Compare commits
No commits in common. "main" and "v0.1.2-3" have entirely different histories.
@ -1,3 +0,0 @@
|
|||||||
vaultwarden-ldap
|
|
||||||
LDAP
|
|
||||||
(V|v)aultwarden
|
|
164
.drone.yml
Normal file
164
.drone.yml
Normal file
@ -0,0 +1,164 @@
|
|||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: build-container
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: binary
|
||||||
|
image: clux/muslrust:nightly-2019-12-19
|
||||||
|
commands:
|
||||||
|
- make build
|
||||||
|
environment:
|
||||||
|
BUILD_VERSION: ${DRONE_TAG%-*}
|
||||||
|
|
||||||
|
- name: dryrun
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
dry_run: true
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/pull/**
|
||||||
|
depends_on:
|
||||||
|
- binary
|
||||||
|
|
||||||
|
- name: tags
|
||||||
|
image: thegeeklab/docker-autotag
|
||||||
|
environment:
|
||||||
|
DOCKER_AUTOTAG_FORCE_LATEST: True
|
||||||
|
DOCKER_AUTOTAG_IGNORE_PRERELEASE: True
|
||||||
|
DOCKER_AUTOTAG_OUTPUT_FILE: .tags
|
||||||
|
DOCKER_AUTOTAG_VERSION: ${DRONE_TAG}
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/heads/master
|
||||||
|
- refs/tags/**
|
||||||
|
depends_on:
|
||||||
|
- dryrun
|
||||||
|
|
||||||
|
- name: publish-dockerhub
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
repo: thegeeklab/${DRONE_REPO_NAME}
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/heads/master
|
||||||
|
- refs/tags/**
|
||||||
|
depends_on:
|
||||||
|
- tags
|
||||||
|
|
||||||
|
- name: publish-quay
|
||||||
|
image: plugins/docker
|
||||||
|
settings:
|
||||||
|
dockerfile: Dockerfile
|
||||||
|
password:
|
||||||
|
from_secret: quay_password
|
||||||
|
registry: quay.io
|
||||||
|
repo: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
||||||
|
username:
|
||||||
|
from_secret: quay_username
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/heads/master
|
||||||
|
- refs/tags/**
|
||||||
|
depends_on:
|
||||||
|
- tags
|
||||||
|
|
||||||
|
- name: publish-gitea
|
||||||
|
image: plugins/gitea-release
|
||||||
|
settings:
|
||||||
|
api_key:
|
||||||
|
from_secret: gitea_token
|
||||||
|
base_url: https://gitea.rknet.org
|
||||||
|
note: CHANGELOG.md
|
||||||
|
overwrite: true
|
||||||
|
title: ${DRONE_TAG}
|
||||||
|
when:
|
||||||
|
ref:
|
||||||
|
- refs/tags/**
|
||||||
|
depends_on:
|
||||||
|
- publish-dockerhub
|
||||||
|
- publish-quay
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: pipeline
|
||||||
|
name: notifications
|
||||||
|
|
||||||
|
platform:
|
||||||
|
os: linux
|
||||||
|
arch: amd64
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: pushrm-dockerhub
|
||||||
|
pull: always
|
||||||
|
image: chko/docker-pushrm:1
|
||||||
|
environment:
|
||||||
|
DOCKER_PASS:
|
||||||
|
from_secret: docker_password
|
||||||
|
DOCKER_USER:
|
||||||
|
from_secret: docker_username
|
||||||
|
PUSHRM_FILE: README.md
|
||||||
|
PUSHRM_SHORT: Rootless Bitwarden_RS - Self-hosted password manager
|
||||||
|
PUSHRM_TARGET: thegeeklab/${DRONE_REPO_NAME}
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
|
||||||
|
- name: pushrm-quay
|
||||||
|
pull: always
|
||||||
|
image: chko/docker-pushrm:1
|
||||||
|
environment:
|
||||||
|
APIKEY__QUAY_IO:
|
||||||
|
from_secret: quay_token
|
||||||
|
PUSHRM_FILE: README.md
|
||||||
|
PUSHRM_TARGET: quay.io/thegeeklab/${DRONE_REPO_NAME}
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
|
||||||
|
- name: matrix
|
||||||
|
image: plugins/matrix
|
||||||
|
settings:
|
||||||
|
homeserver:
|
||||||
|
from_secret: matrix_homeserver
|
||||||
|
password:
|
||||||
|
from_secret: matrix_password
|
||||||
|
roomid:
|
||||||
|
from_secret: matrix_roomid
|
||||||
|
template: "Status: **{{ build.status }}**<br/> Build: [{{ repo.Owner }}/{{ repo.Name }}]({{ build.link }}) ({{ build.branch }}) by {{ build.author }}<br/> Message: {{ build.message }}"
|
||||||
|
username:
|
||||||
|
from_secret: matrix_username
|
||||||
|
when:
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
- failure
|
||||||
|
|
||||||
|
trigger:
|
||||||
|
ref:
|
||||||
|
- refs/heads/master
|
||||||
|
- refs/tags/**
|
||||||
|
status:
|
||||||
|
- success
|
||||||
|
- failure
|
||||||
|
|
||||||
|
depends_on:
|
||||||
|
- build-container
|
||||||
|
|
||||||
|
---
|
||||||
|
kind: signature
|
||||||
|
hmac: cc8a074c830055ba5b1da1d6238a9f56547502624dfe50e8596be791597649b2
|
||||||
|
|
||||||
|
...
|
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,2 +1 @@
|
|||||||
test/
|
test/
|
||||||
CHANGELOG.md
|
|
||||||
|
@ -1,47 +0,0 @@
|
|||||||
---
|
|
||||||
version: "1.1"
|
|
||||||
|
|
||||||
versioning:
|
|
||||||
update-major: []
|
|
||||||
update-minor: [feat]
|
|
||||||
update-patch: [fix, perf, refactor, chore, test, ci, docs]
|
|
||||||
|
|
||||||
tag:
|
|
||||||
pattern: "v%d.%d.%d"
|
|
||||||
|
|
||||||
release-notes:
|
|
||||||
sections:
|
|
||||||
- name: Features
|
|
||||||
commit-types: [feat]
|
|
||||||
section-type: commits
|
|
||||||
- name: Bug Fixes
|
|
||||||
commit-types: [fix]
|
|
||||||
section-type: commits
|
|
||||||
- name: Performance Improvements
|
|
||||||
commit-types: [perf]
|
|
||||||
section-type: commits
|
|
||||||
- name: Code Refactoring
|
|
||||||
commit-types: [refactor]
|
|
||||||
section-type: commits
|
|
||||||
- name: Others
|
|
||||||
commit-types: [chore]
|
|
||||||
section-type: commits
|
|
||||||
- name: Testing
|
|
||||||
commit-types: [test]
|
|
||||||
section-type: commits
|
|
||||||
- name: CI Pipeline
|
|
||||||
commit-types: [ci]
|
|
||||||
section-type: commits
|
|
||||||
- name: Documentation
|
|
||||||
commit-types: [docs]
|
|
||||||
section-type: commits
|
|
||||||
- name: BREAKING CHANGES
|
|
||||||
section-type: breaking-changes
|
|
||||||
|
|
||||||
commit-message:
|
|
||||||
footer:
|
|
||||||
issue:
|
|
||||||
key: issue
|
|
||||||
add-value-prefix: "#"
|
|
||||||
issue:
|
|
||||||
regex: "#?[0-9]+"
|
|
@ -1,6 +0,0 @@
|
|||||||
---
|
|
||||||
default: True
|
|
||||||
MD013: False
|
|
||||||
MD041: False
|
|
||||||
MD004:
|
|
||||||
style: dash
|
|
@ -1,2 +0,0 @@
|
|||||||
*.tpl.md
|
|
||||||
LICENSE
|
|
@ -1,68 +0,0 @@
|
|||||||
---
|
|
||||||
when:
|
|
||||||
- event: [pull_request, tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: binary
|
|
||||||
image: docker.io/clux/muslrust:nightly-2021-04-14
|
|
||||||
commands:
|
|
||||||
- make build
|
|
||||||
|
|
||||||
- name: security-build
|
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:3
|
|
||||||
settings:
|
|
||||||
containerfile: Containerfile
|
|
||||||
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
|
|
||||||
repo: thegeeklab/${CI_REPO_NAME}
|
|
||||||
|
|
||||||
- name: security-scan
|
|
||||||
image: ghcr.io/aquasecurity/trivy
|
|
||||||
commands:
|
|
||||||
- trivy -v
|
|
||||||
- trivy image --input oci/${CI_REPO_NAME}
|
|
||||||
environment:
|
|
||||||
TRIVY_EXIT_CODE: "1"
|
|
||||||
TRIVY_IGNORE_UNFIXED: "true"
|
|
||||||
TRIVY_NO_PROGRESS: "true"
|
|
||||||
TRIVY_SEVERITY: HIGH,CRITICAL
|
|
||||||
TRIVY_TIMEOUT: 1m
|
|
||||||
|
|
||||||
- name: publish-dockerhub
|
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:3
|
|
||||||
group: container
|
|
||||||
settings:
|
|
||||||
auto_tag: true
|
|
||||||
containerfile: Containerfile
|
|
||||||
password:
|
|
||||||
from_secret: docker_password
|
|
||||||
provenance: false
|
|
||||||
repo: thegeeklab/${CI_REPO_NAME}
|
|
||||||
username:
|
|
||||||
from_secret: docker_username
|
|
||||||
when:
|
|
||||||
- event: [tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
- name: publish-quay
|
|
||||||
image: quay.io/thegeeklab/wp-docker-buildx:3
|
|
||||||
group: container
|
|
||||||
settings:
|
|
||||||
auto_tag: true
|
|
||||||
containerfile: Containerfile
|
|
||||||
password:
|
|
||||||
from_secret: quay_password
|
|
||||||
provenance: false
|
|
||||||
registry: quay.io
|
|
||||||
repo: quay.io/thegeeklab/${CI_REPO_NAME}
|
|
||||||
username:
|
|
||||||
from_secret: quay_username
|
|
||||||
when:
|
|
||||||
- event: [tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
@ -1,25 +0,0 @@
|
|||||||
---
|
|
||||||
when:
|
|
||||||
- event: [pull_request, tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: changelog
|
|
||||||
image: quay.io/thegeeklab/git-sv
|
|
||||||
commands:
|
|
||||||
- git sv current-version
|
|
||||||
- git sv release-notes -t ${CI_COMMIT_TAG:-next} -o CHANGELOG.md
|
|
||||||
- cat CHANGELOG.md
|
|
||||||
|
|
||||||
- name: publish-gitea
|
|
||||||
image: quay.io/thegeeklab/wp-gitea-release
|
|
||||||
settings:
|
|
||||||
api_key:
|
|
||||||
from_secret: gitea_token
|
|
||||||
base_url: https://gitea.rknet.org
|
|
||||||
note: CHANGELOG.md
|
|
||||||
title: ${CI_COMMIT_TAG}
|
|
||||||
when:
|
|
||||||
- event: [tag]
|
|
@ -1,62 +0,0 @@
|
|||||||
---
|
|
||||||
when:
|
|
||||||
- event: [pull_request, tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: markdownlint
|
|
||||||
image: quay.io/thegeeklab/markdownlint-cli
|
|
||||||
group: test
|
|
||||||
commands:
|
|
||||||
- markdownlint 'README.md'
|
|
||||||
|
|
||||||
- name: spellcheck
|
|
||||||
image: quay.io/thegeeklab/alpine-tools
|
|
||||||
group: test
|
|
||||||
commands:
|
|
||||||
- spellchecker --files '_docs/**/*.md' 'README.md' -d .dictionary -p spell indefinite-article syntax-urls
|
|
||||||
environment:
|
|
||||||
FORCE_COLOR: "true"
|
|
||||||
|
|
||||||
- name: link-validation
|
|
||||||
image: docker.io/lycheeverse/lychee
|
|
||||||
group: test
|
|
||||||
commands:
|
|
||||||
- lychee --no-progress --format detailed README.md
|
|
||||||
|
|
||||||
- name: pushrm-dockerhub
|
|
||||||
image: docker.io/chko/docker-pushrm:1
|
|
||||||
secrets:
|
|
||||||
- source: docker_password
|
|
||||||
target: DOCKER_PASS
|
|
||||||
- source: docker_username
|
|
||||||
target: DOCKER_USER
|
|
||||||
environment:
|
|
||||||
PUSHRM_FILE: README.md
|
|
||||||
PUSHRM_SHORT: Custom image for the Vaultwarden LDAP connector
|
|
||||||
PUSHRM_TARGET: thegeeklab/${CI_REPO_NAME}
|
|
||||||
when:
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
status: [success]
|
|
||||||
|
|
||||||
- name: pushrm-quay
|
|
||||||
image: docker.io/chko/docker-pushrm:1
|
|
||||||
secrets:
|
|
||||||
- source: quay_token
|
|
||||||
target: APIKEY__QUAY_IO
|
|
||||||
environment:
|
|
||||||
PUSHRM_FILE: README.md
|
|
||||||
PUSHRM_TARGET: quay.io/thegeeklab/${CI_REPO_NAME}
|
|
||||||
when:
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
status: [success]
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- build-package
|
|
||||||
- build-container
|
|
@ -1,26 +0,0 @@
|
|||||||
---
|
|
||||||
when:
|
|
||||||
- event: [tag]
|
|
||||||
- event: [push, manual]
|
|
||||||
branch:
|
|
||||||
- ${CI_REPO_DEFAULT_BRANCH}
|
|
||||||
|
|
||||||
runs_on: [success, failure]
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: matrix
|
|
||||||
image: quay.io/thegeeklab/wp-matrix
|
|
||||||
settings:
|
|
||||||
homeserver:
|
|
||||||
from_secret: matrix_homeserver
|
|
||||||
password:
|
|
||||||
from_secret: matrix_password
|
|
||||||
roomid:
|
|
||||||
from_secret: matrix_roomid
|
|
||||||
username:
|
|
||||||
from_secret: matrix_username
|
|
||||||
when:
|
|
||||||
- status: [success, failure]
|
|
||||||
|
|
||||||
depends_on:
|
|
||||||
- docs
|
|
2
CHANGELOG.md
Normal file
2
CHANGELOG.md
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
- INTERNAL
|
||||||
|
- migrate to `thegeeklab` namespace
|
@ -1,26 +0,0 @@
|
|||||||
FROM docker.io/thegeeklab/alpine:latest@sha256:db2eacba26729a8d122a447a4dd1f658074b84e1d26720c54403db1ef9ee42c5
|
|
||||||
|
|
||||||
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
|
|
||||||
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"
|
|
||||||
LABEL org.opencontainers.image.title="vaultwarden-ldap"
|
|
||||||
LABEL org.opencontainers.image.url="https://gitea.rknet.org/container/vaultwarden-ldap"
|
|
||||||
LABEL org.opencontainers.image.source="https://gitea.rknet.org/container/vaultwarden-ldap"
|
|
||||||
LABEL org.opencontainers.image.documentation="https://gitea.rknet.org/container/vaultwarden-ldap"
|
|
||||||
|
|
||||||
ADD overlay/ /
|
|
||||||
|
|
||||||
RUN apk --update add ca-certificates && \
|
|
||||||
mkdir -p /app && \
|
|
||||||
rm -rf /var/cache/apk/* && \
|
|
||||||
rm -rf /tmp/* && \
|
|
||||||
chown -R app:app /app
|
|
||||||
|
|
||||||
ADD src/target/x86_64-unknown-linux-musl/release/vaultwarden_ldap /app
|
|
||||||
|
|
||||||
USER app
|
|
||||||
|
|
||||||
STOPSIGNAL SIGTERM
|
|
||||||
|
|
||||||
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
|
||||||
WORKDIR /app
|
|
||||||
CMD []
|
|
27
Dockerfile
Normal file
27
Dockerfile
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
FROM thegeeklab/alpine
|
||||||
|
|
||||||
|
LABEL maintainer="Robert Kaussow <mail@geeklabor.de>" \
|
||||||
|
org.label-schema.name="bitwardenrs_ldap" \
|
||||||
|
org.label-schema.vcs-url="https://gitea.rknet.org/docker/bitwardenrs_ldap" \
|
||||||
|
org.label-schema.vendor="Robert Kaussow" \
|
||||||
|
org.label-schema.schema-version="1.0"
|
||||||
|
|
||||||
|
ADD overlay/ /
|
||||||
|
|
||||||
|
RUN apk --update add ca-certificates && \
|
||||||
|
mkdir -p /app && \
|
||||||
|
rm -rf /var/cache/apk/* && \
|
||||||
|
rm -rf /tmp/* && \
|
||||||
|
chown -R app:app /app
|
||||||
|
|
||||||
|
ADD src/target/x86_64-unknown-linux-musl/release/bitwarden_rs_ldap /app
|
||||||
|
|
||||||
|
VOLUME /app/data
|
||||||
|
|
||||||
|
USER app
|
||||||
|
|
||||||
|
STOPSIGNAL SIGTERM
|
||||||
|
|
||||||
|
ENTRYPOINT ["/usr/local/bin/entrypoint"]
|
||||||
|
WORKDIR /app
|
||||||
|
CMD []
|
2
LICENSE
2
LICENSE
@ -1,6 +1,6 @@
|
|||||||
MIT License
|
MIT License
|
||||||
|
|
||||||
Copyright (c) 2022 Robert Kaussow <mail@thegeeklab.de>
|
Copyright (c) 2020 Robert Kaussow <mail@geeklabor.de>
|
||||||
|
|
||||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
of this software and associated documentation files (the "Software"), to deal
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
5
Makefile
5
Makefile
@ -1,5 +1,4 @@
|
|||||||
# renovate: datasource=github-releases depName=ViViDboarder/vaultwarden_ldap
|
export BUILD_VERSION ?= master
|
||||||
export BUILD_VERSION ?= v0.6.2
|
|
||||||
export DEBIAN_FRONTEND ?= noninteractive
|
export DEBIAN_FRONTEND ?= noninteractive
|
||||||
export LANG ?= C.UTF-8
|
export LANG ?= C.UTF-8
|
||||||
export TZ ?= UTC
|
export TZ ?= UTC
|
||||||
@ -14,7 +13,7 @@ build: build-src build-bin
|
|||||||
.PHONY: build-src
|
.PHONY: build-src
|
||||||
build-src:
|
build-src:
|
||||||
mkdir -p $(SRC); \
|
mkdir -p $(SRC); \
|
||||||
curl -sSL "https://github.com/ViViDboarder/vaultwarden_ldap/archive/$${BUILD_VERSION}.tar.gz" | tar xz -C $(SRC) --strip-components=1
|
curl -sSL "https://github.com/ViViDboarder/bitwarden_rs_ldap/archive/$${BUILD_VERSION}.tar.gz" | tar xz -C $(SRC) --strip-components=1
|
||||||
|
|
||||||
.PHONY: build-bin
|
.PHONY: build-bin
|
||||||
build-bin:
|
build-bin:
|
||||||
|
106
README.md
106
README.md
@ -1,40 +1,92 @@
|
|||||||
# vaultwarden-ldap
|
# bitwardenrs_ldap
|
||||||
|
|
||||||
Custom image for the Vaultwarden LDAP connector
|
Rootless Bitwarden_RS - Self-hosted password manager
|
||||||
|
|
||||||
<!-- spellchecker-disable -->
|
[![Build Status](https://img.shields.io/drone/build/docker/bitwardenrs_ldap?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/docker/bitwardenrs_ldap)
|
||||||
|
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/bitwardenrs_ldap)
|
||||||
|
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/bitwardenrs_ldap)
|
||||||
|
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/docker/bitwardenrs_ldap)
|
||||||
|
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/docker/bitwardenrs_ldap/src/branch/master/LICENSE)
|
||||||
|
|
||||||
[![Build Status](https://ci.rknet.org/api/badges/container/vaultwarden-ldap/status.svg)](https://ci.rknet.org/repos/container/vaultwarden-ldap)
|
This is a custom Docker image for [bitwarden_rs_ldap](https://github.com/ViViDboarder/bitwarden_rs_ldap) a simple LDAP connector for bitwarden_rs.
|
||||||
[![Docker Hub](https://img.shields.io/badge/dockerhub-latest-blue.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/thegeeklab/vaultwarden-ldap)
|
|
||||||
[![Quay.io](https://img.shields.io/badge/quay-latest-blue.svg?logo=docker&logoColor=white)](https://quay.io/repository/thegeeklab/vaultwarden-ldap)
|
|
||||||
[![Source: Gitea](https://img.shields.io/badge/source-gitea-blue.svg?logo=gitea&logoColor=white)](https://gitea.rknet.org/container/vaultwarden-ldap)
|
|
||||||
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE)
|
|
||||||
|
|
||||||
<!-- spellchecker-enable -->
|
## Usage
|
||||||
|
|
||||||
Custom rootless container image for [vaultwarden-ldap](https://github.com/ViViDboarder/vaultwarden_ldap) a simple LDAP connector for vaultwarden.
|
### Docker Compose
|
||||||
|
|
||||||
|
```Yaml
|
||||||
|
---
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
container_name: postgres
|
||||||
|
image: postgres
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: bitwarden
|
||||||
|
POSTGRES_PASSWORD: pass
|
||||||
|
POSTGRES_USER: user
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
container_name: ldap
|
||||||
|
image: osixia/openldap
|
||||||
|
|
||||||
|
bitwardenrs:
|
||||||
|
container_name: bitwardenrs_server
|
||||||
|
image: thegeeklab/bitwardenrs:latest
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
ports:
|
||||||
|
- "80:8080"
|
||||||
|
volumes:
|
||||||
|
- data:/app/data
|
||||||
|
environment:
|
||||||
|
BITWARDENRS_DATABASE_URL: postgresql://user:pass@postgres:5432/bitwarden
|
||||||
|
BITWARDENRS_ADMIN_TOKEN: my_secure_token
|
||||||
|
|
||||||
|
bitwardenrs_ldap:
|
||||||
|
container_name: ldap_sync
|
||||||
|
restart: always
|
||||||
|
image: thegeeklab/bitwardenrs_ldap:latest
|
||||||
|
depends_on:
|
||||||
|
- bitwardenrs
|
||||||
|
- ldap
|
||||||
|
environment:
|
||||||
|
BITWARDENRS_LDAP_BITWARDEN_URL: http://bitwardenrs_server:8080
|
||||||
|
BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN: my_secure_token
|
||||||
|
BITWARDENRS_LDAP_HOST: ldap
|
||||||
|
BITWARDENRS_LDAP_SSL: "False"
|
||||||
|
BITWARDENRS_LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
|
||||||
|
BITWARDENRS_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
|
||||||
|
BITWARDENRS_LDAP_BIND_PASSWORD: admin
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
data:
|
||||||
|
driver: local
|
||||||
|
```
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
```Shell
|
```Shell
|
||||||
VAULTWARDEN_LDAP_VAULTWARDEN_URL=
|
BITWARDENRS_LDAP_BITWARDEN_URL=
|
||||||
VAULTWARDEN_LDAP_VAULTWARDEN_ADMIN_TOKEN=
|
BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN=
|
||||||
VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE=
|
BITWARDENRS_LDAP_HOST=
|
||||||
|
BITWARDENRS_LDAP_SCHEME=
|
||||||
VAULTWARDEN_LDAP_HOST=
|
BITWARDENRS_LDAP_SSL=True
|
||||||
VAULTWARDEN_LDAP_SCHEME=
|
BITWARDENRS_LDAP_PORT=
|
||||||
VAULTWARDEN_LDAP_SSL=True
|
BITWARDENRS_LDAP_BIND_DN=
|
||||||
VAULTWARDEN_LDAP_SSL_VERIFY=True
|
BITWARDENRS_LDAP_BIND_PASSWORD=
|
||||||
VAULTWARDEN_LDAP_PORT=
|
BITWARDENRS_LDAP_SEARCH_BASE_DN=
|
||||||
VAULTWARDEN_LDAP_BIND_DN=
|
BITWARDENRS_LDAP_SEARCH_FILTER="(&(objectClass=*)(uid=*))"
|
||||||
VAULTWARDEN_LDAP_BIND_PASSWORD=
|
BITWARDENRS_LDAP_MAIL_FIELD=mail
|
||||||
VAULTWARDEN_LDAP_SEARCH_BASE_DN=
|
BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS=60
|
||||||
VAULTWARDEN_LDAP_SEARCH_FILTER="(&(objectClass=*)(uid=*))"
|
BITWARDENRS_LDAP_SYNC_LOOP=True
|
||||||
VAULTWARDEN_LDAP_MAIL_FIELD=mail
|
|
||||||
VAULTWARDEN_LDAP_SYNC_INTERVAL_SECONDS=60
|
|
||||||
VAULTWARDEN_LDAP_SYNC_LOOP=True
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## License
|
## License
|
||||||
|
|
||||||
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/container/vaultwarden-ldap/src/branch/main/LICENSE) file for details.
|
This project is licensed under the MIT License - see the [LICENSE](https://gitea.rknet.org/docker/bitwardenrs_ldap/src/branch/master/LICENSE) file for details.
|
||||||
|
|
||||||
|
## Maintainers and Contributors
|
||||||
|
|
||||||
|
[Robert Kaussow](https://gitea.rknet.org/xoxys)
|
||||||
|
48
docker-compose.yml
Normal file
48
docker-compose.yml
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
version: '3'
|
||||||
|
|
||||||
|
services:
|
||||||
|
postgres:
|
||||||
|
container_name: postgres
|
||||||
|
image: postgres
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: bitwarden
|
||||||
|
POSTGRES_PASSWORD: pass
|
||||||
|
POSTGRES_USER: user
|
||||||
|
|
||||||
|
ldap:
|
||||||
|
container_name: ldap
|
||||||
|
image: osixia/openldap
|
||||||
|
|
||||||
|
bitwardenrs:
|
||||||
|
container_name: bitwardenrs_server
|
||||||
|
image: thegeeklab/bitwardenrs:latest
|
||||||
|
depends_on:
|
||||||
|
- postgres
|
||||||
|
ports:
|
||||||
|
- "80:8080"
|
||||||
|
volumes:
|
||||||
|
- data:/app/data
|
||||||
|
environment:
|
||||||
|
BITWARDENRS_DATABASE_URL: postgresql://user:pass@postgres:5432/bitwarden
|
||||||
|
BITWARDENRS_ADMIN_TOKEN: my_secure_token
|
||||||
|
|
||||||
|
bitwardenrs_ldap:
|
||||||
|
container_name: ldap_sync
|
||||||
|
restart: always
|
||||||
|
image: thegeeklab/bitwardenrs_ldap:latest
|
||||||
|
depends_on:
|
||||||
|
- bitwardenrs
|
||||||
|
- ldap
|
||||||
|
environment:
|
||||||
|
BITWARDENRS_LDAP_BITWARDEN_URL: http://bitwardenrs_server:8080
|
||||||
|
BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN: my_secure_token
|
||||||
|
BITWARDENRS_LDAP_HOST: ldap
|
||||||
|
BITWARDENRS_LDAP_SSL: "False"
|
||||||
|
BITWARDENRS_LDAP_BIND_DN: "cn=admin,dc=example,dc=org"
|
||||||
|
BITWARDENRS_LDAP_SEARCH_BASE_DN: "dc=example,dc=org"
|
||||||
|
BITWARDENRS_LDAP_BIND_PASSWORD: admin
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
data:
|
||||||
|
driver: local
|
@ -1,22 +1,18 @@
|
|||||||
## Vaultwarden LDAP Configuration File
|
## Bitwarden_RS LDAP Configuration File
|
||||||
vaultwarden_url = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_URL" }}"
|
bitwarden_url = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_URL" }}"
|
||||||
vaultwarden_admin_token = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ADMIN_TOKEN" }}"
|
bitwarden_admin_token = "{{ getenv "BITWARDENRS_LDAP_BITWARDEN_ADMIN_TOKEN" }}"
|
||||||
{{ if (getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE") -}}
|
ldap_host = "{{ getenv "BITWARDENRS_LDAP_HOST" }}"
|
||||||
vaultwarden_root_cert_file = "{{ getenv "VAULTWARDEN_LDAP_VAULTWARDEN_ROOT_CERT_FILE" }}"
|
{{ if (getenv "BITWARDENRS_LDAP_SCHEME") -}}
|
||||||
|
ldap_scheme = "{{ getenv "BITWARDENRS_LDAP_SCHEME" }}"
|
||||||
{{ end -}}
|
{{ end -}}
|
||||||
ldap_host = "{{ getenv "VAULTWARDEN_LDAP_HOST" }}"
|
ldap_ssl = {{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }}
|
||||||
{{ if (getenv "VAULTWARDEN_LDAP_SCHEME") -}}
|
{{ if (getenv "BITWARDENRS_LDAP_PORT") -}}
|
||||||
ldap_scheme = "{{ getenv "VAULTWARDEN_LDAP_SCHEME" }}"
|
ldap_port = {{ getenv "BITWARDENRS_LDAP_PORT" }}
|
||||||
{{ end -}}
|
{{ end -}}
|
||||||
ldap_ssl = {{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}
|
ldap_bind_dn = "{{ getenv "BITWARDENRS_LDAP_BIND_DN" }}"
|
||||||
ldap_no_tls_verify = {{ not (getenv "VAULTWARDEN_LDAP_SSL_VERIFY" "true" | conv.ToBool) }}
|
ldap_bind_password = "{{ getenv "BITWARDENRS_LDAP_BIND_PASSWORD" }}"
|
||||||
{{ if (getenv "VAULTWARDEN_LDAP_PORT") -}}
|
ldap_search_base_dn = "{{ getenv "BITWARDENRS_LDAP_SEARCH_BASE_DN" }}"
|
||||||
ldap_port = {{ getenv "VAULTWARDEN_LDAP_PORT" }}
|
ldap_search_filter = "{{ getenv "BITWARDENRS_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}"
|
||||||
{{ end -}}
|
ldap_mail_field = "{{ getenv "BITWARDENRS_LDAP_MAIL_FIELD" "mail" }}"
|
||||||
ldap_bind_dn = "{{ getenv "VAULTWARDEN_LDAP_BIND_DN" }}"
|
ldap_sync_interval_seconds = {{ getenv "BITWARDENRS_LDAP_SYNC_INTERVAL_SECONDS" "60" }}
|
||||||
ldap_bind_password = "{{ getenv "VAULTWARDEN_LDAP_BIND_PASSWORD" }}"
|
ldap_sync_loop = {{ getenv "BITWARDENRS_LDAP_SYNC_LOOP" "true" | conv.Bool }}
|
||||||
ldap_search_base_dn = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_BASE_DN" }}"
|
|
||||||
ldap_search_filter = "{{ getenv "VAULTWARDEN_LDAP_SEARCH_FILTER" "(&(objectClass=*)(uid=*))" }}"
|
|
||||||
ldap_mail_field = "{{ getenv "VAULTWARDEN_LDAP_MAIL_FIELD" "mail" }}"
|
|
||||||
ldap_sync_interval_seconds = {{ getenv "VAULTWARDEN_LDAP_SYNC_INTERVAL_SECONDS" "60" }}
|
|
||||||
ldap_sync_loop = {{ getenv "VAULTWARDEN_LDAP_SYNC_LOOP" "true" | conv.ToBool }}
|
|
||||||
|
@ -1,43 +1,44 @@
|
|||||||
#!/usr/bin/env sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
# shellcheck disable=SC3040
|
|
||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
|
|
||||||
# shellcheck disable=SC1091
|
/usr/local/bin/gomplate -V -o /app/config.toml -f /etc/templates/config.toml.tmpl
|
||||||
. /usr/local/lib/log.sh
|
|
||||||
|
|
||||||
/usr/local/bin/gomplate -o /app/config.toml -f /etc/templates/config.toml.tmpl
|
if [ -z "$BITWARDENRS_LDAP_BITWARDEN_URL" ] || [ -z "$BITWARDENRS_LDAP_HOST" ]
|
||||||
|
then
|
||||||
if [ -z "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ] || [ -z "$VAULTWARDEN_LDAP_HOST" ]; then
|
printf "Error: Bitwarden and/or LDAP server not configured. Exiting ...\n"
|
||||||
log_error "Error: Vaultwarden and/or LDAP server not configured, exiting"
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" ]; then
|
if [ -n "$BITWARDENRS_LDAP_BITWARDEN_URL" ]
|
||||||
WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" scheme)
|
then
|
||||||
WAITFOR_BW_HOST=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" host)
|
WAITFOR_BW_SCHEME=$(/usr/local/bin/url-parser scheme --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
|
||||||
WAITFOR_BW_PORT=$(/usr/local/bin/url-parser --url "$VAULTWARDEN_LDAP_VAULTWARDEN_URL" port)
|
WAITFOR_BW_HOST=$(/usr/local/bin/url-parser host --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
|
||||||
|
WAITFOR_BW_PORT=$(/usr/local/bin/url-parser port --url "$BITWARDENRS_LDAP_BITWARDEN_URL")
|
||||||
|
|
||||||
if [ -z "$WAITFOR_BW_PORT" ]; then
|
if [ -z "$WAITFOR_BW_PORT" ]
|
||||||
|
then
|
||||||
[ "$WAITFOR_BW_SCHEME" = "https" ] && WAITFOR_BW_PORT=433 || WAITFOR_BW_PORT=80
|
[ "$WAITFOR_BW_SCHEME" = "https" ] && WAITFOR_BW_PORT=433 || WAITFOR_BW_PORT=80
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log_info "Wait for Vaultwarden server on '${WAITFOR_BW_HOST}:${WAITFOR_BW_PORT}'"
|
printf "Wait for bitwarden server on '%s:%s'...\n" "${WAITFOR_BW_HOST}" "${WAITFOR_BW_PORT}"
|
||||||
/usr/local/bin/wait-for "${WAITFOR_BW_HOST}":"${WAITFOR_BW_PORT}"
|
/usr/local/bin/wait-for "${WAITFOR_BW_HOST}":"${WAITFOR_BW_PORT}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$VAULTWARDEN_LDAP_HOST" ]; then
|
if [ -n "$BITWARDENRS_LDAP_HOST" ]
|
||||||
WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "VAULTWARDEN_LDAP_SSL" "true" | conv.ToBool }}')
|
then
|
||||||
|
WAITFOR_LDAP_SSL=$(/usr/local/bin/gomplate -i '{{ getenv "BITWARDENRS_LDAP_SSL" "true" | conv.Bool }}')
|
||||||
|
|
||||||
if [ -z "$VAULTWARDEN_LDAP_PORT" ]; then
|
if [ -z "$BITWARDENRS_LDAP_PORT" ]
|
||||||
[ "$WAITFOR_LDAP_SSL" = true ] && VAULTWARDEN_LDAP_PORT=636 || VAULTWARDEN_LDAP_PORT=389
|
then
|
||||||
|
[ "$WAITFOR_LDAP_SSL" = true ] && BITWARDENRS_LDAP_PORT=636 || BITWARDENRS_LDAP_PORT=389
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log_info "Wait for LDAP server on '${VAULTWARDEN_LDAP_HOST}:${VAULTWARDEN_LDAP_PORT}'"
|
printf "Wait for ldap server on '%s:%s'...\n" "${BITWARDENRS_LDAP_HOST}" "${BITWARDENRS_LDAP_PORT}"
|
||||||
/usr/local/bin/wait-for "${VAULTWARDEN_LDAP_HOST}":"${VAULTWARDEN_LDAP_PORT}"
|
/usr/local/bin/wait-for "${BITWARDENRS_LDAP_HOST}":"${BITWARDENRS_LDAP_PORT}"
|
||||||
|
|
||||||
# TODO: add delay to minimize connection errors
|
# TODO: add delay to minimize connection errors
|
||||||
sleep 10
|
sleep 10
|
||||||
fi
|
fi
|
||||||
|
|
||||||
exec env CONFIG_PATH=/app/config.toml /app/vaultwarden_ldap
|
exec env CONFIG_PATH=/app/config.toml /app/bitwarden_rs_ldap
|
||||||
|
@ -1,11 +0,0 @@
|
|||||||
{
|
|
||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
|
||||||
"extends": ["github>thegeeklab/renovate-presets:docker"],
|
|
||||||
"packageRules": [
|
|
||||||
{
|
|
||||||
"groupName": "vaultwarden ldap packages",
|
|
||||||
"matchDatasources": ["github-releases"],
|
|
||||||
"matchPackagePatterns": ["^ViViDboarder"]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
scan:
|
|
||||||
skip-files:
|
|
||||||
- /usr/local/bin/gomplate
|
|
Reference in New Issue
Block a user