM6+Ex8TM4gP+Nph5Cy5zK6z2mceI9i7vsh0ec4oTfDC htk@ridcully
\ No newline at end of file

intern/docker_pihole/tasks/main.yml → pihole/docker_pihole/tasks/main.yml

@@ -11,7 +11,6 @@
     - "{{ basedir }}"
     - "{{ basedir }}/secrets"
     - "{{ basedir }}/etc"
-    - "{{ basedir }}/dnsmasq"
 
 - name: "create config files for {{ servicename }}"
   template:
@@ -19,7 +18,7 @@
     dest: "{{ basedir }}/{{ item }}"
   with_items:
     - docker-compose.yml
-    - dnsmasq/09-localnet.conf
+    - etc/pihole.toml
   register: config
 
 - name: "stop {{ servicename}} docker"

pihole/docker_pihole/templates/docker-compose.yml

+services:
+  app:
+    image: pihole/pihole:2025.02.6
+    restart: always
+    network_mode: host
+    volumes:
+      - '{{ basedir }}/etc:/etc/pihole'
+    hostname: pihole
+    environment:
+      TZ: 'Europe/Berlin'
+      WEBPASSWORD: '{{ admin_password }}'
+    cap_add:
+      - NET_ADMIN
+      - SYS_NICE
+      - SYS_TIME
+      - NET_BIND_SERVICE
+      - NET_RAW

site.yml

@@ -27,28 +27,28 @@
         domain: "test-warpzone.de",
         domain_default: "www.test-warpzone.de",
       }    
-    - { 
-        role: testserver/docker_mail, tags: [ test_mail, docker_services ],
-        servicename: mail,
-        basedir: "/srv/{{ servicename }}",
-        domain: "test-warpzone.de",
-        mailserver: "mailserver.test-warpzone.de",
-        listserver: "listserver.test-warpzone.de"
-      }
+#    - { 
+#        role: testserver/docker_mail, tags: [ test_mail, docker_services ],
+#        servicename: mail,
+#        basedir: "/srv/{{ servicename }}",
+#        domain: "test-warpzone.de",
+#        mailserver: "mailserver.test-warpzone.de",
+#        listserver: "listserver.test-warpzone.de"
+#      }
     - { 
         role: testserver/docker_uffd, tags: [ test_uffd,  docker_services ],
         servicename: uffd, 
         basedir: "/srv/{{ servicename }}",
         domain: "uffd.test-warpzone.de",
       }
-    - { 
-        role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
-        servicename: icinga,
-        basedir: "/srv/{{ servicename }}",
-        domain: "icinga.test-warpzone.de",
-        api_port: 5665,
-        mysql_port: 33306
-      }
+#    - { 
+#        role: testserver/docker_icinga, tags: [ test_icinga, docker_services ],
+#        servicename: icinga,
+#        basedir: "/srv/{{ servicename }}",
+#        domain: "icinga.test-warpzone.de",
+#        api_port: 5665,
+#        mysql_port: 33306
+#      }
     - { 
         role: testserver/docker_gitlab, tags: [ test_gitlab, docker_services ],
         servicename: "gitlab",
@@ -231,12 +231,6 @@
         omada_port_https: 8043,
         omada_portal_https: 8843
       }
-    - { 
-        role: intern/docker_pihole, tags: pihole,
-        servicename: pihole,
-        basedir: /srv/pihole,
-        domain: "pihole.warpzone.lan"
-      }
     - { 
         role: intern/docker_tasmoadmin, tags: [ tasmoadmin, docker_services ],
         servicename: tasmoadmin,
@@ -256,6 +250,24 @@
         domain: "zigbee2mqtt.warpzone.lan"
       }
 
+- hosts: pihole
+  remote_user: root
+  roles:
+    - { role: common/cronapt, tags: cronapt }
+    - { role: common/docker, tags: docker }
+    - { role: common/prometheus-node, tags: prometheus-node }
+    - { 
+        role: common/docker_dockerstats, tags: [ dockerstats, docker_services ], 
+        servicename: dockerstats, 
+        basedir: /srv/dockerstats, 
+        metrics_port: 9487 
+      }
+    - { 
+        role: pihole/docker_pihole, tags: pihole,
+        servicename: pihole,
+        basedir: /srv/pihole,
+        domain: "pihole.warpzone.lan"
+      }
 
 - hosts: webserver
   remote_user: root
@@ -368,6 +380,12 @@
         basedir: /srv/wordpress, 
         domain: "www.warpzone.ms"
       }
+    - {
+        role: webserver/docker_privatebin, tags: [ privatebin, docker_services ],
+        servicename: privatebin,
+        basedir: /srv/privatebin,
+        domain: "privatebin.warpzone.ms"
+      }
     # - { 
     #     role: webserver/docker_workadventure, tags: [ workadventure, docker_services ],
     #     servicename: "workadventure",

testserver/docker_dokuwiki/tasks/main.yml

@@ -3,6 +3,8 @@
 - include_tasks: ../functions/get_secret.yml
   with_items:
    - { path: "{{ basedir }}/secrets/oauth_secret", length: 64}
+   - { path: "{{ basedir }}/dokuwiki_api_secret", length: 32 }
+   - { path: "{{ basedir }}/ldap_bind_pw", length: 32 }
 
 - name: create folder struct for dokuwiki
   file:
@@ -16,6 +18,7 @@
     - "{{ basedir }}/data/lib/plugins"
     - "{{ basedir }}/data/lib/plugins/oauth"
     - "{{ basedir }}/data/lib/plugins/oauthgeneric"
+    - "{{ basedir }}/uffd-ldapd"
 
 - name: Docker Compose Konfig-Datei erstellen
   template:
@@ -24,35 +27,36 @@
   with_items:
     - docker-compose.yml
     - Dockerfile
+    - uffd-ldapd/Dockerfile
   register: config
 
-- name: oauth plugin clonen
-  ansible.builtin.git:
-    repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
-    dest: "{{ basedir }}/data/lib/plugins/oauth"
-    force: true
+#- name: oauth plugin clonen
+#  ansible.builtin.git:
+#    repo: https://github.com/cosmocode/dokuwiki-plugin-oauth.git
+#    dest: "{{ basedir }}/data/lib/plugins/oauth"
+#    force: true
 
-- name: config für oauth kopieren
-  ansible.builtin.template:
-    src: oauth_vars.php
-    dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
+#- name: config für oauth kopieren
+#  ansible.builtin.template:
+#    src: oauth_vars.php
+#    dest: "{{ basedir }}/data/lib/plugins/oauth/conf/default.php"
 
-- name: oauthgeneric plugin clonen
-  ansible.builtin.git:
-    repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
-    dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
-    force: true
+#- name: oauthgeneric plugin clonen
+#  ansible.builtin.git:
+#    repo: https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric.git
+#    dest: "{{ basedir }}/data/lib/plugins/oauthgeneric"
+#    force: true
 
-- name: config für oauthgeneric kopieren
-  ansible.builtin.template:
-    src: oauthgeneric_vars.php
-    dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
+#- name: config für oauthgeneric kopieren
+#  ansible.builtin.template:
+#    src: oauthgeneric_vars.php
+#    dest: "{{ basedir }}/data/lib/plugins/oauthgeneric/conf/default.php"
 
-- name: oauth provider aktivieren
-  ansible.builtin.lineinfile:
-    path: "{{ basedir }}/data/conf/local.php"
-    regexp: "^$conf['authtype'] = "
-    line: "$conf['authtype'] = 'oauth';"
+#- name: oauth provider aktivieren
+#  ansible.builtin.lineinfile:
+#    path: "{{ basedir }}/data/conf/local.php"
+#    regexp: "^$conf['authtype'] = "
+#    line: "$conf['authtype'] = 'oauth';"
 
 - name: "stop {{ servicename}} docker"
   community.docker.docker_compose_v2:

testserver/docker_dokuwiki/templates/docker-compose.yml

@@ -17,7 +17,20 @@ services:
     networks:
       - default      
       - web  
-    
+
+  ldap:
+
+    build: uffd-ldapd/
+    restart: always
+    environment:
+       SERVER_API_URL: "{{ oidc_global.provider_url }}"
+       SERVER_API_USER: "dokuwikildap"
+       SERVER_API_SECRET: "{{ dokuwiki_api_secret }}"
+       SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"    
+       SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+    networks:
+      - default
+
 networks:
   web:
     external: true    

testserver/docker_dokuwiki/templates/uffd-ldapd/Dockerfile

+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies and configure custom repository
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends wget gnupg ca-certificates \
+    && wget -O- "https://packages.cccv.de/docs/cccv-archive-key.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/cccv-archive-key.gpg  \
+    && echo "deb https://packages.cccv.de/uffd bookworm main" > /etc/apt/sources.list.d/custom.list \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends uffd-ldapd ldap-utils \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+USER 999
+EXPOSE 389/tcp
+
+# Set default command
+CMD ["/usr/sbin/uffd-ldapd","--socket-address","0.0.0.0:389"]
+
+# Get all LDAP Entries
+# ldapsearch -x -H ldap://127.0.0.1 -D "cn=service,ou=system,{{ oidc_global.ldap_base_dn }}" -w "{{ ldap_bind_pw }}" -b "ou=users,{{ oidc_global.ldap_base_dn }}" "(objectClass=*)"
+

testserver/docker_mail/templates/mailu.env

@@ -179,3 +179,6 @@ DEFAULT_SPAM_THRESHOLD=80
 # API token required for authenticating to the RESTful API.
 # This is a mandatory setting for using the RESTful API.
 API_TOKEN={{ mailu_api_token }}
+
+#Advanced Vector Extensions
+LD_PRELOAD=/usr/lib/libhardened_malloc.so
\ No newline at end of file

testserver/docker_matrix/tasks/main.yml

@@ -3,6 +3,8 @@
 - include_tasks: ../functions/get_secret.yml
   with_items:
    - { path: /srv/shared/noreply_email_pass, length: -1 }
+   - { path: /srv/matrix/uffd_api_secret, length: 32 }
+   - { path: /srv/matrix/ldap_bind_pw, length: 32 }
    - { path: /srv/matrix/matrix_macaroon_secret_key, length: 32 }
    - { path: /srv/matrix/matrix_registration_shared_secret, length: 32 }
    - { path: /srv/matrix/matrix_form_secret, length: 32 }
@@ -30,6 +32,7 @@
     group: "999"
   with_items:
     - "/srv/matrix/db/"
+    - "/srv/matrix/uffd-ldapd/"
 
 
 - name: Konfig-Dateien erstellen
@@ -40,6 +43,7 @@
     - docker-compose.yml
     - synapse-data/homeserver.log.config
     - synapse-data/homeserver.yaml
+    - uffd-ldapd/Dockerfile
   register: configs
 
 

testserver/docker_matrix/templates/docker-compose.yml

@@ -23,6 +23,18 @@ services:
     networks:
       - default
 
+  ldap:
+
+    build: uffd-ldapd/
+    restart: always
+    environment:
+       SERVER_API_URL: "{{ oidc_global.provider_url }}"
+       SERVER_API_USER: "matrixldap"
+       SERVER_API_SECRET: "{{ uffd_api_secret }}"
+       SERVER_BASE_DN: "{{ oidc_global.ldap_base_dn }}"    
+       SERVER_BIND_PASSWORD: "{{ ldap_bind_pw}}"
+    networks:
+      - default
 
   synapse:
 
@@ -32,6 +44,7 @@ services:
     cpuset: "0"
     depends_on:
       - db
+      - ldap
     volumes:
       - /srv/matrix/synapse-data/:/data
     environment: