---
version: "2"
services:
  app:
    image: lscr.io/linuxserver/bookstack
    secrets:
       - db_password
    environment:
      PUID: 1000
      PGID: 1000
      APP_URL: https://bookstack.sectorq.eu
      DB_HOST: db
      DB_PORT: 3306
      DB_USER: bookstack
      DB_PASS: /run/secrets/db_password
      DB_DATABASE: bookstackapp
      # Set authentication method to be saml2
      AUTH_METHOD: saml2
      # Control if BookStack automatically initiates login via your SAML system if it's the only authentication method.
      # Prevents the need for the user to click the "Login with x" button on the login page.
      # Setting this to true enables auto-initiation.
      AUTH_AUTO_INITIATE: true
      # Set the display name to be shown on the login button.
      # (Login with <name>)
      SAML2_NAME: authentik
      # Name of the attribute which provides the user's email address
      SAML2_EMAIL_ATTRIBUTE: email
      # Name of the attribute to use as an ID for the SAML user.
      SAML2_EXTERNAL_ID_ATTRIBUTE: uid
      # Enable SAML group sync.
      SAML2_USER_TO_GROUPS: true
      # Set the attribute from which BookStack will read groups names from.
      # You will need to rename your roles in Bookstack to match your groups in authentik.
      SAML2_GROUP_ATTRIBUTE: http://schemas.xmlsoap.org/claims/Group
      # Name of the attribute(s) to use for the user's display name
      # Can have multiple attributes listed, separated with a '|' in which
      # case those values will be joined with a space.
      # Example: SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
      # Defaults to the ID value if not found.
      SAML2_DISPLAY_NAME_ATTRIBUTES: http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname
      # Identity Provider entityID URL
      SAML2_IDP_ENTITYID: https://auth.sectorq.eu/api/v3/providers/saml/10/metadata/?download
      # Auto-load metadata from the IDP
      # Setting this to true negates the need to specify the next three options
      SAML2_AUTOLOAD_METADATA: true
    volumes:
      - /share/docker_data/bookstrap/bookstack_app_data:/config
    ports:
      - 6875:80
    restart: always
    depends_on:
      - db
  db:
    image: lscr.io/linuxserver/mariadb
    secrets:
       - db_password
       - db_root_password
    environment:
      PUID: 0
      PGID: 0
      MYSQL_ROOT_PASSWORD: /run/secrets/db_root_password
      TZ: Europe/London
      MYSQL_DATABASE: bookstackapp
      MYSQL_USER: bookstack
      MYSQL_PASSWORD: /run/secrets/db_password
    
    volumes:
      - /share/docker_data/bookstrap/bookstack_db_data:/config
    restart: always

secrets:
  db_password:
    file: ".env/db_password"
  db_root_password:
    file: ".env/db_root_password"