Move from gitlab-ci to drone

Use registry cache
Signed-off-by: René Jochum <rene@jochum.dev>
5 changed files with 51 additions and 27 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -0,0 +1,25 @@
+---
+kind: pipeline
+type: docker
+name: default
+
+platform:
+  os: linux
+  arch: amd64
+
+trigger:
+  event:
+  - cron
+  - custom
+  - tag
+
+steps:
+- name: build
+  image: plugins/docker
+  settings:
+    registry: registry.fk.jochum.dev
+    username: robot$mail+drone
+    password: 
+      from_secret: registry.fk.jochum.dev-robot
+    repo: registry.fk.jochum.dev/mail/postfix
+    auto_tag: true
--- a/.rancher-pipeline.yml
+++ b/.rancher-pipeline.yml
@ -1,19 +0,0 @@
-stages:
- name: build_and_publish
-  steps:
-  - publishImageConfig:
-      dockerfilePath: ./Dockerfile
-      buildContext: .
-      tag: registry.jochum.dev/jochum/postfix:${CICD_GIT_TAG}
-      pushRemote: true
-      registry: registry.jochum.dev
-timeout: 60
-notification:
-  recipients:
-  - recipient: rene@jochum.dev
-    notifier: local:n-wnbgn
-  condition:
-  - Success
-  - Changed
-  - Failed
-    
--- a/18
+++ b/18
@ -1,8 +1,22 @@
-FROM registry.jochum.dev/jochum/debian-apt-cacher:buster-slim
+FROM registry.fk.jochum.dev/docker_hub_cache/library/debian:bullseye-slim

 LABEL maintainer "René Jochum <rene@jochum.dev>"

-RUN echo "postfix postfix/mailname string mail.example.com" | debconf-set-selections && \
+ENV DEBIAN_FRONTEND noninteractive
+
+# Configure Proxy
+RUN set -ex; \
+    sed -i 's/deb.debian.org/ftp.ch.debian.org/g' /etc/apt/sources.list && \
+    apt-get update --allow-releaseinfo-change && \
+    apt-get install -qy netcat-openbsd && \
+    sed -i 's/ftp.ch.debian.org/deb.debian.org/g' /etc/apt/sources.list || exit 0 && \
+    if [ -z "$APT_CACHER" ]; then APT_CACHER="apt-cacher.apt-cacher.svc.cluster.local"; fi && \
+    if nc -w1 -z $APT_CACHER 3142 1>/dev/null 2>&1; then \
+    echo 'Acquire::HTTP::Proxy "http://'$APT_CACHER':3142";' >> /etc/apt/apt.conf.d/01proxy && \
+    echo 'Acquire::HTTPS::Proxy "false";' >> /etc/apt/apt.conf.d/01proxy; else exit 0; fi
+
+RUN set -ex; \
+    echo "postfix postfix/mailname string mail.example.com" | debconf-set-selections && \
    echo "postfix postfix/main_mailer_type string 'No configuration'" | debconf-set-selections && \
    apt-get update --allow-releaseinfo-change && \
    apt-get install -qy -o 'DPkg::Options::=--force-confold' -o 'DPkg::Options::=--force-confdef' postfix postfix-pgsql postfix-mysql postfix-pcre python3-minimal python3-jinja2
--- a/Readme.md
+++ b/Readme.md
@ -39,4 +39,4 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO postfix;

 ## Links

- [HOWTO this is based on](https://kuther.net/2011/11/15/soho-mailserver-with-postfix-postgresql-dovecot-spamassassin-roundcube/)
+- [HOWTO this is based on](https://kuther.net/2011/11/15/soho-mailserver-with-postfix-postgresql-dovecot-spamassassin-roundcube/)
--- a/conf/main.cf.jinja
+++ b/conf/main.cf.jinja
@ -4,14 +4,14 @@ compatibility_level=2
 myhostname = {{ HOSTNAME }}
 mydomain = {{ MYDOMAIN }}
 mydestination = $myhostname, localhost
-# mynetworks = 192.168.1.0/24, 127.0.0.0/8
 mynetworks = 127.0.0.1/32 [::1]/128 {{ SUBNET }} {{ RELAY_NETS }}
 myorigin = $mydomain
 relay_domains = proxy:{{ SQL_TYPE }}:/etc/postfix/sql/relay_domains.cf
-maillog_file = /dev/stdout
+maillog_file_prefixes = /logs
+maillog_file = /logs/postfix.log

 # In kube we don't often don't have a stable outgoing IP Address, use a relayhost for this.
-relayhost = {{ RELAY_HOST }}
+{% if RELAY_HOST is defined %}relayhost = {{ RELAY_HOST }}{% endif %}

 # enable auth via Dovecot
 smtpd_sasl_auth_enable = yes
@ -34,9 +34,12 @@ virtual_transport=lmtp:inet:{{ DOVECOT_HOST }}:{{ DOVECOT_LMTP_PORT }}
 local_transport = virtual
 local_recipient_maps = $virtual_mailbox_maps

+# SPAM scanner
+{% if SMTPD_MILTERS is defined %}smtpd_milters = {{ SMTPD_MILTERS }}{% endif %}
+
 # TLS server (receiving)
 smtpd_tls_auth_only = yes
-smtpd_tls_security_level = encrypt
+smtpd_tls_security_level = {% if SMTPD_TLS_SECURITY_LEVEL is defined %}{{ SMTPD_TLS_SECURITY_LEVEL }}{% else %}encrypt{% endif %}
 smtpd_tls_key_file = /cert/tls.key
 smtpd_tls_cert_file = /cert/tls.crt
 #smtpd_tls_CAfile = /cert/ca.crt
@ -60,7 +63,8 @@ smtpd_recipient_restrictions =
                permit_sasl_authenticated,
                reject_unauth_destination,
                reject_non_fqdn_recipient,
-                reject_unknown_recipient_domain
+                reject_unknown_recipient_domain,
+                permit
 smtpd_relay_restrictions =
                permit_sasl_authenticated,
                reject_unauth_destination
Author	SHA1	Message	Date
René Jochum	a554129021	Move from gitlab-ci to drone	2 years ago
René Jochum	0eed3c3e7e	Use registry cache Signed-off-by: René Jochum <rene@jochum.dev>	2 years ago
René Jochum	b244fe745f	Add .gitlab-ci.yml, remove own registry Signed-off-by: René Jochum <rene@jochum.dev>	2 years ago
René Jochum	43b7650f72	Final fix recipient restrictions Signed-off-by: René Jochum <rene@jochum.dev>	4 years ago
René Jochum	601adaf4b2	Gitlab.... Signed-off-by: René Jochum <rene@jochum.dev>	4 years ago