---
version: '3.7'
services:
  isard-sso-freeipa:
    container_name: isard-sso-freeipa
    image: freeipa/freeipa-server:centos-8
    restart: unless-stopped
    hostname: ipa.${DOMAIN}
    environment:
      - IPA_SERVER_HOSTNAME=ipa.${DOMAIN}
    tty: true
    stdin_open: true
    cap_add:
      - NET_ADMIN
    volumes:
      - ${BUILD_ROOT_PATH}/scripts/freeipa:/scripts
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
      - ${DATA_FOLDER}/freeipa:/data
    sysctls:
      - net.ipv6.conf.lo.disable_ipv6=0
      - net.ipv6.conf.all.disable_ipv6=0
    security_opt:
      - "seccomp:unconfined"
    command:
      - -U
      - --domain=${DOMAIN}
      - --realm=${DOMAIN}
      - --http-pin=${IPA_ADMIN_PWD}
      - --dirsrv-pin=${IPA_ADMIN_PWD}
      - --ds-password=${IPA_ADMIN_PWD}
      - --admin-password=${IPA_ADMIN_PWD}
      - --no-host-dns
      #- --no-dnssec-validation
      #- --setup-dns
      #- --auto-forwarders
      #- --allow-zone-overlap
      - --unattended
    #ports:
      #- "53:53/udp"
      #- "53:53"
      #- "80:80"
      #- "443:443"
      #- "389:389"
      #- "636:636"
      #- "88:88"
      #- "464:464"
      #- "88:88/udp"
      #- "464:464/udp"
      #- "123:123/udp"
      #- "7389:7389"
      #- "9443:9443"
      #- "9444:9444"
      #- "9445:9445"
    env_file:
      - .env
    networks:
      isard_net:
        aliases:
          - ${DOMAIN}
          - ipa.${DOMAIN}