diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml new file mode 100644 index 0000000..e48b3fd --- /dev/null +++ b/.gitea/workflows/container.yaml @@ -0,0 +1,12 @@ +name: Build Multiarch Container Image +on: [push] +jobs: + call-reusable-workflow: + uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main + with: + repository: ${{ gitea.repository }} + ref_name: ${{ gitea.ref_name }} + sha: ${{ gitea.sha }} + registry_url: ${{ secrets.REGISTRY_URL }} + registry_user: ${{ secrets.REGISTRY_USER }} + registry_pw: ${{ secrets.REGISTRY_PW }} diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index c294e35..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,11 +0,0 @@ -pipeline: - publish-docker-image: - image: plugins/kaniko - settings: - repo: docker.io/thallian/dovecot - tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre} - dockerfile: Dockerfile - username: - from_secret: DOCKER_USER - password: - from_secret: DOCKER_PW \ No newline at end of file diff --git a/Dockerfile b/Containerfile similarity index 53% rename from Dockerfile rename to Containerfile index 607024f..8debbfd 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,62 +1,62 @@ -FROM docker.io/alpine:3.16 as builder +FROM docker.io/alpine:3.19 as builder RUN apk --no-cache add \ - rpcgen \ - g++ \ - make \ - openssl \ - openssl-dev \ - lua-dev \ - libsodium-dev \ - linux-pam-dev \ - zlib-dev \ - bzip2-dev \ - xz-dev \ - lz4-dev \ - icu-dev \ - inotify-tools-dev + rpcgen \ + g++ \ + make \ + openssl \ + openssl-dev \ + lua5.1-dev \ + libsodium-dev \ + linux-pam-dev \ + zlib-dev \ + bzip2-dev \ + xz-dev \ + lz4-dev \ + icu-dev \ + inotify-tools-dev -ENV SHA256_SUM_DOVECOT=db5abcd87d7309659ea6b45b2cb6ee9c5f97486b2b719a5dd05a759e1f6a5c51 -ENV DOVECOT_FILENAME=dovecot-2.3.19.1.tar.gz +ENV SHA256_SUM_DOVECOT=05b11093a71c237c2ef309ad587510721cc93bbee6828251549fc1586c36502d +ENV DOVECOT_FILENAME=dovecot-2.3.21.tar.gz RUN wget https://www.dovecot.org/releases/2.3/$DOVECOT_FILENAME RUN echo "$SHA256_SUM_DOVECOT $DOVECOT_FILENAME" | sha256sum -c - || exit 1 RUN mkdir /tmp/dovecot RUN tar xzf $DOVECOT_FILENAME -C /tmp/dovecot --strip 1 -ENV SHA256_SUM_PIGEONHOLE=637709a83fb1338c918e5398049f96b7aeb5ae00696794ed1e5a4d4c0ca3f688 -ENV PIGEONHOLE_FILENAME=dovecot-2.3-pigeonhole-0.5.19.tar.gz +ENV SHA256_SUM_PIGEONHOLE=1ca71d2659076712058a72030288f150b2b076b0306453471c5261498d3ded27 +ENV PIGEONHOLE_FILENAME=dovecot-2.3-pigeonhole-0.5.21.tar.gz RUN wget https://pigeonhole.dovecot.org/releases/2.3/$PIGEONHOLE_FILENAME RUN echo "$SHA256_SUM_PIGEONHOLE $PIGEONHOLE_FILENAME" | sha256sum -c - || exit 1 RUN mkdir /tmp/pigeonhole RUN tar xzf $PIGEONHOLE_FILENAME -C /tmp/pigeonhole --strip 1 RUN cd /tmp/dovecot && \ - ./configure --prefix '' \ - --with-notify=inotify \ - --with-lua \ - --with-zlib \ - --with-bzlib \ - --with-pam \ - --with-ssl=openssl \ - --with-sodium \ - --without-sql \ - --with-lzma \ - --with-lz4 \ - --with-icu \ - --without-shadow \ - --with-ssldir=/etc/ssl/mail \ - --with-rundir=/run/dovecot \ - --disable-static && \ - make && \ - make install + ./configure --prefix '' \ + --with-notify=inotify \ + --with-lua \ + --with-zlib \ + --with-bzlib \ + --with-pam \ + --with-ssl=openssl \ + --with-sodium \ + --without-sql \ + --with-lzma \ + --with-lz4 \ + --with-icu \ + --without-shadow \ + --with-ssldir=/etc/ssl/mail \ + --with-rundir=/run/dovecot \ + --disable-static && \ + make && \ + make install RUN cd /tmp/pigeonhole && \ - ./configure --prefix '' \ - --with-dovecot=/lib/dovecot \ - --disable-static && \ - make && make install + ./configure --prefix '' \ + --with-dovecot=/lib/dovecot \ + --disable-static && \ + make && make install -FROM docker.io/thallian/confd-env:3.16 +FROM docker.io/thallian/confd-env:3.19-3.1.6.2 COPY --from=builder /lib/dovecot/ /lib/dovecot/ COPY --from=builder /libexec/dovecot/ /libexec/dovecot/ @@ -67,20 +67,21 @@ COPY --from=builder /sbin/dovecot /sbin/dovecot COPY --from=builder /bin/sieve* /bin/ RUN apk --no-cache add \ - libsodium \ - libbz2 \ - zlib \ - xz-libs \ - lz4-libs \ - lz4 \ - linux-pam \ - openssl \ - ssmtp \ - ca-certificates \ - lua \ - lua-rapidjson \ - curl \ - inotify-tools + libsodium \ + libbz2 \ + zlib \ + xz-libs \ + lz4-libs \ + lz4 \ + linux-pam \ + openssl \ + ssmtp \ + ca-certificates \ + lua5.1-libs \ + lua5.1-rapidjson \ + curl \ + inotify-tools \ + libssl3 RUN addgroup -g 150 dovecot RUN adduser -u 140 -h /dev/null -H -s /sbin/nologin -D -G dovecot dovecot diff --git a/rootfs/etc/confd/templates/10-master.conf.tmpl b/rootfs/etc/confd/templates/10-master.conf.tmpl index 399dfed..928ebf7 100644 --- a/rootfs/etc/confd/templates/10-master.conf.tmpl +++ b/rootfs/etc/confd/templates/10-master.conf.tmpl @@ -21,3 +21,16 @@ service auth { service auth-worker { } + +service anvil { + chroot = +} +service imap-login { + chroot = +} +service pop3-login { + chroot = +} +service ipc { + chroot = +} diff --git a/rootfs/etc/confd/templates/dovecot.conf.tmpl b/rootfs/etc/confd/templates/dovecot.conf.tmpl index f4ebb87..31ec7f9 100644 --- a/rootfs/etc/confd/templates/dovecot.conf.tmpl +++ b/rootfs/etc/confd/templates/dovecot.conf.tmpl @@ -1,4 +1,4 @@ protocols = imap lmtp sieve -listen = * +listen = *, :: !include conf.d/*.conf !include_try local.conf diff --git a/rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl b/rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl index 0587b78..cc97b81 100644 --- a/rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl +++ b/rootfs/etc/confd/templates/oauth2-userdb.lua.tmpl @@ -36,7 +36,7 @@ function auth_userdb_lookup(req) end if userJson[1].username == req.username then - return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/%n" + return dovecot.auth.USERDB_RESULT_OK, "uid=vmail gid=vmail home=/var/lib/vmail/mail/" .. req.username end return dovecot.auth.USERDB_RESULT_USER_UNKNOWN, "no such user"