From a57bcd1b3502948118687eec9d42e331b450a432 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <sebastian@vanwa.ch>
Date: Fri, 22 Sep 2017 13:14:50 +0200
Subject: [PATCH] use gitlab docker registry

---
 .gitlab-ci.yml                                | 10 +++++++++
 Dockerfile                                    | 21 ++++---------------
 README.md                                     | 13 +++---------
 i_zero.patch                                  | 12 -----------
 rootfs/bin/restart-services                   |  3 +++
 rootfs/etc/confd/templates/10-auth.conf.tmpl  |  1 +
 rootfs/etc/confd/templates/10-ssl.conf.tmpl   |  4 ++--
 .../templates/dovecot-ldap.conf.ext.tmpl      |  2 +-
 rootfs/var/spool/incron/root                  |  1 +
 9 files changed, 25 insertions(+), 42 deletions(-)
 create mode 100644 .gitlab-ci.yml
 delete mode 100644 i_zero.patch
 create mode 100755 rootfs/bin/restart-services
 create mode 100644 rootfs/var/spool/incron/root

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..dfde774
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,10 @@
+build:
+   image: docker:latest
+   services:
+   - docker:dind
+   stage: build
+   script:
+     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+     - docker build --pull --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
diff --git a/Dockerfile b/Dockerfile
index d8bab6c..755b5f1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,21 +1,8 @@
-FROM quay.io/thallian/confd-env:latest
+FROM registry.gitlab.com/thallian/docker-confd-env:master
 
-RUN apk add --no-cache dovecot dovecot-ldap libressl ssmtp g++ openldap-dev dovecot-dev make tar
-
-ADD i_zero.patch /usr/include/dovecot/i_zero.patch
-WORKDIR /usr/include/dovecot
-RUN patch -p1 < i_zero.patch
-RUN rm /usr/include/dovecot/i_zero.patch
-
-RUN mkdir /tmp/pigeonhole
-RUN wget -qO- https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.18.tar.gz | tar -xz -C /tmp/pigeonhole --strip 1
-WORKDIR /tmp/pigeonhole
-RUN ./configure --with-ldap=yes --with-dovecot=/usr/lib/dovecot
-RUN make && make install
-RUN rm -r /tmp/pigeonhole
-WORKDIR /
-
-RUN apk del g++ openldap-dev dovecot-dev make tar
+RUN apk add --no-cache dovecot dovecot-ldap libressl ssmtp
+RUN apk add --no-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/main \
+    dovecot-pigeonhole-plugin-ldap
 
 RUN addgroup -g 1111 vmail
 RUN adduser -u 1111 -h /var/lib/vmail -D -G vmail vmail
diff --git a/README.md b/README.md
index 111fc3f..d99c1d5 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ Base DN to look for users on the ldap host.
 Search scope of ldap queries.
 
 ## LDAP_PASS_FILTER
-Specifies the filter on how user is found on the ldap host.  
+Specifies the filter on how user is found on the ldap host.
 [Dovecot variables](http://wiki2.dovecot.org/Variables) can be used.
 
 ## LDAP_USER_ATTRIBUTE
@@ -88,15 +88,8 @@ List of characters allowed in a username.
 
 Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms).
 
-## CERT_NAME
-- default: fullchain.pem
-
-Name of the certificate file.
-
-## KEY_NAME
-- default: privkey.pem
-
-Name of the key file.
+## CERT_DOMAIN
+Name of the certificate domain.
 
 ## SSL_DH_LENGTH
 - default: 2048
diff --git a/i_zero.patch b/i_zero.patch
deleted file mode 100644
index ecef32e..0000000
--- a/i_zero.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff --git a/macros.h b/macros.h
-index 566c176..ebbf480 100644
---- a/macros.h
-+++ b/macros.h
-@@ -240,4 +240,7 @@
- #  define STATIC_ARRAY
- #endif
-
-+#define i_zero(p) memset(p, 0, sizeof(*(p)))
-+#define i_zero_safe(p) safe_memset(p, 0, sizeof(*(p)))
-+
- #endif
diff --git a/rootfs/bin/restart-services b/rootfs/bin/restart-services
new file mode 100755
index 0000000..bb0b976
--- /dev/null
+++ b/rootfs/bin/restart-services
@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+s6-svc -t /var/run/s6/services/dovecot
diff --git a/rootfs/etc/confd/templates/10-auth.conf.tmpl b/rootfs/etc/confd/templates/10-auth.conf.tmpl
index 5b59c14..e40f07c 100644
--- a/rootfs/etc/confd/templates/10-auth.conf.tmpl
+++ b/rootfs/etc/confd/templates/10-auth.conf.tmpl
@@ -1,3 +1,4 @@
 auth_username_chars = {{getenv "ALLOWED_USERNAME_CHARS" "äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@"}}
+auth_username_format = %Lu
 auth_mechanisms = {{getenv "AUTH_MECHANISMS" "plain login"}}
 !include auth-ldap.conf.ext
diff --git a/rootfs/etc/confd/templates/10-ssl.conf.tmpl b/rootfs/etc/confd/templates/10-ssl.conf.tmpl
index bb9f0a4..3d11a67 100644
--- a/rootfs/etc/confd/templates/10-ssl.conf.tmpl
+++ b/rootfs/etc/confd/templates/10-ssl.conf.tmpl
@@ -1,6 +1,6 @@
 ssl = yes
-ssl_cert = </etc/ssl/mail/{{ getenv "CERT_NAME" "fullchain.pem"}}
-ssl_key = </etc/ssl/mail/{{ getenv "KEY_NAME" "privkey.pem"}}
+ssl_cert = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.crt
+ssl_key = </etc/ssl/mail/{{ getenv "CERT_DOMAIN"}}.key
 ssl_dh_parameters_length = {{getenv "SSL_DH_LENGTH" "2048"}}
 ssl_protocols = {{getenv "SSL_PROTOCOLS" "!SSLv2 !SSLv3"}}
 ssl_cipher_list = {{getenv "SSL_CIPHERLIST" "ALL:!ADH:!LOW:!SSLv2:!EXP:!aNULL:!RC4:+HIGH:+MEDIUM"}}
diff --git a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl
index 29f4c11..79d6923 100644
--- a/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl
+++ b/rootfs/etc/confd/templates/dovecot-ldap.conf.ext.tmpl
@@ -7,4 +7,4 @@ base = {{getenv "LDAP_BASE_DN"}}
 scope = {{getenv "LDAP_SCOPE" "subtree"}}
 pass_attrs = {{getenv "LDAP_USER_ATTRIBUTE" "cn"}}=user,{{getenv "LDAP_PASSWORD_ATTRIBUTE" "userPassword"}}=password
 pass_filter = {{getenv "LDAP_PASS_FILTER"}}
-default_pass_scheme = {{getenv "LDAP_DEFAULT_PASSSCHEME" "SSHA"}}
+default_pass_scheme = {{getenv "LDAP_DEFAULT_PASSSCHEME" "PBKDF2"}}
diff --git a/rootfs/var/spool/incron/root b/rootfs/var/spool/incron/root
new file mode 100644
index 0000000..c928fff
--- /dev/null
+++ b/rootfs/var/spool/incron/root
@@ -0,0 +1 @@
+/etc/ssl/mail IN_ATTRIB /bin/restart-services