diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..875ea75 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,27 @@ +--- +kind: pipeline +name: default + +steps: + - name: build image only + image: plugins/docker + settings: + repo: eumau/opendkim + auto_tag: true + dry_run: true + when: + ref: + - refs/pull/** + + - name: build and publish image + image: plugins/docker + settings: + repo: eumau/opendkim + auto_tag: true + username: + from_secret: dockerhub_username + password: + from_secret: dockerhub_password + when: + branch: + - master diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..adac7f9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +\#* +.#* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..e9602bf --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +FROM debian:buster-slim +ARG REMCO_VER=0.11.1 +RUN apt-get update \ + && DEBIAN_FRONTEND=noninteractive apt-get install -y \ + opendkim opendkim-tools wget unzip \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \ + && wget https://github.com/HeavyHorst/remco/releases/download/v${REMCO_VER}/remco_${REMCO_VER}_linux_amd64.zip \ + && unzip remco_${REMCO_VER}_linux_amd64.zip \ + && rm remco_${REMCO_VER}_linux_amd64.zip \ + && mv remco_linux /bin/remco +COPY config /etc/remco/config +COPY opendkim_setup.tmpl /etc/remco/templates/opendkim_setup.tmpl +EXPOSE 8891 +ENTRYPOINT ["remco"] diff --git a/config b/config new file mode 100644 index 0000000..08462fb --- /dev/null +++ b/config @@ -0,0 +1,20 @@ +log_level = "info" +log_format = "text" + +[[resource]] +name = "opendkim" +start_cmd = "/usr/local/sbin/opendkim_setup" + +[resource.exec] +command = "/usr/sbin/opendkim -f -x /etc/opendkim.conf" + +[[resource.template]] +src = "/etc/remco/templates/opendkim_setup.tmpl" +dst = "/usr/local/sbin/opendkim_setup" +mode = "0700" + +[resource.backend] +[resource.backend.env] +keys = ["/dkimkey"] +watch = false +onetime = true diff --git a/opendkim_setup.tmpl b/opendkim_setup.tmpl new file mode 100644 index 0000000..1ffc173 --- /dev/null +++ b/opendkim_setup.tmpl @@ -0,0 +1,41 @@ +#!/bin/bash + +# setup opendkim configuration and domains +mkdir -p /etc/dkimkeys +truncate -s0 /etc/dkimkeys/{keytable,signingtable,trustedhosts} + +cat - < /etc/opendkim.conf +KeyTable file:/etc/dkimkeys/keytable +SigningTable refile:/etc/dkimkeys/signingtable +InternalHosts refile:/etc/dkimkeys/trustedhosts +Socket inet:8891@0.0.0.0 +OversignHeaders From +TrustAnchorFile /usr/share/dns/root.key +UserID opendkim +EOF + +cat - < /etc/dkimkeys/trustedhosts +0.0.0.0/0 +* +EOF + +{% for domain in lsdir("/dkimkey") %} + +mkdir -p /etc/dkimkeys/{{ domain }} + +{% for selector in ls(printf ("/dkimkey/%s", domain)) %} + +echo '{{ selector }}._domainkey.{{ domain }} {{ domain }}:{{ selector }}:/etc/dkimkeys/{{ domain }}/{{ selector }}.private' >> /etc/dkimkeys/keytable +echo '*@{{ domain }} {{ selector }}._domainkey.{{ domain }}' >> /etc/dkimkeys/signingtable +cat - < /etc/dkimkeys/{{ domain }}/{{ selector }}.private +{% for keyline in (replace(getv(printf("/dkimkey/%s/%s",domain,selector)),"\\n","!",-1)|split:"!") %} +{{ keyline }} +{% endfor %} +EOKEY + +{% endfor %} + +chown -R opendkim:opendkim /etc/dkimkeys/{{ domain }} +chmod -R u+rw,go-rw /etc/dkimkeys/{{ domain }} + +{% endfor %}