version: '3.7'

# networks
# create a network 'guacnetwork_net' in mode 'bridged'
networks:
  interne:
    driver: overlay
    attachable: true
  externe:
    driver: bridge
    attachable: true

# services
services:
  # guacd
  guacd:
    container_name: guacd
    image: guacamole/guacd:latest
    networks:
      interne:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw

  # postgres
  postgres:
    container_name: postgres
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: 'PasswordHere123456'
      POSTGRES_USER: guacamole_user
    image: postgres:15.2-alpine
    networks:
      interne:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:z
    - ./data:/var/lib/postgresql/data:

  # guacamole
  guacamole:
    container_name: guacamole
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: 'PasswordHere123456'
      POSTGRES_USER: guacamole_user
      LDAP_HOSTNAME: "10.0.4.2"
      LDAP_PORT: 389
      LDAP_ENCRYPTION_METHOD: "none"
      LDAP_USER_BASE_DN: "ou=utilisateurs,dc=tips-of-mine,dc=local"
      LDAP_USERNAME_ATTRIBUTE: "sAMAccountName"
      LDAP_SEARCH_BIND_DN: "cn=service-guacamole,ou=Services,ou=utilisateurs,dc=tips-of-mine,dc=local"
      LDAP_SEARCH_BIND_PASSWORD: "some_password"
      LDAP_GROUP_BASE_DN: "ou=groupes,dc=tips-of-mine,dc=local"
      LDAP_GROUP_NAME_ATTRIBUTE: "cn"
    image: guacamole/guacamole:latest
    links:
    - guacd
    networks:
      interne:
#    ports:
## enable next line if not using nginx
##    - 8080:8080/tcp # Guacamole is on :8080/guacamole, not /.
## enable next line when using nginx
#    - 8080/tcp
    restart: always
    volumes:
      - ./guacamole-config:/config
    labels:
      - "traefik.enable=true"
      - "traefik.backend=guacamole"
#      - "traefik.http.routers.bastion.rule=Host(`guacamole.tips-of-mine.local`)"
#      - "traefik.http.middlewares.guac-addprefix.addprefix.prefix=/guacamole"
#      - "traefik.http.services.bastion.loadbalancer.server.port=8080"
      - "traefik.http.services.guacamole.loadbalancer.server.port=8080"
      - "traefik.http.routers.guacamole.rule=Host(`guacamole.tips-of-mine.local`)"
      - "traefik.http.routers.guacamole.tls.certresolver=zero"
      - "traefik.http.routers.guacamole.entrypoints=https"
      - "traefik.http.routers.guacamole.middlewares=guacamole-addprefix"
      - "traefik.http.middlewares.guacamole-addprefix.addprefix.prefix=/guacamole"
      - "traefik.docker.network=interne"