commit f2f60dec9ae29dd2b9738c26017bc09cb566ea74 Author: Robert Kaussow Date: Sun Jan 19 00:19:48 2020 +0100 inital commit diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..e590cc3 --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,141 @@ +local PipelineBuild(arch='amd64') = { + local tag = 'linux-' + arch, + kind: 'pipeline', + name: 'build-container-' + arch, + platform: { + os: 'linux', + arch: arch, + }, + steps: [ + { + name: 'binary', + image: 'clux/muslrust:nightly-2019-12-19', + environment: { + 'DB': 'postgresql', + 'DEBIAN_FRONTEND': 'noninteractive', + 'LANG': 'C.UTF-8', + 'TZ': 'UTC', + }, + commands: [ + '[ -z "${DRONE_TAG}" ] && LDAP_VERSION=master || LDAP_VERSION=${DRONE_TAG%-*}', + 'mkdir -p source/', + 'rustup set profile minimal', + 'curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/v$LDAP_VERSION.tar.gz | tar xz -C source/ --strip-components=1', + 'cd source/ && cargo build -j 8 --release', + ], + }, + { + name: 'dryrun', + image: 'plugins/docker:' + tag, + settings: { + dry_run: true, + dockerfile: './Dockerfile.' + arch, + repo: 'xoxys/bitwardenrs_ldap', + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + }, + }, + { + name: 'publish', + image: 'plugins/docker:' + tag, + settings: { + auto_tag: true, + auto_tag_suffix: arch, + dockerfile: './Dockerfile.' + arch, + repo: 'xoxys/bitwardenrs_ldap', + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: 'publish-gitea', + image: 'plugins/gitea-release', + settings: { + api_key: { from_secret: 'gitea_token' }, + base_url: 'https://gitea.rknet.org', + overwrite: true, + title: '${DRONE_TAG}', + note: 'CHANGELOG.md', + }, + when: { + ref: ['refs/tags/**'], + }, + }, + ], +}; + +local PipelineNotifications(depends_on=[]) = { + kind: 'pipeline', + name: 'notifications', + platform: { + os: 'linux', + arch: 'amd64', + }, + steps: [ + { + image: 'plugins/manifest', + name: 'manifest', + settings: { + ignore_missing: true, + tags: ['${DRONE_TAG}', '${DRONE_TAG%-*}', '${DRONE_TAG%.*}', '${DRONE_TAG%%.*}'], + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + spec: './manifest.tmpl', + }, + when: { + status: ['success'], + }, + }, + { + name: 'readme', + image: 'sheogorath/readme-to-dockerhub', + environment: { + DOCKERHUB_USERNAME: { from_secret: 'docker_username' }, + DOCKERHUB_PASSWORD: { from_secret: 'docker_password' }, + DOCKERHUB_REPO_PREFIX: 'xoxys', + DOCKERHUB_REPO_NAME: 'bitwardenrs_ldap', + README_PATH: 'README.md', + SHORT_DESCRIPTION: 'Rootless Bitwarden_RS - Self-hosted password manager', + }, + }, + { + name: 'microbadger', + image: 'plugins/webhook', + settings: { + urls: { from_secret: 'microbadger_url' }, + }, + }, + { + image: 'plugins/matrix', + name: 'matrix', + settings: { + homeserver: 'https://matrix.rknet.org', + roomid: 'MtidqQXWWAtQcByBhH:rknet.org', + template: 'Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}', + username: { from_secret: 'matrix_username' }, + password: { from_secret: 'matrix_password' }, + }, + }, + ], + trigger: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + status: ['success', 'failure'], + }, + depends_on: depends_on, +}; + +[ + PipelineBuild(arch='amd64'), + PipelineNotifications(depends_on=[ + 'build-container-amd64', + ]), +] diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..8ed0731 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,135 @@ +--- +kind: pipeline +name: build-container-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: binary + image: clux/muslrust:nightly-2019-12-19 + commands: + - "[ -z \"${DRONE_TAG}\" ] && LDAP_VERSION=master || LDAP_VERSION=${DRONE_TAG%-*}" + - mkdir -p source/ + - rustup set profile minimal + - curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/v$LDAP_VERSION.tar.gz | tar xz -C source/ --strip-components=1 + - cd source/ && cargo build -j 8 --release + environment: + DB: postgresql + DEBIAN_FRONTEND: noninteractive + LANG: C.UTF-8 + TZ: UTC + +- name: dryrun + image: plugins/docker:linux-amd64 + settings: + dockerfile: ./Dockerfile.amd64 + dry_run: true + password: + from_secret: docker_password + repo: xoxys/bitwardenrs_ldap + username: + from_secret: docker_username + +- name: publish + image: plugins/docker:linux-amd64 + settings: + auto_tag: true + auto_tag_suffix: amd64 + dockerfile: ./Dockerfile.amd64 + password: + from_secret: docker_password + repo: xoxys/bitwardenrs_ldap + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - refs/tags/** + +- name: publish-gitea + image: plugins/gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + overwrite: true + title: ${DRONE_TAG} + when: + ref: + - refs/tags/** + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: +- name: manifest + image: plugins/manifest + settings: + ignore_missing: true + password: + from_secret: docker_password + spec: ./manifest.tmpl + tags: + - ${DRONE_TAG} + - ${DRONE_TAG%-*} + - ${DRONE_TAG%.*} + - ${DRONE_TAG%%.*} + username: + from_secret: docker_username + when: + status: + - success + +- name: readme + image: sheogorath/readme-to-dockerhub + environment: + DOCKERHUB_PASSWORD: + from_secret: docker_password + DOCKERHUB_REPO_NAME: bitwardenrs_ldap + DOCKERHUB_REPO_PREFIX: xoxys + DOCKERHUB_USERNAME: + from_secret: docker_username + README_PATH: README.md + SHORT_DESCRIPTION: Rootless Bitwarden_RS - Self-hosted password manager + +- name: microbadger + image: plugins/webhook + settings: + urls: + from_secret: microbadger_url + +- name: matrix + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + password: + from_secret: matrix_password + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + +trigger: + ref: + - refs/heads/master + - refs/tags/** + status: + - success + - failure + +depends_on: +- build-container-amd64 + +--- +kind: signature +hmac: f5d4a7e677b3a3c586884e3abdf9a97a71be88fdeec3b8f2550c5ca902ba9b49 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65e3ba2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +test/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 new file mode 100644 index 0000000..0597f7b --- /dev/null +++ b/Dockerfile.amd64 @@ -0,0 +1,31 @@ +FROM alpine:3.11 + +LABEL maintainer="Robert Kaussow " \ + org.label-schema.name="bitwardenrs_ldap" \ + org.label-schema.version="1.2" \ + org.label-schema.vendor="Robert Kaussow" \ + org.label-schema.schema-version="1.0" + +RUN addgroup -g 101 -S app && \ + adduser -S -D -H -u 101 -h /app -s /sbin/nologin -G app -g app app && \ + apk --update add --virtual .build-deps tar curl && \ + apk --update add openssl postgresql-libs ca-certificates && \ + curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \ + chmod 755 /usr/local/bin/gomplate && \ + apk del .build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* && \ + chown -R app:app /app + +ADD overlay/ / +ADD source/target/x86_64-unknown-linux-musl/release/bitwarden_rs_ldap /app + +VOLUME /app/data + +USER app + +STOPSIGNAL SIGTERM + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +WORKDIR /app +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c6674cc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e225062 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# bitwarden_rs_ldap diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4d8826b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,7 @@ +--- +version: '2.1' + +services: + bitwardenrs_ldap: + container_name: bitwardenrs_ldap + image: xoxys/bitwardenrs_ldap:latest diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..e965887 --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,15 @@ +image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + {{#if this}} + - {{trimPrefix "v" this}} + - {{trimPrefix "v" this}}-amd64 + {{/if}} +{{/each}} +{{/if}} +manifests: + - image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64 + platform: + architecture: amd64 + os: linux diff --git a/overlay/etc/templates/config.toml.tmpl b/overlay/etc/templates/config.toml.tmpl new file mode 100644 index 0000000..4d509e8 --- /dev/null +++ b/overlay/etc/templates/config.toml.tmpl @@ -0,0 +1,19 @@ +## Bitwarden_RS LDAP Configuration File + +bitwarden_url = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_URL" }}" +bitwarden_admin_token = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN" }}" +ldap_host = "{{ getenv "BITWARDENRS_LDAP_HOST" }}" +{{ if (getenv "BITWARDENRS_LDAP_SCHEME") -}} +ldap_scheme = "{{ getenv "BITWARDENRS_LDAP_SCHEME" }}" +{{ end -}} +ldap_ssl = {{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }} +{{ if (getenv "BITWARDENRS_LDAP_PORT") -}} +ldap_port = {{ getenv "BITWARDENRS_LDAP_PORT" }} +{{ end -}} +ldap_bind_dn = "{{ getenv "BITWARDENRS_LDAP_BIND_DN" }}" +ldap_bind_password = "{{ getenv "BITWARDENRS_LDAP_BIND_PASSWORD" }}" +ldap_search_base_dn = "{{ getenv "BITWARDENRS_LDAP_SEARCH_BASE_DN" }}" +ldap_search_filter = "{{ getenv "BITWARDENRS_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}" +ldap_mail_field = "{{ getenv "BITWARDENRS_LDAP_MAIL_FIELD" "mail" }}" +ldap_sync_interval_seconds = {{ getenv "BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS" "60" }} +ldap_sync_loop = {{ getenv "BITWARDENRS_LDAP_SYNC_LOOP" "true" | conv.Bool }} diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh new file mode 100755 index 0000000..1287e81 --- /dev/null +++ b/overlay/usr/local/bin/entrypoint.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +/usr/local/bin/gomplate -V -o /app/config.toml -f /etc/templates/config.toml.tmpl + +exec CONFIG_PATH=/app/config.toml /app/bitwarden_rs_ldap