magenbrot/docker-compose.yml

## docker-compose.yml
# Debian Bullseye uses cgroups v2, but there are various problems with systemd inside a docker container.
# I'll let docker run with cgroups v1 instead.
#
# Activate support for cgroups v1 in Debian Bullseye:
# echo "GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false" > /etc/default/grub.d/cgroup.cfg
# update-grub && reboot

version: '3.6'
services:
  freeipa:
    image: freeipa/freeipa-server:rocky-8
    hostname: ipa1
    domainname: ipa.mydomain.com
    container_name: ipa1
    dns:
      - 8.8.4.4
      - 1.1.1.1
    extra_hosts:
      - "ipa1.ipa.mydomain.com:10.20.30.40"
      - "ipa1:10.20.30.40"
    restart: unless-stopped
    tty: true
    stdin_open: true
    environment:
      - IPA_SERVER_HOSTNAME=ipa1.ipa.mydomain.com
      - IPA_SERVER_IP=10.20.30.14
      - PASSWORD=53ql3owHXqXyRuvLAoyG
    command:
      - --realm=IPA.MYDOMAIN.COM
      - --domain=ipa.mydomain.com
      - --ds-password=TyDhnGP4wrvTtH3Lvs11
      - --admin-password=53ql3owHXqXyRuvLAoyG
      - --no-dnssec-validation
      - --setup-dns
      - --setup-kra
      #- --mkhomedir # incompatible with the 'authselect' tool provided by this distribution for configuring system authentication resources
      - --auto-forwarders
      - --auto-reverse
      - --allow-zone-overlap
      - --ssh-trust-dns
      - --netbios-name=IPA
      - --unattended
    ports:
      - 53:53/udp
      - 53:53
      - 80:80
      - 88:88/udp
      - 88:88
      - 123:123/udp
      - 389:389
      - 443:443
      - 464:464/udp
      - 464:464
      - 636:636
      - 7389:7389
      - 9443:9443
      - 9444:9444
      - 9445:9445
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0
    volumes:
      - /opt/freeipa/data:/data
      - /opt/freeipa/logs:/var/logs
      - /sys/fs/cgroup:/sys/fs/cgroup:ro
    tmpfs:
      - /run
      - /var/cache
      - /tmp
networks:
  ipa:
    driver: bridge
    driver_opts:
      com.docker.network.driver.mtu: 1300
	# Debian Bullseye uses cgroups v2, but there are various problems with systemd inside a docker container.
	# I'll let docker run with cgroups v1 instead.
	#
	# Activate support for cgroups v1 in Debian Bullseye:
	# echo "GRUB_CMDLINE_LINUX=systemd.unified_cgroup_hierarchy=false" > /etc/default/grub.d/cgroup.cfg
	# update-grub && reboot

	version: '3.6'
	services:
	freeipa:
	image: freeipa/freeipa-server:rocky-8
	hostname: ipa1
	domainname: ipa.mydomain.com
	container_name: ipa1
	dns:
	- 8.8.4.4
	- 1.1.1.1
	extra_hosts:
	- "ipa1.ipa.mydomain.com:10.20.30.40"
	- "ipa1:10.20.30.40"
	restart: unless-stopped
	tty: true
	stdin_open: true
	environment:
	- IPA_SERVER_HOSTNAME=ipa1.ipa.mydomain.com
	- IPA_SERVER_IP=10.20.30.14
	- PASSWORD=53ql3owHXqXyRuvLAoyG
	command:
	- --realm=IPA.MYDOMAIN.COM
	- --domain=ipa.mydomain.com
	- --ds-password=TyDhnGP4wrvTtH3Lvs11
	- --admin-password=53ql3owHXqXyRuvLAoyG
	- --no-dnssec-validation
	- --setup-dns
	- --setup-kra
	#- --mkhomedir # incompatible with the 'authselect' tool provided by this distribution for configuring system authentication resources
	- --auto-forwarders
	- --auto-reverse
	- --allow-zone-overlap
	- --ssh-trust-dns
	- --netbios-name=IPA
	- --unattended
	ports:
	- 53:53/udp
	- 53:53
	- 80:80
	- 88:88/udp
	- 88:88
	- 123:123/udp
	- 389:389
	- 443:443
	- 464:464/udp
	- 464:464
	- 636:636
	- 7389:7389
	- 9443:9443
	- 9444:9444
	- 9445:9445
	sysctls:
	- net.ipv6.conf.all.disable_ipv6=0
	volumes:
	- /opt/freeipa/data:/data
	- /opt/freeipa/logs:/var/logs
	- /sys/fs/cgroup:/sys/fs/cgroup:ro
	tmpfs:
	- /run
	- /var/cache
	- /tmp
	networks:
	ipa:
	driver: bridge
	driver_opts:
	com.docker.network.driver.mtu: 1300