use gitlab docker registry

.gitlab-ci.yml

@@ -0,0 +1,10 @@
+build:
+   image: docker:latest
+   services:
+   - docker:dind
+   stage: build
+   script:
+     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+     - docker build --pull --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

Dockerfile

@@ -1,21 +1,8 @@
-FROM quay.io/thallian/confd-env:latest
+FROM registry.gitlab.com/thallian/docker-confd-env:master
 
-RUN apk add --no-cache dovecot dovecot-ldap libressl ssmtp g++ openldap-dev dovecot-dev make tar
-
-ADD i_zero.patch /usr/include/dovecot/i_zero.patch
-WORKDIR /usr/include/dovecot
-RUN patch -p1 < i_zero.patch
-RUN rm /usr/include/dovecot/i_zero.patch
-
-RUN mkdir /tmp/pigeonhole
-RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.18.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1
-WORKDIR /tmp/pigeonhole
-RUN ./configure --with-ldap=yes --with-dovecot=/usr/lib/dovecot
-RUN make && make install
-RUN rm -r /tmp/pigeonhole
-WORKDIR /
-
-RUN apk del g++ openldap-dev dovecot-dev make tar
+RUN apk add --no-cache dovecot dovecot-ldap libressl ssmtp
+RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+    dovecot-pigeonhole-plugin-ldap
 
 RUN addgroup -g 1111 vmail
 RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail

README.md

@@ -50,7 +50,7 @@ Base DN to look for users on the ldap host.
 Search scope of ldap queries.
 
 ## LDAP_PASS_FILTER
-Specifies the filter on how user is found on the ldap host.  
+Specifies the filter on how user is found on the ldap host.
 [Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.
 
 ## LDAP_USER_ATTRIBUTE
@@ -88,15 +88,8 @@ List of characters allowed in a username.
 
 Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
 
-## CERT_NAME
-- default: fullchain.pem
-
-Name of the certificate file.
-
-## KEY_NAME
-- default: privkey.pem
-
-Name of the key file.
+## CERT_DOMAIN
+Name of the certificate domain.
 
 ## SSL_DH_LENGTH
 - default: 2048

i_zero.patch

@@ -1,12 +0,0 @@
-diff --git a/macros.h b/macros.h
-index 566c176..ebbf480 100644
---- a/macros.h
-+++ b/macros.h
-@@ -240,4 +240,7 @@
- #  define STATIC_ARRAY
- #endif
-
-+#define i_zero(p) memset(p, 0, sizeof(*(p)))
-+#define i_zero_safe(p) safe_memset(p, 0, sizeof(*(p)))
-+
- #endif

rootfs/bin/restart-services

@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+s6-svc -t /var/run/s6/services/dovecot

rootfs/etc/confd/templates/10-auth.conf.tmpl

@@ -1,3 +1,4 @@
 auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
+auth_username_format = %Lu
 auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
 !include auth-ldap.conf.ext

rootfs/etc/confd/templates/10-ssl.conf.tmpl

@@ -1,6 +1,6 @@
 ssl = yes
-ssl_cert = </etc/ssl/mail/{{ getenv "CERT_NAME" "fullchain.pem"}}
-ssl_key = </etc/ssl/mail/{{ getenv "KEY_NAME" "privkey.pem"}}
+ssl_cert = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.crt
+ssl_key = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.key
 ssl_dh_parameters_length = {{getenv "SSL_DH_LENGTH" "2048"}}
 ssl_protocols = {{getenv "SSL_PROTOCOLS" "!SSLv2 !SSLv3"}}
 ssl_cipher_list = {{getenv "SSL_CIPHERLIST" "ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM"}}

rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl

@@ -7,4 +7,4 @@ base = {{getenv "LDAP_BASE_DN"}}
 scope = {{getenv "LDAP_SCOPE" "subtree"}}
 pass_attrs = {{getenv "LDAP_USER_ATTRIBUTE" "cn"}}=user,{{getenv "LDAP_PASSWORD_ATTRIBUTE" "userPassword"}}=password
 pass_filter = {{getenv "LDAP_PASS_FILTER"}}
-default_pass_scheme = {{getenv "LDAP_DEFAULT_PASSSCHEME" "SSHA"}}
+default_pass_scheme = {{getenv "LDAP_DEFAULT_PASSSCHEME" "PBKDF2"}}

rootfs/var/spool/incron/root

@@ -0,0 +1 @@
+/etc/ssl/mail IN_ATTRIB /bin/restart-services