diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..dfde774 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,10 @@ +build: + image: docker:latest + services: + - docker:dind + stage: build + script: + - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY + - docker build --pull --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA . + - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA diff --git a/Dockerfile b/Dockerfile index f07b2ee..33de4ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ -FROM quay.io/thallian/confd-env:latest +FROM registry.gitlab.com/thallian/docker-confd-env:master -RUN apk add --no-cache postfix postfix-ldap syslog-ng spamassassin-client libstdc++ g++ make tar libmilter-dev +RUN apk add --no-cache postfix postfix-ldap spamassassin-client libstdc++ g++ make tar libmilter-dev RUN mkdir /tmp/spamass-milter RUN wget -qO- http://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.4.0.tar.gz | tar -xz -C /tmp/spamass-milter --strip 1 diff --git a/README.md b/README.md index dd250b0..47841c4 100644 --- a/README.md +++ b/README.md @@ -73,13 +73,8 @@ Ldap attribute that is fetched in the mailbox query. Whether to use tls when connecting to the ldap host. -## CERT_NAME -- default: fullchain.pem - -Name of the certificate file. - -## KEY_NAME -- default: privkey.pem +## CERT_DOMAIN +Name of the certificate domain. Name of the key file. @@ -97,9 +92,9 @@ Mailbox size limit in bytes. `0` disables the limit. - default: may One of: -- none: TLS will not be used. -- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. -- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. +- none: TLS will not be used. +- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. +- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server. ## TLS_PROTOCOLS diff --git a/rootfs/bin/restart-services b/rootfs/bin/restart-services new file mode 100644 index 0000000..9235c1c --- /dev/null +++ b/rootfs/bin/restart-services @@ -0,0 +1,4 @@ +#!/usr/bin/with-contenv sh + +s6-svc -t /var/run/s6/services/postfix +s6-svc -t /var/run/s6/services/spamass-milter diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 58c648f..9c0cb32 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -20,8 +20,8 @@ virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}} -smtpd_tls_key_file=/etc/ssl/mail/{{getenv "KEY_NAME" "privkey.pem"}} -smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_NAME" "fullchain.pem"}} +smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt +smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}} smtpd_tls_auth_only = yes @@ -61,5 +61,5 @@ message_size_limit = {{getenv "MESSAGE_SIZELIMIT" "20000000"}} tls_preempt_cipherlist = yes -smtputf8_enable = no +smtputf8_enable = yes biff = no diff --git a/rootfs/etc/services.d/syslog-ng/run b/rootfs/etc/services.d/syslog-ng/run deleted file mode 100644 index dd9f88a..0000000 --- a/rootfs/etc/services.d/syslog-ng/run +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/bin/with-contenv sh - -cd /var -exec syslog-ng --foreground diff --git a/rootfs/etc/syslog-ng/syslog-ng.conf b/rootfs/etc/syslog-ng/syslog-ng.conf deleted file mode 100644 index 578aeff..0000000 --- a/rootfs/etc/syslog-ng/syslog-ng.conf +++ /dev/null @@ -1,24 +0,0 @@ -@version: 3.7 - -options { - stats_freq (0); - time_reopen (10); - chain_hostnames (off); - use_dns (no); - use_fqdn (no); - keep_hostname (yes); -}; - -source s_local { - unix-dgram("/dev/log"); - internal(); -}; - -destination catchall { - pipe("/dev/stdout"); -}; - -log { - source(s_local); - destination(catchall); -}; diff --git a/rootfs/var/spool/incron/root b/rootfs/var/spool/incron/root new file mode 100644 index 0000000..c928fff --- /dev/null +++ b/rootfs/var/spool/incron/root @@ -0,0 +1 @@ +/etc/ssl/mail IN_ATTRIB /bin/restart-services