diff --git a/.drone.jsonnet b/.drone.jsonnet index 95c8e79..8ca87f6 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -35,6 +35,11 @@ local PipelineBuild(arch='amd64') = { username: { from_secret: 'docker_username' }, password: { from_secret: 'docker_password' }, }, + when: { + ref: [ + 'refs/pull/**', + ], + }, }, { name: 'publish', @@ -105,13 +110,6 @@ local PipelineNotifications(depends_on=[]) = { SHORT_DESCRIPTION: 'Rootless Bitwarden_RS - Self-hosted password manager', }, }, - { - name: 'microbadger', - image: 'plugins/webhook', - settings: { - urls: { from_secret: 'microbadger_url' }, - }, - }, { image: 'plugins/matrix', name: 'matrix', diff --git a/.drone.yml b/.drone.yml index 0c0a413..b80a4a4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -32,6 +32,9 @@ steps: repo: xoxys/bitwardenrs_ldap username: from_secret: docker_username + when: + ref: + - refs/pull/** - name: publish image: plugins/docker:linux-amd64 @@ -101,12 +104,6 @@ steps: README_PATH: README.md SHORT_DESCRIPTION: Rootless Bitwarden_RS - Self-hosted password manager -- name: microbadger - image: plugins/webhook - settings: - urls: - from_secret: microbadger_url - - name: matrix image: plugins/matrix settings: @@ -135,6 +132,6 @@ depends_on: --- kind: signature -hmac: 824a75171bdbd04a8fd94e0d3e5af270025f9be0b42e225db1c34cdbfe386ae8 +hmac: 684b489b7bf3d6fd216a1850b6d0081895e01466e5025402033d432f9d56babf ... diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 index 75b9125..6d1f6c0 100644 --- a/Dockerfile.amd64 +++ b/Dockerfile.amd64 @@ -11,7 +11,11 @@ RUN addgroup -g 101 -S app && \ apk --update add --virtual .build-deps tar curl && \ apk --update add ca-certificates && \ curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \ + curl -SsL -o /usr/local/bin/url-parser https://github.com/xoxys/url-parser/releases/download/v0.1.0/url-parser-0.1.0-linux-amd64 && \ + curl -SsL -o /usr/local/bin/wait-for https://raw.githubusercontent.com/xoxys/wait-for/master/wait-for && \ chmod 755 /usr/local/bin/gomplate && \ + chmod 755 /usr/local/bin/url-parser && \ + chmod 755 /usr/local/bin/wait-for && \ apk del .build-deps && \ rm -rf /var/cache/apk/* && \ rm -rf /tmp/* && \ diff --git a/LICENSE b/LICENSE index c6674cc..25618e2 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2019 Robert Kaussow +Copyright (c) 2020 Robert Kaussow Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index e225062..c2b75f9 100644 --- a/README.md +++ b/README.md @@ -1 +1,47 @@ -# bitwarden_rs_ldap +# [bitwarden_rs_ldap](https://gitea.rknet.org/docker/bitwarden_rs_ldap) + +[![Build Status](https://img.shields.io/drone/build/docker/bitwarden_rs_ldap?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/bitwarden_rs_ldap) +[![Docker Hub](https://img.shields.io/badge/docker-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/xoxys/bitwardenrs_ldap) +[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/bitwarden_rs_ldap/src/branch/master/LICENSE) + +This is a custom Docker image for [bitwarden_rs_ldap](https://github.com/ViViDboarder/bitwarden_rs_ldap) a simple LDAP connector for bitwarden_rs. + +## Usage + +### Docker Compose + +```Yaml +--- +version: '3' + +services: + bitwardenrs_ldap: + container_name: bitwardenrs_ldap + image: xoxys/bitwardenrs_ldap:latest +``` + +## Configuration + +```Shell +BITWARDENRS_LDAP_BITWARDEN_URL= +BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN= +BITWARDENRS_LDAP_HOST= +BITWARDENRS_LDAP_SCHEME= +BITWARDENRS_LDAP_SSL=True +BITWARDENRS_LDAP_PORT= +BITWARDENRS_LDAP_BIND_DN= +BITWARDENRS_LDAP_BIND_PASSWORD= +BITWARDENRS_LDAP_SEARCH_BASE_DN= +BITWARDENRS_LDAP_SEARCH_FILTER="(&(objectClass=*)(uid=*))" +BITWARDENRS_LDAP_MAIL_FIELD=mail +BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS=60 +BITWARDENRS_LDAP_SYNC_LOOP=True +``` + +### License + +This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/bitwarden_rs_ldap/src/branch/master/LICENSE) file for details. + +### Maintainers and Contributors + +[Robert Kaussow](https://gitea.rknet.org/xoxys) diff --git a/config.example b/config.example deleted file mode 100644 index 4d31494..0000000 --- a/config.example +++ /dev/null @@ -1,12 +0,0 @@ -## Bitwarden_RS LDAP Configuration File -bitwarden_url = "" -bitwarden_admin_token = "" -ldap_host = "" -ldap_ssl = true -ldap_bind_dn = "" -ldap_bind_password = "" -ldap_search_base_dn = "" -ldap_search_filter = "(&(objectClass=*)(uid=*))" -ldap_mail_field = "mail" -ldap_sync_interval_seconds = 60 -ldap_sync_loop = true diff --git a/docker-compose.yml b/docker-compose.yml index 4d8826b..5c0abb1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,37 @@ --- -version: '2.1' +version: '3' services: + postgres: + container_name: bitwardenrs_postgres + image: postgres + environment: + POSTGRES_DB: bitwarden + POSTGRES_PASSWORD: pass + POSTGRES_USER: user + + bitwardenrs: + container_name: bitwardenrs + image: xoxys/bitwardenrs:latest + depends_on: + - postgres + ports: + - "80:8080" + volumes: + - data:/app/data + environment: + BITWARDENRS_DATABASE_URL: postgresql://user:pass@bitwardenrs_postgres:5432/bitwarden + BITWARDENRS_ADMIN_TOKEN: my_secure_token + bitwardenrs_ldap: container_name: bitwardenrs_ldap image: xoxys/bitwardenrs_ldap:latest + depends_on: + - bitwardenrs + environment: + BITWARDENRS_LDAP_BITWARDEN_URL: http://bitwardenrs:8080 + BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN: my_secure_token + +volumes: + data: + driver: local diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh index 7a44d52..ac54343 100755 --- a/overlay/usr/local/bin/entrypoint.sh +++ b/overlay/usr/local/bin/entrypoint.sh @@ -1,5 +1,43 @@ #!/usr/bin/env sh +set -eo pipefail + /usr/local/bin/gomplate -V -o /app/config.toml -f /etc/templates/config.toml.tmpl +if [ -z "$BITWARDENRS_LDAP_BITWARDEN_URL" ] || [ -z "$BITWARDENRS_LDAP_HOST" ] +then + printf "Error: Bitwarden and/or LDAP server not configured. Exiting ..." + exit 1 +fi + +if [ -n "$BITWARDENRS_LDAP_BITWARDEN_URL" ] +then + WAITFOR_DB_SCHEME=$(/usr/local/bin/url-parser scheme --url "$BITWARDENRS_LDAP_BITWARDEN_URL") + WAITFOR_DB_HOST=$(/usr/local/bin/url-parser host --url "$BITWARDENRS_LDAP_BITWARDEN_URL") + WAITFOR_DB_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_LDAP_BITWARDEN_URL") + + if [ -n "$WAITFOR_PORT" ] + then + [ "$WAITFOR_DB_SCHEME" = "http" ] && WAITFOR_DB_PORT=80 || WAITFOR_DB_PORT=443 + fi + + printf "Wait for bitwarden server on '%s:%s'...\n" "${WAITFOR_DB_HOST}" "${WAITFOR_DB_PORT}" + /usr/local/bin/wait-for "${WAITFOR_DB_HOST}":"${WAITFOR_DB_PORT}" +fi + +if [ -n "$BITWARDENRS_LDAP_HOST" ] +then + WAITFOR_LDAP_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_LDAP_BITWARDEN_URL") + + if [ "$(/usr/local/bin/gomplate -i '{{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }}')" = true ] + then + WAITFOR_LDAP_PORT=636 + else + WAITFOR_LDAP_PORT=389 + fi + + printf "Wait for ldap server on '%s:%s'...\n" "${BITWARDENRS_LDAP_HOST}" "${WAITFOR_LDAP_PORT}" + /usr/local/bin/wait-for "${BITWARDENRS_LDAP_HOST}":"${WAITFOR_LDAP_PORT}" +fi + exec env CONFIG_PATH=/app/config.toml /app/bitwarden_rs_ldap