version: "3"

services:

  app:

    image: hackmdio/hackmd:2.0.1
    restart: always
    depends_on:
      - db
    ports:
      - 127.0.0.1:42007:3000
    environment:
      CMD_DB_URL: "mysql://hackmd:{{ mysql_user_pass }}@db:3306/hackmd"
      CMD_SESSION_SECRET: "{{ hackmd_session_secret }}"
      CMD_ALLOW_ANONYMOUS: "true"
      CMD_ALLOW_ANONYMOUS_EDITS: "true"
      CMD_DEFAULT_PERMISSION: "freely"
      CMD_ALLOW_FREEURL: "true"
      CMD_LDAP_URL: "ldap://{{ ldap_ip_ext }}:389"
      CMD_LDAP_BINDDN: "{{ ldap_readonly_bind_dn }}"
      CMD_LDAP_BINDCREDENTIALS: "{{ ldap_readonly_pass }}"
      CMD_LDAP_SEARCHBASE: "{{ ldap_base_dn }}"
      CMD_LDAP_SEARCHFILTER: "(&(uid={% raw %}{{username}}{% endraw %})(objectClass=inetOrgPerson)(memberof=CN=active,OU=groups,DC=warpzone,DC=ms))"
      CMD_LDAP_SEARCHATTRIBUTES: "uid"
      CMD_LDAP_USERIDFIELD: "uid"
      CMD_LDAP_USERNAMEFIELD: "uid"
      CMD_EMAIL: "false"


  db: 

    image: mariadb:10.5.2
    volumes:
      - /srv/hackmd/db:/var/lib/mysql
      - /srv/hackmd/mysql-utf8.cnf:/etc/mysql/conf.d/utf8.cnf
    environment:
      MYSQL_ROOT_PASSWORD: "{{ mysql_root_pass }}"
      MYSQL_PASSWORD: "{{ mysql_user_pass }}"
      MYSQL_DATABASE: "hackmd"
      MYSQL_USER: "hackmd"