add use gitlab docker registry

.gitlab-ci.yml

@@ -0,0 +1,10 @@
+build:
+   image: docker:latest
+   services:
+   - docker:dind
+   stage: build
+   script:
+     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
+     - docker build --pull --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA .
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
+     - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

Dockerfile

@@ -1,6 +1,6 @@
-FROM quay.io/thallian/confd-env:latest
+FROM registry.gitlab.com/thallian/docker-confd-env:master
 
-RUN apk add --no-cache postfix postfix-ldap syslog-ng spamassassin-client libstdc++ g++ make tar libmilter-dev
+RUN apk add --no-cache postfix postfix-ldap spamassassin-client libstdc++ g++ make tar libmilter-dev
 
 RUN mkdir /tmp/spamass-milter
 RUN wget -qO- http://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.4.0.tar.gz | tar -xz -C /tmp/spamass-milter --strip 1

README.md

@@ -73,13 +73,8 @@ Ldap attribute that is fetched in the mailbox query.
 
 Whether to use tls when connecting to the ldap host.
 
-## CERT_NAME
+## CERT_DOMAIN
-- default: fullchain.pem
+Name of the certificate domain.
-
-Name of the certificate file.
-
-## KEY_NAME
-- default: privkey.pem
 
 Name of the key file.
 
@@ -97,9 +92,9 @@ Mailbox size limit in bytes. `0` disables the limit.
 - default: may
 
 One of:
-- none: TLS will not be used. 
+- none: TLS will not be used.
-- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. 
+- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
-- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. 
+- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
   According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
 
 ## TLS_PROTOCOLS

rootfs/bin/restart-services

@@ -0,0 +1,4 @@
+#!/usr/bin/with-contenv sh
+
+s6-svc -t /var/run/s6/services/postfix
+s6-svc -t /var/run/s6/services/spamass-milter

rootfs/etc/confd/templates/main.cf.tmpl

@@ -20,8 +20,8 @@ virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf
 virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf
 virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}
 
-smtpd_tls_key_file=/etc/ssl/mail/{{getenv "KEY_NAME" "privkey.pem"}}
+smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt
-smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_NAME" "fullchain.pem"}}
+smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key
 
 smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
 smtpd_tls_auth_only = yes
@@ -61,5 +61,5 @@ message_size_limit = {{getenv "MESSAGE_SIZELIMIT" "20000000"}}
 
 tls_preempt_cipherlist = yes
 
-smtputf8_enable = no
+smtputf8_enable = yes
 biff = no

rootfs/etc/services.d/syslog-ng/run

@@ -1,4 +0,0 @@
-#!/usr/bin/with-contenv sh
-
-cd /var
-exec syslog-ng --foreground

rootfs/etc/syslog-ng/syslog-ng.conf

@@ -1,24 +0,0 @@
-@version: 3.7
-
-options {
-    stats_freq (0);
-    time_reopen (10);
-    chain_hostnames (off);
-    use_dns (no);
-    use_fqdn (no);
-    keep_hostname (yes);
-};
-
-source s_local {
-    unix-dgram("/dev/log");
-    internal();
-};
-
-destination catchall {
-	pipe("/dev/stdout");
-};
-
-log {
-    source(s_local);
-    destination(catchall);
-};

rootfs/var/spool/incron/root

@@ -0,0 +1 @@
+/etc/ssl/mail IN_ATTRIB /bin/restart-services