From dcaf7664ccb012f5f579be0575d0072ed720f188 Mon Sep 17 00:00:00 2001
From: 0x46616c6b <0x46616c6b@users.noreply.github.com>
Date: Wed, 18 Dec 2024 13:56:18 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=9A=20Add=20Dovecot=20to=20docker-comp?=
 =?UTF-8?q?ose.yml=20(#696)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 contrib/docker/Dockerfile.dovecot        | 45 +++++++++++++++++
 contrib/dovecot/conf.d/auth-lua.conf.ext | 14 ++++++
 contrib/dovecot/dovecot.conf             | 63 ++++++++++++++++++++++++
 docker-compose.yml                       | 16 ++++++
 4 files changed, 138 insertions(+)
 create mode 100644 contrib/docker/Dockerfile.dovecot
 create mode 100644 contrib/dovecot/conf.d/auth-lua.conf.ext
 create mode 100644 contrib/dovecot/dovecot.conf

diff --git a/contrib/docker/Dockerfile.dovecot b/contrib/docker/Dockerfile.dovecot
new file mode 100644
index 00000000..89a2ddbf
--- /dev/null
+++ b/contrib/docker/Dockerfile.dovecot
@@ -0,0 +1,45 @@
+FROM debian:12-slim
+
+ENV container=docker \
+    LC_ALL=C
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && apt-get -y install \
+  tini \
+  dovecot-core \
+  dovecot-common \
+  dovecot-imapd \
+  dovecot-pop3d \
+  dovecot-lmtpd \
+  dovecot-sieve \
+  dovecot-managesieved \
+  dovecot-submissiond \
+  dovecot-auth-lua \
+  lua-json \
+  ca-certificates \
+  ssl-cert && \
+  rm -rf /var/lib/apt/lists && \
+  groupadd -g 1000 vmail && \
+  useradd -u 1000 -g 1000 vmail -d /srv/vmail && \
+  passwd -l vmail && \
+  rm -rf /etc/dovecot && \
+  mkdir /srv/mail && \
+  chown vmail:vmail /srv/mail && \
+  make-ssl-cert generate-default-snakeoil && \
+  mkdir /etc/dovecot && \
+  mkdir /etc/dovecot/conf.d && \
+  ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dovecot/cert.pem && \
+  ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/dovecot/key.pem && \
+  ln -s /usr/share/lua/5.3/json.lua /usr/share/lua/5.4/json.lua && \
+  ln -s /usr/share/lua/5.3/json /usr/share/lua/5.4/json
+
+EXPOSE 24
+EXPOSE 110
+EXPOSE 143
+EXPOSE 587
+EXPOSE 990
+EXPOSE 993
+EXPOSE 4190
+
+ENTRYPOINT ["/usr/bin/tini", "--"]
+CMD ["/usr/sbin/dovecot", "-F"]
diff --git a/contrib/dovecot/conf.d/auth-lua.conf.ext b/contrib/dovecot/conf.d/auth-lua.conf.ext
new file mode 100644
index 00000000..91d532e5
--- /dev/null
+++ b/contrib/dovecot/conf.d/auth-lua.conf.ext
@@ -0,0 +1,14 @@
+# Authentication for userli
+
+import_environment=MAIL_CRYPT USERLI_API_ACCESS_TOKEN USERLI_HOST DOVECOT_LUA_DEBUG DOVECOT_LUA_INSECURE
+
+passdb {
+  driver = lua
+  args = file=/usr/local/bin/userli.lua blocking=yes
+}
+
+# The userdb below is used only by lda.
+userdb {
+  driver = lua
+  args = file=/usr/local/bin/userli.lua blocking=yes
+}
diff --git a/contrib/dovecot/dovecot.conf b/contrib/dovecot/dovecot.conf
new file mode 100644
index 00000000..b70b7c59
--- /dev/null
+++ b/contrib/dovecot/dovecot.conf
@@ -0,0 +1,63 @@
+## You should mount /etc/dovecot if you want to
+## manage this file
+
+mail_home=/srv/mail/%Lu
+mail_location=sdbox:~/Mail
+mail_uid=1000
+mail_gid=1000
+
+protocols = imap pop3 submission sieve lmtp
+
+first_valid_uid = 1000
+last_valid_uid = 1000
+
+ssl=yes
+ssl_cert=<cert.pem
+ssl_key=<key.pem
+
+namespace {
+  inbox = yes
+  separator = /
+}
+
+service lmtp {
+  inet_listener {
+    port = 24
+  }
+}
+
+service imap-login {
+  process_min_avail = 1
+  client_limit = 1000
+  service_count = 0
+}
+
+service pop3-login {
+  process_min_avail = 1
+  client_limit = 1000
+  service_count = 0
+}
+
+service submission-login {
+  process_min_avail = 1
+  client_limit = 1000
+  service_count = 0
+}
+
+service managesieve-login {
+  process_min_avail = 1
+  client_limit = 1000
+  service_count = 0
+}
+
+listen = *
+
+log_path=/dev/stdout
+info_log_path=/dev/stdout
+debug_log_path=/dev/stdout
+
+verbose_proctitle = yes
+
+disable_plaintext_auth = yes
+
+!include conf.d/auth-lua.conf.ext
diff --git a/docker-compose.yml b/docker-compose.yml
index cf1411e2..5e269374 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -25,6 +25,22 @@ services:
     networks:
         - userli
 
+  dovecot:
+    build:
+      context: contrib/docker
+      dockerfile: Dockerfile.dovecot
+    environment:
+      MAIL_CRYPT: 2
+      USERLI_HOST: userli
+      USERLI_API_ACCESS_TOKEN: insecure
+      DOVECOT_LUA_INSECURE: true
+    volumes:
+      - ./contrib/dovecot/dovecot.conf:/etc/dovecot/dovecot.conf:ro
+      - ./contrib/dovecot/conf.d:/etc/dovecot/conf.d:ro
+      - ./contrib/dovecot/userli.lua:/usr/local/bin/userli.lua:ro
+    networks:
+      - userli
+
 networks:
   userli: