container/vaultwarden-ldap
Archived
1
0
Fork 0
Code Issues Pull Requests Releases 22 Activity

Compare commits

base: container:main
Branches Tags
container:main
container:v0.6.2+7
container:v0.6.2+6
container:v0.6.2-5
container:v0.6.2-4
container:v0.6.2-3
container:v0.6.2-2
container:v0.6.2-1
container:v0.4.0-4
container:v0.4.0-3
container:v0.4.0-2
container:v0.4.0-1
container:v0.3.0-1
container:v0.2.0-4
container:v0.2.0-3
container:v0.2.0-2
container:v0.2.0-1
container:v0.1.2-3
container:v0.1.2-2
container:v0.1.2-1
container:v0.1.1-1
container:v0.1.0-2
container:v0.1.0-1
..
compare: container:v0.1.0-1
Branches Tags
container:main
container:v0.6.2+7
container:v0.6.2+6
container:v0.6.2-5
container:v0.6.2-4
container:v0.6.2-3
container:v0.6.2-2
container:v0.6.2-1
container:v0.4.0-4
container:v0.4.0-3
container:v0.4.0-2
container:v0.4.0-1
container:v0.3.0-1
container:v0.2.0-4
container:v0.2.0-3
container:v0.2.0-2
container:v0.2.0-1
container:v0.1.2-3
container:v0.1.2-2
container:v0.1.2-1
container:v0.1.1-1
container:v0.1.0-2
container:v0.1.0-1

No commits in common. "main" and "v0.1.0-1" have entirely different histories.
main ... v0.1.0-1

23 changed files with 446 additions and 377 deletions
Show Stats Expand all files Collapse all files

3
.dictionary
View File

@ -1,3 +0,0 @@
vaultwarden-ldap
LDAP
(V|v)aultwarden

140
.drone.jsonnet Normal file
View File

@ -0,0 +1,140 @@
local PipelineBuild(arch='amd64') = {
local tag = 'linux-' + arch,
kind: 'pipeline',
name: 'build-container-' + arch,
platform: {
os: 'linux',
arch: arch,
},
steps: [
{
name: 'binary',
image: 'clux/muslrust:nightly-2019-12-19',
environment: {
'DB': 'postgresql',
'DEBIAN_FRONTEND': 'noninteractive',
'LANG': 'C.UTF-8',
'TZ': 'UTC',
},
commands: [
'[ -z "${DRONE_TAG}" ] && LDAP_VERSION=master || LDAP_VERSION="${DRONE_TAG%-*}"',
'mkdir -p source/',
'rustup set profile minimal',
'curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/"$$LDAP_VERSION".tar.gz | tar xz -C source/ --strip-components=1',
"grep -rlI 'Box<Error>' source/src/ | xargs sed -i 's/Box<Error>/Box<dyn Error>/g'",
'cd source/ && cargo build -j 8 --release',
],
},
{
name: 'dryrun',
image: 'plugins/docker:' + tag,
settings: {
dry_run: true,
dockerfile: './Dockerfile.' + arch,
repo: 'xoxys/bitwardenrs_ldap',
username: { from_secret: 'docker_username' },
password: { from_secret: 'docker_password' },
},
when: {
ref: [
'refs/pull/**',
],
},
},
{
name: 'publish',
image: 'plugins/docker:' + tag,
settings: {
auto_tag: true,
auto_tag_suffix: arch,
dockerfile: './Dockerfile.' + arch,
repo: 'xoxys/bitwardenrs_ldap',
username: { from_secret: 'docker_username' },
password: { from_secret: 'docker_password' },
},
when: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
name: 'publish-gitea',
image: 'plugins/gitea-release',
settings: {
api_key: { from_secret: 'gitea_token' },
base_url: 'https://gitea.rknet.org',
overwrite: true,
title: '${DRONE_TAG}',
note: 'CHANGELOG.md',
},
when: {
ref: ['refs/tags/**'],
},
},
],
};
local PipelineNotifications(depends_on=[]) = {
kind: 'pipeline',
name: 'notifications',
platform: {
os: 'linux',
arch: 'amd64',
},
steps: [
{
image: 'plugins/manifest',
name: 'manifest',
settings: {
ignore_missing: true,
tags: ['${DRONE_TAG}', '${DRONE_TAG%-*}', '${DRONE_TAG%.*}', '${DRONE_TAG%%.*}'],
username: { from_secret: 'docker_username' },
password: { from_secret: 'docker_password' },
spec: './manifest.tmpl',
},
},
{
name: 'readme',
image: 'sheogorath/readme-to-dockerhub',
environment: {
DOCKERHUB_USERNAME: { from_secret: 'docker_username' },
DOCKERHUB_PASSWORD: { from_secret: 'docker_password' },
DOCKERHUB_REPO_PREFIX: 'xoxys',
DOCKERHUB_REPO_NAME: 'bitwardenrs_ldap',
README_PATH: 'README.md',
SHORT_DESCRIPTION: 'Rootless Bitwarden_RS - Self-hosted password manager',
},
},
{
image: 'plugins/matrix',
name: 'matrix',
settings: {
homeserver: 'https://matrix.rknet.org',
roomid: 'MtidqQXWWAtQcByBhH:rknet.org',
template: 'Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}',
username: { from_secret: 'matrix_username' },
password: { from_secret: 'matrix_password' },
},
when: {
status: ['success', 'failure'],
},
},
],
trigger: {
ref: [
'refs/heads/master',
'refs/tags/**',
],
status: ['success', 'failure'],
},
depends_on: depends_on,
};
[
PipelineBuild(arch='amd64'),
PipelineNotifications(depends_on=[
'build-container-amd64',
]),
]

134
.drone.yml Normal file
View File

@ -0,0 +1,134 @@
---
kind: pipeline
name: build-container-amd64
platform:
os: linux
arch: amd64
steps:
- name: binary
image: clux/muslrust:nightly-2019-12-19
commands:
- "[ -z \"${DRONE_TAG}\" ] && LDAP_VERSION=master || LDAP_VERSION=\"${DRONE_TAG%-*}\""
- mkdir -p source/
- rustup set profile minimal
- curl -sSL https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/"$$LDAP_VERSION".tar.gz | tar xz -C source/ --strip-components=1
- grep -rlI 'Box<Error>' source/src/ | xargs sed -i 's/Box<Error>/Box<dyn Error>/g'
- cd source/ && cargo build -j 8 --release
environment:
DB: postgresql
DEBIAN_FRONTEND: noninteractive
LANG: C.UTF-8
TZ: UTC
- name: dryrun
image: plugins/docker:linux-amd64
settings:
dockerfile: ./Dockerfile.amd64
dry_run: true
password:
from_secret: docker_password
repo: xoxys/bitwardenrs_ldap
username:
from_secret: docker_username
when:
ref:
- refs/pull/**
- name: publish
image: plugins/docker:linux-amd64
settings:
auto_tag: true
auto_tag_suffix: amd64
dockerfile: ./Dockerfile.amd64
password:
from_secret: docker_password
repo: xoxys/bitwardenrs_ldap
username:
from_secret: docker_username
when:
ref:
- refs/heads/master
- refs/tags/**
- name: publish-gitea
image: plugins/gitea-release
settings:
api_key:
from_secret: gitea_token
base_url: https://gitea.rknet.org
note: CHANGELOG.md
overwrite: true
title: ${DRONE_TAG}
when:
ref:
- refs/tags/**
---
kind: pipeline
name: notifications
platform:
os: linux
arch: amd64
steps:
- name: manifest
image: plugins/manifest
settings:
ignore_missing: true
password:
from_secret: docker_password
spec: ./manifest.tmpl
tags:
- ${DRONE_TAG}
- ${DRONE_TAG%-*}
- ${DRONE_TAG%.*}
- ${DRONE_TAG%%.*}
username:
from_secret: docker_username
- name: readme
image: sheogorath/readme-to-dockerhub
environment:
DOCKERHUB_PASSWORD:
from_secret: docker_password
DOCKERHUB_REPO_NAME: bitwardenrs_ldap
DOCKERHUB_REPO_PREFIX: xoxys
DOCKERHUB_USERNAME:
from_secret: docker_username
README_PATH: README.md
SHORT_DESCRIPTION: Rootless Bitwarden_RS - Self-hosted password manager
- name: matrix
image: plugins/matrix
settings:
homeserver: https://matrix.rknet.org
password:
from_secret: matrix_password
roomid: MtidqQXWWAtQcByBhH:rknet.org
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
username:
from_secret: matrix_username
when:
status:
- success
- failure
trigger:
ref:
- refs/heads/master
- refs/tags/**
status:
- success
- failure
depends_on:
- build-container-amd64
---
kind: signature
hmac: 7d0047e966a281c570b76b36a741bfe660682662a09bc6c6ebc12fda7d18f951
...

1
.gitignore vendored
View File

@ -1,2 +1 @@
test/
CHANGELOG.md

47
.gitsv/config.yml
View File

@ -1,47 +0,0 @@
---
version: "1.1"
versioning:
update-major: []
update-minor: [feat]
update-patch: [fix, perf, refactor, chore, test, ci, docs]
tag:
pattern: "v%d.%d.%d"
release-notes:
sections:
- name: Features
commit-types: [feat]
section-type: commits
- name: Bug Fixes
commit-types: [fix]
section-type: commits
- name: Performance Improvements
commit-types: [perf]
section-type: commits
- name: Code Refactoring
commit-types: [refactor]
section-type: commits
- name: Others
commit-types: [chore]
section-type: commits
- name: Testing
commit-types: [test]
section-type: commits
- name: CI Pipeline
commit-types: [ci]
section-type: commits
- name: Documentation
commit-types: [docs]
section-type: commits
- name: BREAKING CHANGES
section-type: breaking-changes
commit-message:
footer:
issue:
key: issue
add-value-prefix: "#"
issue:
regex: "#?[0-9]+"

6
.markdownlint.yml
View File

@ -1,6 +0,0 @@
---
default: True
MD013: False
MD041: False
MD004:
style: dash

2
.prettierignore
View File

@ -1,2 +0,0 @@
*.tpl.md
LICENSE

68
.woodpecker/build-container.yml
View File

@ -1,68 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: binary
image: docker.io/clux/muslrust:nightly-2021-04-14
commands:
- make build
- name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:3
settings:
containerfile: Containerfile
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: thegeeklab/${CI_REPO_NAME}
- name: security-scan
image: ghcr.io/aquasecurity/trivy
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:3
group: container
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: docker_password
provenance: false
repo: thegeeklab/${CI_REPO_NAME}
username:
from_secret: docker_username
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
- name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:3
group: container
settings:
auto_tag: true
containerfile: Containerfile
password:
from_secret: quay_password
provenance: false
registry: quay.io
repo: quay.io/thegeeklab/${CI_REPO_NAME}
username:
from_secret: quay_username
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}

25
.woodpecker/build-package.yml
View File

@ -1,25 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: changelog
image: quay.io/thegeeklab/git-sv
commands:
- git sv current-version
- git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
- cat CHANGELOG.md
- name: publish-gitea
image: quay.io/thegeeklab/wp-gitea-release
settings:
api_key:
from_secret: gitea_token
base_url: https://gitea.rknet.org
note: CHANGELOG.md
title: ${CI_COMMIT_TAG}
when:
- event: [tag]

62
.woodpecker/docs.yml
View File

@ -1,62 +0,0 @@
---
when:
- event: [pull_request, tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
steps:
- name: markdownlint
image: quay.io/thegeeklab/markdownlint-cli
group: test
commands:
- markdownlint 'README.md'
- name: spellcheck
image: quay.io/thegeeklab/alpine-tools
group: test
commands:
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
environment:
FORCE_COLOR: "true"
- name: link-validation
image: docker.io/lycheeverse/lychee
group: test
commands:
- lychee --no-progress --format detailed README.md
- name: pushrm-dockerhub
image: docker.io/chko/docker-pushrm:1
secrets:
- source: docker_password
target: DOCKER_PASS
- source: docker_username
target: DOCKER_USER
environment:
PUSHRM_FILE: README.md
PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
status: [success]
- name: pushrm-quay
image: docker.io/chko/docker-pushrm:1
secrets:
- source: quay_token
target: APIKEY__QUAY_IO
environment:
PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
when:
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
status: [success]
depends_on:
- build-package
- build-container

26
.woodpecker/notify.yml
View File

@ -1,26 +0,0 @@
---
when:
- event: [tag]
- event: [push, manual]
branch:
- ${CI_REPO_DEFAULT_BRANCH}
runs_on: [success, failure]
steps:
- name: matrix
image: quay.io/thegeeklab/wp-matrix
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
when:
- status: [success, failure]
depends_on:
- docs

0
CHANGELOG.md Normal file
View File

26
Containerfile
View File

@ -1,26 +0,0 @@
FROM docker.io/thegeeklab/alpine:latest@sha256:db2eacba26729a8d122a447a4dd1f658074b84e1d26720c54403db1ef9ee42c5
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.title="vaultwarden-ldap"
LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden-ldap"
LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden-ldap"
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden-ldap"
ADD overlay/ /
RUN apk --update add ca-certificates && \
mkdir -p /app && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/* && \
chown -R app:app /app
ADD src/target/x86_64-unknown-linux-musl/release/vaultwarden_ldap /app
USER app
STOPSIGNAL SIGTERM
ENTRYPOINT ["/usr/local/bin/entrypoint"]
WORKDIR /app
CMD []

36
Dockerfile.amd64 Normal file
View File

@ -0,0 +1,36 @@
FROM alpine:3.11
LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
org.label-schema.name="bitwardenrs_ldap" \
org.label-schema.version="1.2" \
org.label-schema.vendor="Robert Kaussow" \
org.label-schema.schema-version="1.0"
RUN addgroup -g 101 -S app && \
adduser -S -D -H -u 101 -h /app -s /sbin/nologin -G app -g app app && \
apk --update add --virtual .build-deps tar curl && \
apk --update add ca-certificates && \
curl -SsL -o /usr/local/bin/gomplate https://github.com/hairyhenderson/gomplate/releases/download/v3.5.0/gomplate_linux-amd64-slim && \
curl -SsL -o /usr/local/bin/url-parser https://github.com/xoxys/url-parser/releases/download/v0.1.0/url-parser-0.1.0-linux-amd64 && \
curl -SsL -o /usr/local/bin/wait-for https://raw.githubusercontent.com/xoxys/wait-for/master/wait-for && \
chmod 755 /usr/local/bin/gomplate && \
chmod 755 /usr/local/bin/url-parser && \
chmod 755 /usr/local/bin/wait-for && \
apk del .build-deps && \
rm -rf /var/cache/apk/* && \
rm -rf /tmp/* && \
mkdir -p /app && \
chown -R app:app /app
ADD overlay/ /
ADD source/target/x86_64-unknown-linux-musl/release/bitwarden_rs_ldap /app
VOLUME /app/data
USER app
STOPSIGNAL SIGTERM
ENTRYPOINT ["/usr/local/bin/entrypoint"]
WORKDIR /app
CMD []

2
LICENSE
View File

@ -1,6 +1,6 @@
MIT License
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
Copyright (c) 2020 Robert Kaussow
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

27
Makefile
View File

@ -1,27 +0,0 @@
# renovate: datasource=github-releases depName=ViViDboarder/vaultwarden_ldap
export BUILD_VERSION ?= v0.6.2
export DEBIAN_FRONTEND ?= noninteractive
export LANG ?= C.UTF-8
export TZ ?= UTC
SRC := src
.PHONY: all
all: build
.PHONY: build
build: build-src build-bin
.PHONY: build-src
build-src:
mkdir -p $(SRC); \
curl -sSL "https://github.com/ViViDboarder/vaultwarden_ldap/archive/$${BUILD_VERSION}.tar.gz" | tar xz -C $(SRC) --strip-components=1
.PHONY: build-bin
build-bin:
rustup set profile minimal && \
cd $(SRC) && \
cargo build -j 8 --release
.PHONY: clean
clean:
rm -rf $(SRC)

63
README.md
View File

@ -1,40 +1,47 @@
# vaultwarden-ldap
# [bitwarden_rs_ldap](https://gitea.rknet.org/docker/bitwarden_rs_ldap)
Custom image for the Vaultwarden LDAP connector
[![Build Status](https://img.shields.io/drone/build/docker/bitwarden_rs_ldap?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/bitwarden_rs_ldap)
[![Docker Hub](https://img.shields.io/badge/docker-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/xoxys/bitwardenrs_ldap)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/bitwarden_rs_ldap/src/branch/master/LICENSE)
<!-- spellchecker-disable -->
This is a custom Docker image for [bitwarden_rs_ldap](https://github.com/ViViDboarder/bitwarden_rs_ldap) a simple LDAP connector for bitwarden_rs.
[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden-ldap/status.svg)](https://ci.rknet.org/repos/container/vaultwarden-ldap)
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden-ldap)
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden-ldap)
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden-ldap)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE)
## Usage
<!-- spellchecker-enable -->
### Docker Compose
Custom rootless container image for [vaultwarden-ldap](https://github.com/ViViDboarder/vaultwarden_ldap) a simple LDAP connector for vaultwarden.
```Yaml
---
version: '3'
services:
bitwardenrs_ldap:
container_name: bitwardenrs_ldap
image: xoxys/bitwardenrs_ldap:latest
```
## Configuration
```Shell
VAULTWARDEN_LDAP_VAULTWARDEN_URL=
VAULTWARDEN_LDAP_VAULTWARDEN_ADMIN_TOKEN=
VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE=
VAULTWARDEN_LDAP_HOST=
VAULTWARDEN_LDAP_SCHEME=
VAULTWARDEN_LDAP_SSL=True
VAULTWARDEN_LDAP_SSL_VERIFY=True
VAULTWARDEN_LDAP_PORT=
VAULTWARDEN_LDAP_BIND_DN=
VAULTWARDEN_LDAP_BIND_PASSWORD=
VAULTWARDEN_LDAP_SEARCH_BASE_DN=
VAULTWARDEN_LDAP_SEARCH_FILTER="(&(objectClass=*)(uid=*))"
VAULTWARDEN_LDAP_MAIL_FIELD=mail
VAULTWARDEN_LDAP_SYNC_INTERVAL_SECONDS=60
VAULTWARDEN_LDAP_SYNC_LOOP=True
BITWARDENRS_LDAP_BITWARDEN_URL=
BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN=
BITWARDENRS_LDAP_HOST=
BITWARDENRS_LDAP_SCHEME=
BITWARDENRS_LDAP_SSL=True
BITWARDENRS_LDAP_PORT=
BITWARDENRS_LDAP_BIND_DN=
BITWARDENRS_LDAP_BIND_PASSWORD=
BITWARDENRS_LDAP_SEARCH_BASE_DN=
BITWARDENRS_LDAP_SEARCH_FILTER="(&(objectClass=*)(uid=*))"
BITWARDENRS_LDAP_MAIL_FIELD=mail
BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS=60
BITWARDENRS_LDAP_SYNC_LOOP=True
```
## License
### License
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE) file for details.
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/bitwarden_rs_ldap/src/branch/master/LICENSE) file for details.
### Maintainers and Contributors
[Robert Kaussow](https://gitea.rknet.org/xoxys)

48
docker-compose.yml Normal file
View File

@ -0,0 +1,48 @@
---
version: '3'
services:
postgres:
container_name: bitwardenrs_postgres
image: postgres
environment:
POSTGRES_DB: bitwarden
POSTGRES_PASSWORD: pass
POSTGRES_USER: user
ldap:
container_name: bitwardenrs_ldap
image: osixia/openldap
bitwardenrs:
container_name: bitwardenrs_server
image: xoxys/bitwardenrs:latest
depends_on:
- postgres
ports:
- "80:8080"
volumes:
- data:/app/data
environment:
BITWARDENRS_DATABASE_URL: postgresql://user:pass@bitwardenrs_postgres:5432/bitwarden
BITWARDENRS_ADMIN_TOKEN: my_secure_token
bitwardenrs_ldap:
container_name: bitwardenrs_ldap_sync
restart: always
image: xoxys/bitwardenrs_ldap:latest
depends_on:
- bitwardenrs
- ldap
environment:
BITWARDENRS_LDAP_BITWARDEN_URL: http://bitwardenrs_server:8080
BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN: my_secure_token
BITWARDENRS_LDAP_HOST: bitwardenrs_ldap
BITWARDENRS_LDAP_SSL: "False"
BITWARDENRS_LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
BITWARDENRS_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
BITWARDENRS_LDAP_BIND_PASSWORD: admin
volumes:
data:
driver: local

15
manifest.tmpl Normal file
View File

@ -0,0 +1,15 @@
image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
{{#if this}}
- {{trimPrefix "v" this}}
- {{trimPrefix "v" this}}-amd64
{{/if}}
{{/each}}
{{/if}}
manifests:
- image: xoxys/bitwardenrs_ldap:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}amd64
platform:
architecture: amd64
os: linux

36
overlay/etc/templates/config.toml.tmpl
View File

@ -1,22 +1,18 @@
## Vaultwarden LDAP Configuration File
vaultwarden_url = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_URL" }}"
vaultwarden_admin_token = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ADMIN_TOKEN" }}"
{{ if (getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE") -}}
vaultwarden_root_cert_file = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE" }}"
## Bitwarden_RS LDAP Configuration File
bitwarden_url = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_URL" }}"
bitwarden_admin_token = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN" }}"
ldap_host = "{{ getenv "BITWARDENRS_LDAP_HOST" }}"
{{ if (getenv "BITWARDENRS_LDAP_SCHEME") -}}
ldap_scheme = "{{ getenv "BITWARDENRS_LDAP_SCHEME" }}"
{{ end -}}
ldap_host = "{{ getenv "VAULTWARDEN_LDAP_HOST" }}"
{{ if (getenv "VAULTWARDEN_LDAP_SCHEME") -}}
ldap_scheme = "{{ getenv "VAULTWARDEN_LDAP_SCHEME" }}"
ldap_ssl = {{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }}
{{ if (getenv "BITWARDENRS_LDAP_PORT") -}}
ldap_port = {{ getenv "BITWARDENRS_LDAP_PORT" }}
{{ end -}}
ldap_ssl = {{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}
ldap_no_tls_verify = {{ not (getenv "VAULTWARDEN_LDAP_SSL_VERIFY" "true" | conv.ToBool) }}
{{ if (getenv "VAULTWARDEN_LDAP_PORT") -}}
ldap_port = {{ getenv "VAULTWARDEN_LDAP_PORT" }}
{{ end -}}
ldap_bind_dn = "{{ getenv "VAULTWARDEN_LDAP_BIND_DN" }}"
ldap_bind_password = "{{ getenv "VAULTWARDEN_LDAP_BIND_PASSWORD" }}"
ldap_search_base_dn = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_BASE_DN" }}"
ldap_search_filter = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}"
ldap_mail_field = "{{ getenv "VAULTWARDEN_LDAP_MAIL_FIELD" "mail" }}"
ldap_sync_interval_seconds = {{ getenv "VAULTWARDEN_LDAP_SYNC_INTERVAL_SECONDS" "60" }}
ldap_sync_loop = {{ getenv "VAULTWARDEN_LDAP_SYNC_LOOP" "true" | conv.ToBool }}
ldap_bind_dn = "{{ getenv "BITWARDENRS_LDAP_BIND_DN" }}"
ldap_bind_password = "{{ getenv "BITWARDENRS_LDAP_BIND_PASSWORD" }}"
ldap_search_base_dn = "{{ getenv "BITWARDENRS_LDAP_SEARCH_BASE_DN" }}"
ldap_search_filter = "{{ getenv "BITWARDENRS_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}"
ldap_mail_field = "{{ getenv "BITWARDENRS_LDAP_MAIL_FIELD" "mail" }}"
ldap_sync_interval_seconds = {{ getenv "BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS" "60" }}
ldap_sync_loop = {{ getenv "BITWARDENRS_LDAP_SYNC_LOOP" "true" | conv.Bool }}

41
overlay/usr/local/bin/entrypoint
View File

@ -1,43 +1,44 @@
#!/usr/bin/env sh
# shellcheck disable=SC3040
set -eo pipefail
# shellcheck disable=SC1091
. /usr/local/lib/log.sh
/usr/local/bin/gomplate -V -o /app/config.toml -f /etc/templates/config.toml.tmpl
/usr/local/bin/gomplate -o /app/config.toml -f /etc/templates/config.toml.tmpl
if [ -z "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ] || [ -z "$VAULTWARDEN_LDAP_HOST" ]; then
log_error "Error: Vaultwarden and/or LDAP server not configured, exiting"
if [ -z "$BITWARDENRS_LDAP_BITWARDEN_URL" ] || [ -z "$BITWARDENRS_LDAP_HOST" ]
then
printf "Error: Bitwarden and/or LDAP server not configured. Exiting ...\n"
exit 1
fi
if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]; then
WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" scheme)
WAITFOR_BW_HOST=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" host)
WAITFOR_BW_PORT=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" port)
if [ -n "$BITWARDENRS_LDAP_BITWARDEN_URL" ]
then
WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser scheme --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
WAITFOR_BW_HOST=$(/usr/local/bin/url-parser host --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
WAITFOR_BW_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
if [ -z "$WAITFOR_BW_PORT" ]; then
if [ -z "$WAITFOR_BW_PORT" ]
then
[ "$WAITFOR_BW_SCHEME" = "https" ] && WAITFOR_BW_PORT=433 || WAITFOR_BW_PORT=80
fi
log_info "Wait for Vaultwarden server on '${WAITFOR_BW_HOST}:${WAITFOR_BW_PORT}'"
printf "Wait for bitwarden server on '%s:%s'...\n" "${WAITFOR_BW_HOST}" "${WAITFOR_BW_PORT}"
/usr/local/bin/wait-for "${WAITFOR_BW_HOST}":"${WAITFOR_BW_PORT}"
fi
if [ -n "$VAULTWARDEN_LDAP_HOST" ]; then
WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}')
if [ -n "$BITWARDENRS_LDAP_HOST" ]
then
WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }}')
if [ -z "$VAULTWARDEN_LDAP_PORT" ]; then
[ "$WAITFOR_LDAP_SSL" = true ] && VAULTWARDEN_LDAP_PORT=636 || VAULTWARDEN_LDAP_PORT=389
if [ -z "$BITWARDENRS_LDAP_PORT" ]
then
[ "$WAITFOR_LDAP_SSL" = true ] && BITWARDENRS_LDAP_PORT=636 || BITWARDENRS_LDAP_PORT=389
fi
log_info "Wait for LDAP server on '${VAULTWARDEN_LDAP_HOST}:${VAULTWARDEN_LDAP_PORT}'"
/usr/local/bin/wait-for "${VAULTWARDEN_LDAP_HOST}":"${VAULTWARDEN_LDAP_PORT}"
printf "Wait for ldap server on '%s:%s'...\n" "${BITWARDENRS_LDAP_HOST}" "${BITWARDENRS_LDAP_PORT}"
/usr/local/bin/wait-for "${BITWARDENRS_LDAP_HOST}":"${BITWARDENRS_LDAP_PORT}"
# TODO: add delay to minimize connection errors
sleep 10
fi
exec env CONFIG_PATH=/app/config.toml /app/vaultwarden_ldap
exec env CONFIG_PATH=/app/config.toml /app/bitwarden_rs_ldap

11
renovate.json
View File

@ -1,11 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["github>thegeeklab/renovate-presets:docker"],
"packageRules": [
{
"groupName": "vaultwarden ldap packages",
"matchDatasources": ["github-releases"],
"matchPackagePatterns": ["^ViViDboarder"]
}
]
}

4
trivy.yaml
View File

@ -1,4 +0,0 @@
---
scan:
skip-files:
- /usr/local/bin/gomplate