use alpine packages, no longer need to compile ourselves

rootfs/etc/confd/conf.d/dovecot-sql.userdb.ext.toml

@@ -0,0 +1,3 @@
+[template]
+src = "dovecot-sql.userdb.conf.ext.tmpl"
+dest = "/etc/dovecot/dovecot-sql.userdb.conf.ext"

rootfs/etc/confd/conf.d/oauth2-userdb.lua.toml

@@ -1,3 +0,0 @@
-[template]
-src = "oauth2-userdb.lua.tmpl"
-dest = "/etc/dovecot/oauth2-userdb.lua"

rootfs/etc/confd/templates/10-mail.conf.tmpl

@@ -23,4 +23,4 @@ namespace inbox {
   }
 }
 
-mail_plugin_dir = /lib/dovecot
+mail_plugin_dir = /usr/lib/dovecot

rootfs/etc/confd/templates/auth-oauth2.conf.ext.tmpl

@@ -11,6 +11,7 @@ passdb {
 }
 
 userdb {
-  driver = lua
-  args = file=/etc/dovecot/oauth2-userdb.lua blocking=yes
+  driver = sql
+  args = /etc/dovecot/dovecot-sql.userdb.conf.ext
+  default_fields = uid=vmail gid=vmail home=/var/lib/vmail/mail/%u
 }

rootfs/etc/confd/templates/dovecot-oauth2.plain.conf.ext.tmpl

@@ -1,6 +1,4 @@
 grant_url = {{ getenv "GRANT_URL" }}
-client_id = {{ getenv "CLIENT_ID" }}
-client_secret = {{ getenv "CLIENT_SECRET" }}
 introspection_url = {{ getenv "INTROSPECTION_URL" }}
 introspection_mode = {{ getenv "INTROSPECTION_MODE" "post" }}
 username_attribute = username

rootfs/etc/confd/templates/dovecot-oauth2.token.conf.ext.tmpl

@@ -1,6 +1,4 @@
 grant_url = {{ getenv "GRANT_URL" }}
-client_id = {{ getenv "CLIENT_ID" }}
-client_secret = {{ getenv "CLIENT_SECRET" }}
 tokeninfo_url = {{ getenv "TOKENINFO_URL" }}
 introspection_url = {{ getenv "INTROSPECTION_URL" }}
 introspection_mode = {{ getenv "INTROSPECTION_MODE" "post" }}
@@ -8,4 +6,3 @@ username_attribute = username
 tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
 use_grant_password = no
 pass_attrs = pass=%{oauth2:access_token}
-

rootfs/etc/confd/templates/dovecot-sql.userdb.conf.ext.tmpl

@@ -0,0 +1,3 @@
+driver = pgsql
+connect = host={{ getenv "DB_HOST" }} dbname={{ getenv "DB_NAME" }} user={{ getenv "DB_USER" }} password={{ getenv "DB_PW" }}
+user_query = SELECT COUNT(email) as count FROM virtual_users WHERE email = '%n' HAVING COUNT(email) > 0;

rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl

@@ -1,44 +0,0 @@
-local rapidjson = require('rapidjson')
-
-local clientId = "{{ getenv "CLIENT_ID" }}"
-local clientSecret = "{{ getenv "CLIENT_SECRET" }}"
-local username = "{{ getenv "OAUTH_ADMIN_USER" }}"
-local password = "{{ getenv "OAUTH_ADMIN_PASSWORD" }}"
-local tokenUrl = "{{ getenv "GRANT_URL" }}"
-local userUrl = "{{ getenv "USER_URL" }}"
-
-function os.capture(cmd, raw)
-  local f = assert(io.popen(cmd, 'r'))
-  local s = assert(f:read('*a'))
-  f:close()
-
-  return s
-end
-
-function auth_userdb_lookup(req)
-	local tokenCmd = "curl -L --silent -X POST -d \"grant_type=password\"" 
-	tokenCmd = tokenCmd .. " -d \"client_id=" .. clientId .. "\""
-	tokenCmd = tokenCmd .. " -d \"client_secret=" .. clientSecret .. "\""
-	tokenCmd = tokenCmd .. " -d \"username=" .. username .. "\""
-	tokenCmd = tokenCmd .. " -d \"password=" .. password .. "\""
-	tokenCmd = tokenCmd .. " \"" .. tokenUrl .. "\""
-
-	local tokenRaw = os.capture(tokenCmd)
-	local tokenJson = rapidjson.decode(tokenRaw)
-	local accessToken = tokenJson.access_token
-
-	local userCmd = "curl -L --silent -H \"Authorization: Bearer " .. accessToken .. "\" \"" .. userUrl .. req.username .. "\""
-	local userRaw = os.capture(userCmd)
-	local userJson = rapidjson.decode(userRaw)
-
-	if #userJson == 0 then
-		return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
-	end
-
-	if userJson[1].username == req.username then
-		return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/" .. req.username
-	end
-
-	return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"
-end
-