From f2f60dec9ae29dd2b9738c26017bc09cb566ea74 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Sun, 19 Jan 2020 00:19:48 +0100 Subject: [PATCH] inital commit --- .drone.jsonnet | 141 +++++++++++++++++++++++++ .drone.yml | 135 +++++++++++++++++++++++ .gitignore | 1 + CHANGELOG.md | 0 Dockerfile.amd64 | 31 ++++++ LICENSE | 21 ++++ README.md | 1 + docker-compose.yml | 7 ++ manifest.tmpl | 15 +++ overlay/etc/templates/config.toml.tmpl | 19 ++++ overlay/usr/local/bin/entrypoint.sh | 5 + 11 files changed, 376 insertions(+) create mode 100644 .drone.jsonnet create mode 100644 .drone.yml create mode 100644 .gitignore create mode 100644 CHANGELOG.md create mode 100644 Dockerfile.amd64 create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-compose.yml create mode 100644 manifest.tmpl create mode 100644 overlay/etc/templates/config.toml.tmpl create mode 100755 overlay/usr/local/bin/entrypoint.sh diff --git a/.drone.jsonnet b/.drone.jsonnet new file mode 100644 index 0000000..e590cc3 --- /dev/null +++ b/.drone.jsonnet @@ -0,0 +1,141 @@ +local PipelineBuild(arch='amd64') = { + local tag = 'linux-' + arch, + kind: 'pipeline', + name: 'build-container-' + arch, + platform: { + os: 'linux', + arch: arch, + }, + steps: [ + { + name: 'binary', + image: 'clux/muslrust:nightly-2019-12-19', + environment: { + 'DB': 'postgresql', + 'DEBIAN_FRONTEND': 'noninteractive', + 'LANG': 'C.UTF-8', + 'TZ': 'UTC', + }, + commands: [ + '[ -z "${DRONE_TAG}" ] && LDAP_VERSION=master || LDAP_VERSION=${DRONE_TAG%-*}', + 'mkdir -p source/', + 'rustup set profile minimal', + 'curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/v$LDAP_VERSION.tar.gz | tar xz -C source/ --strip-components=1', + 'cd source/ && cargo build -j 8 --release', + ], + }, + { + name: 'dryrun', + image: 'plugins/docker:' + tag, + settings: { + dry_run: true, + dockerfile: './Dockerfile.' + arch, + repo: 'xoxys/bitwardenrs_ldap', + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + }, + }, + { + name: 'publish', + image: 'plugins/docker:' + tag, + settings: { + auto_tag: true, + auto_tag_suffix: arch, + dockerfile: './Dockerfile.' + arch, + repo: 'xoxys/bitwardenrs_ldap', + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + }, + when: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + }, + }, + { + name: 'publish-gitea', + image: 'plugins/gitea-release', + settings: { + api_key: { from_secret: 'gitea_token' }, + base_url: 'https://gitea.rknet.org', + overwrite: true, + title: '${DRONE_TAG}', + note: 'CHANGELOG.md', + }, + when: { + ref: ['refs/tags/**'], + }, + }, + ], +}; + +local PipelineNotifications(depends_on=[]) = { + kind: 'pipeline', + name: 'notifications', + platform: { + os: 'linux', + arch: 'amd64', + }, + steps: [ + { + image: 'plugins/manifest', + name: 'manifest', + settings: { + ignore_missing: true, + tags: ['${DRONE_TAG}', '${DRONE_TAG%-*}', '${DRONE_TAG%.*}', '${DRONE_TAG%%.*}'], + username: { from_secret: 'docker_username' }, + password: { from_secret: 'docker_password' }, + spec: './manifest.tmpl', + }, + when: { + status: ['success'], + }, + }, + { + name: 'readme', + image: 'sheogorath/readme-to-dockerhub', + environment: { + DOCKERHUB_USERNAME: { from_secret: 'docker_username' }, + DOCKERHUB_PASSWORD: { from_secret: 'docker_password' }, + DOCKERHUB_REPO_PREFIX: 'xoxys', + DOCKERHUB_REPO_NAME: 'bitwardenrs_ldap', + README_PATH: 'README.md', + SHORT_DESCRIPTION: 'Rootless Bitwarden_RS - Self-hosted password manager', + }, + }, + { + name: 'microbadger', + image: 'plugins/webhook', + settings: { + urls: { from_secret: 'microbadger_url' }, + }, + }, + { + image: 'plugins/matrix', + name: 'matrix', + settings: { + homeserver: 'https://matrix.rknet.org', + roomid: 'MtidqQXWWAtQcByBhH:rknet.org', + template: 'Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}', + username: { from_secret: 'matrix_username' }, + password: { from_secret: 'matrix_password' }, + }, + }, + ], + trigger: { + ref: [ + 'refs/heads/master', + 'refs/tags/**', + ], + status: ['success', 'failure'], + }, + depends_on: depends_on, +}; + +[ + PipelineBuild(arch='amd64'), + PipelineNotifications(depends_on=[ + 'build-container-amd64', + ]), +] diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..8ed0731 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,135 @@ +--- +kind: pipeline +name: build-container-amd64 + +platform: + os: linux + arch: amd64 + +steps: +- name: binary + image: clux/muslrust:nightly-2019-12-19 + commands: + - "[ -z \"${DRONE_TAG}\" ] && LDAP_VERSION=master || LDAP_VERSION=${DRONE_TAG%-*}" + - mkdir -p source/ + - rustup set profile minimal + - curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/v$LDAP_VERSION.tar.gz | tar xz -C source/ --strip-components=1 + - cd source/ && cargo build -j 8 --release + environment: + DB: postgresql + DEBIAN_FRONTEND: noninteractive + LANG: C.UTF-8 + TZ: UTC + +- name: dryrun + image: plugins/docker:linux-amd64 + settings: + dockerfile: ./Dockerfile.amd64 + dry_run: true + password: + from_secret: docker_password + repo: xoxys/bitwardenrs_ldap + username: + from_secret: docker_username + +- name: publish + image: plugins/docker:linux-amd64 + settings: + auto_tag: true + auto_tag_suffix: amd64 + dockerfile: ./Dockerfile.amd64 + password: + from_secret: docker_password + repo: xoxys/bitwardenrs_ldap + username: + from_secret: docker_username + when: + ref: + - refs/heads/master + - refs/tags/** + +- name: publish-gitea + image: plugins/gitea-release + settings: + api_key: + from_secret: gitea_token + base_url: https://gitea.rknet.org + note: CHANGELOG.md + overwrite: true + title: ${DRONE_TAG} + when: + ref: + - refs/tags/** + +--- +kind: pipeline +name: notifications + +platform: + os: linux + arch: amd64 + +steps: +- name: manifest + image: plugins/manifest + settings: + ignore_missing: true + password: + from_secret: docker_password + spec: ./manifest.tmpl + tags: + - ${DRONE_TAG} + - ${DRONE_TAG%-*} + - ${DRONE_TAG%.*} + - ${DRONE_TAG%%.*} + username: + from_secret: docker_username + when: + status: + - success + +- name: readme + image: sheogorath/readme-to-dockerhub + environment: + DOCKERHUB_PASSWORD: + from_secret: docker_password + DOCKERHUB_REPO_NAME: bitwardenrs_ldap + DOCKERHUB_REPO_PREFIX: xoxys + DOCKERHUB_USERNAME: + from_secret: docker_username + README_PATH: README.md + SHORT_DESCRIPTION: Rootless Bitwarden_RS - Self-hosted password manager + +- name: microbadger + image: plugins/webhook + settings: + urls: + from_secret: microbadger_url + +- name: matrix + image: plugins/matrix + settings: + homeserver: https://matrix.rknet.org + password: + from_secret: matrix_password + roomid: MtidqQXWWAtQcByBhH:rknet.org + template: "Status: **{{ build.status }}**
Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}
Message: {{ build.message }}" + username: + from_secret: matrix_username + +trigger: + ref: + - refs/heads/master + - refs/tags/** + status: + - success + - failure + +depends_on: +- build-container-amd64 + +--- +kind: signature +hmac: f5d4a7e677b3a3c586884e3abdf9a97a71be88fdeec3b8f2550c5ca902ba9b49 + +... diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..65e3ba2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +test/ diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..e69de29 diff --git a/Dockerfile.amd64 b/Dockerfile.amd64 new file mode 100644 index 0000000..0597f7b --- /dev/null +++ b/Dockerfile.amd64 @@ -0,0 +1,31 @@ +FROM alpine:3.11 + +LABEL maintainer="Robert Kaussow " \ + org.label-schema.name="bitwardenrs_ldap" \ + org.label-schema.version="1.2" \ + org.label-schema.vendor="Robert Kaussow" \ + org.label-schema.schema-version="1.0" + +RUN addgroup -g 101 -S app && \ + adduser -S -D -H -u 101 -h /app -s /sbin/nologin -G app -g app app && \ + apk --update add --virtual .build-deps tar curl && \ + apk --update add openssl postgresql-libs ca-certificates && \ + curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \ + chmod 755 /usr/local/bin/gomplate && \ + apk del .build-deps && \ + rm -rf /var/cache/apk/* && \ + rm -rf /tmp/* && \ + chown -R app:app /app + +ADD overlay/ / +ADD source/target/x86_64-unknown-linux-musl/release/bitwarden_rs_ldap /app + +VOLUME /app/data + +USER app + +STOPSIGNAL SIGTERM + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] +WORKDIR /app +CMD [] diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c6674cc --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2019 Robert Kaussow + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is furnished +to do so, subject to the following conditions: + +The above copyright notice and this permission notice (including the next +paragraph) shall be included in all copies or substantial portions of the +Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS +OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF +OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..e225062 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# bitwarden_rs_ldap diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..4d8826b --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,7 @@ +--- +version: '2.1' + +services: + bitwardenrs_ldap: + container_name: bitwardenrs_ldap + image: xoxys/bitwardenrs_ldap:latest diff --git a/manifest.tmpl b/manifest.tmpl new file mode 100644 index 0000000..e965887 --- /dev/null +++ b/manifest.tmpl @@ -0,0 +1,15 @@ +image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}} +{{#if build.tags}} +tags: +{{#each build.tags}} + {{#if this}} + - {{trimPrefix "v" this}} + - {{trimPrefix "v" this}}-amd64 + {{/if}} +{{/each}} +{{/if}} +manifests: + - image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64 + platform: + architecture: amd64 + os: linux diff --git a/overlay/etc/templates/config.toml.tmpl b/overlay/etc/templates/config.toml.tmpl new file mode 100644 index 0000000..4d509e8 --- /dev/null +++ b/overlay/etc/templates/config.toml.tmpl @@ -0,0 +1,19 @@ +## Bitwarden_RS LDAP Configuration File + +bitwarden_url = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_URL" }}" +bitwarden_admin_token = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN" }}" +ldap_host = "{{ getenv "BITWARDENRS_LDAP_HOST" }}" +{{ if (getenv "BITWARDENRS_LDAP_SCHEME") -}} +ldap_scheme = "{{ getenv "BITWARDENRS_LDAP_SCHEME" }}" +{{ end -}} +ldap_ssl = {{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }} +{{ if (getenv "BITWARDENRS_LDAP_PORT") -}} +ldap_port = {{ getenv "BITWARDENRS_LDAP_PORT" }} +{{ end -}} +ldap_bind_dn = "{{ getenv "BITWARDENRS_LDAP_BIND_DN" }}" +ldap_bind_password = "{{ getenv "BITWARDENRS_LDAP_BIND_PASSWORD" }}" +ldap_search_base_dn = "{{ getenv "BITWARDENRS_LDAP_SEARCH_BASE_DN" }}" +ldap_search_filter = "{{ getenv "BITWARDENRS_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}" +ldap_mail_field = "{{ getenv "BITWARDENRS_LDAP_MAIL_FIELD" "mail" }}" +ldap_sync_interval_seconds = {{ getenv "BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS" "60" }} +ldap_sync_loop = {{ getenv "BITWARDENRS_LDAP_SYNC_LOOP" "true" | conv.Bool }} diff --git a/overlay/usr/local/bin/entrypoint.sh b/overlay/usr/local/bin/entrypoint.sh new file mode 100755 index 0000000..1287e81 --- /dev/null +++ b/overlay/usr/local/bin/entrypoint.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +/usr/local/bin/gomplate -V -o /app/config.toml -f /etc/templates/config.toml.tmpl + +exec CONFIG_PATH=/app/config.toml /app/bitwarden_rs_ldap