commit 4f42666bf4d176fbadf6f31a3ad27ac574b82099
Author: Sebastian Hugentobler <sebastian@vanwa.ch>
Date:   Mon Aug 24 16:49:49 2020 +0200

    initial commit

diff --git a/.gitignore b/.gitignore
new file mode 100755
index 0000000..93bfd12
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*~
+.DS_Store
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..ce8c70d
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,12 @@
+stages:
+    - build
+
+variables:
+    IMAGE_NAME: thallian/molly-brown
+    CI_BUILD_ARCHS: "linux/amd64,linux/arm64"
+
+build:
+    stage: build
+    script:
+        - docker login -u $DOCKER_USER -p $DOCKER_PASSWORD $DOCKER_REGISTRY
+        - docker buildx build --platform "$CI_BUILD_ARCHS" --progress plain --pull --tag "$IMAGE_NAME:$CI_COMMIT_SHA" --tag "$IMAGE_NAME:$CI_COMMIT_REF_NAME" --tag "$IMAGE_NAME:latest" --push .
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6f0a481
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+FROM golang:1.15.0-alpine3.12 AS builder
+
+ENV GO111MODULE=on
+
+ENV VERSION=48f9a206c03c0470e1c132b9667c6daa3583dada
+RUN go get tildegit.org/solderpunk/molly-brown@$VERSION
+
+FROM thallian/confd-env:latest
+
+RUN addgroup -g 2222 molly-brown
+RUN adduser -h /home/molly-brown -S -D -u 2222 -G molly-brown molly-brown
+
+RUN mkdir -p /var/gemini
+RUN chown molly-brown:molly-brown /var/gemini
+
+RUN apk --no-cache add \
+    openssl \
+    coreutils
+
+COPY --from=builder /go/bin/molly-brown /bin/molly-brown
+
+ADD /rootfs /
+
+WORKDIR /
+
+VOLUME /etc/molly-brown/keys /var/gemini/
+
+EXPOSE 1965
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1d3b018
--- /dev/null
+++ b/README.md
@@ -0,0 +1,18 @@
+[Molly Brown](https://tildegit.org/solderpunk/molly-brown) server for the 
+[Gemini](https://gemini.circumlunar.space/) protocol.
+
+# Volumes
+- `/var/gemini/`: root directory for files
+- `/etc/molly-brown/keys`: key files
+
+# Environment Variables
+## HOST_NAME
+The hostname to respond to requests for.
+
+## DEFAULT_LANG
+- default: en
+
+`lang` parameter of the MIME type for all `text/gemini` content.
+
+# Ports
+- 1965
diff --git a/rootfs/etc/confd/conf.d/molly.conf.toml b/rootfs/etc/confd/conf.d/molly.conf.toml
new file mode 100644
index 0000000..19f9b8c
--- /dev/null
+++ b/rootfs/etc/confd/conf.d/molly.conf.toml
@@ -0,0 +1,3 @@
+[template]
+dest = "/etc/molly-brown/molly.conf"
+src = "molly.conf.tmpl"
diff --git a/rootfs/etc/confd/templates/molly.conf.tmpl b/rootfs/etc/confd/templates/molly.conf.tmpl
new file mode 100644
index 0000000..6132ab1
--- /dev/null
+++ b/rootfs/etc/confd/templates/molly.conf.tmpl
@@ -0,0 +1,20 @@
+## Basic settings
+#
+Port = 1965
+Hostname = "{{ getenv "HOST_NAME" }}"
+CertPath = "/etc/molly-brown/keys/{{ getenv "HOST_NAME" }}-cert.pem"
+KeyPath = "/etc/molly-brown/keys/{{ getenv "HOST_NAME" }}-key.pem"
+DocBase = "/var/gemini/"
+HomeDocBase = "users"
+GeminiExt = "gmi"
+DefaultLang = "{{ getenv "DEFAULT_LANG" "en" }}"
+AccessLog = "/home/molly-brown/access.log"
+ErrorLog = "/home/molly-brown/error.log"
+ReadMollyFiles = true
+
+#
+## MIME type overrides
+#
+[MimeOverrides]
+"atom.xml$" = "application/atom+xml"
+"rss.xml$" = "application/rss+xml"
diff --git a/rootfs/etc/cont-init.d/02-tls b/rootfs/etc/cont-init.d/02-tls
new file mode 100644
index 0000000..a9fb050
--- /dev/null
+++ b/rootfs/etc/cont-init.d/02-tls
@@ -0,0 +1,21 @@
+#!/usr/bin/with-contenv sh
+
+KEY="/etc/molly-brown/keys/$HOST_NAME-key.pem"
+CERT="/etc/molly-brown/keys/$HOST_NAME-cert.pem"
+
+if [ ! -f "$KEY" ] || [ ! -f "$CERT" ]; then
+    openssl req -x509 -newkey rsa:4096 -keyout "$KEY" -out "$CERT" -days 3650 -nodes -subj "/CN=$HOST_NAME"
+fi
+
+chown molly-brown:molly-brown "$KEY"
+chown molly-brown:molly-brown "$CERT"
+
+date_valid="$(openssl x509 -in "$CERT" -enddate -noout | sed "s/.*=\(.*\)/\1/")"
+seconds_valid="$(date --date "$date_valid" +"%s")"
+now="$(date "+%s")"
+days="$(echo "($seconds_valid - $now)/(60 * 60 * 24)" | bc)"
+
+if [ "$days" -lt 7 ]; then
+    echo "only $days to go, generating new certificate..."
+    openssl req -x509 -key "$KEY" -out "$CERT" -days 3650 -nodes -subj "/CN=$HOST_NAME"
+fi
diff --git a/rootfs/etc/fix-attrs.d/01-data b/rootfs/etc/fix-attrs.d/01-data
new file mode 100644
index 0000000..87c249f
--- /dev/null
+++ b/rootfs/etc/fix-attrs.d/01-data
@@ -0,0 +1 @@
+/var/gemini/ true molly-brown:molly-brown 0664 0775
diff --git a/rootfs/etc/services.d/molly-brown/run b/rootfs/etc/services.d/molly-brown/run
new file mode 100644
index 0000000..dd4a94e
--- /dev/null
+++ b/rootfs/etc/services.d/molly-brown/run
@@ -0,0 +1,3 @@
+#!/usr/bin/with-contenv sh
+
+exec s6-setuidgid molly-brown molly-brown -c /etc/molly-brown/molly.conf