doveauth: switch from lua authentication to dict authentication

Co-Authored-By: holger krekel <holger@merlinux.eu> Co-Authored-By: link2xt <link2xt@testrun.org>
2026-05-18 16:58:59 +00:00 · 2023-10-14 19:19:00 +02:00
parent f85e4cdbd5
commit 247eb55886
13 changed files with 152 additions and 166 deletions
--- a/chatmail-pyinfra/src/chatmail/init.py
+++ b/chatmail-pyinfra/src/chatmail/init.py
@@ -12,7 +12,7 @@ from .acmetool import deploy_acmetool

 def _install_doveauth() -> None:
    """Setup chatctl."""
-    doveauth_filename = "doveauth-0.1.tar.gz"
+    doveauth_filename = "doveauth-0.2.tar.gz"
    doveauth_path = importlib.resources.files(__package__).joinpath(
        f"../../../dist/{doveauth_filename}"
    )
@@ -30,6 +30,24 @@ def _install_doveauth() -> None:
            commands=[f"pip install --break-system-packages {remote_path}"],
        )

+        files.put(
+            src=importlib.resources.files("doveauth")
+            .joinpath("doveauth-dictproxy.service")
+            .open("rb"),
+            dest="/etc/systemd/system/doveauth-dictproxy.service",
+            user="root",
+            group="root",
+            mode="644",
+        )
+        systemd.service(
+            name="Setup doveauth-dictproxy service",
+            service="doveauth-dictproxy.service",
+            running=True,
+            enabled=True,
+            restarted=True,
+            daemon_reload=True,
+        )
+

 def _install_filtermail() -> None:
    """Setup filtermail."""
@@ -152,16 +170,14 @@ def _configure_dovecot(mail_server: str) -> bool:
        config={"hostname": mail_server},
    )
    need_restart |= main_config.changed
-
-    # luarocks install http lpeg_patterns fifo
-    auth_script = files.put(
-        src=importlib.resources.files("doveauth").joinpath("doveauth.lua"),
-        dest="/etc/dovecot/doveauth.lua",
+    auth_config = files.put(
+        src=importlib.resources.files(__package__).joinpath("dovecot/auth.conf"),
+        dest="/etc/dovecot/auth.conf",
        user="root",
        group="root",
        mode="644",
    )
-    need_restart |= auth_script.changed
+    need_restart |= auth_config.changed

    return need_restart

@@ -196,11 +212,7 @@ def deploy_chatmail(mail_domain: str, mail_server: str, dkim_selector: str) -> N

    apt.packages(
        name="Install Dovecot",
-        packages=[
-            "dovecot-imapd",
-            "dovecot-lmtpd",
-            "dovecot-auth-lua",
-        ],
+        packages=["dovecot-imapd", "dovecot-lmtpd"],
    )

    apt.packages(
--- a/chatmail-pyinfra/src/chatmail/dovecot/auth.conf
+++ b/chatmail-pyinfra/src/chatmail/dovecot/auth.conf
@@ -0,0 +1,5 @@
+uri = proxy:/run/dovecot/doveauth.socket:auth
+iterate_disable = yes
+default_pass_scheme = plain
+password_key = passdb/%w
+user_key = userdb/%u
--- a/chatmail-pyinfra/src/chatmail/dovecot/dovecot.conf.j2
+++ b/chatmail-pyinfra/src/chatmail/dovecot/dovecot.conf.j2
@@ -11,14 +11,13 @@ auth_verbose_passwords = plain

 # Authentication for system users.
 passdb {
-  driver = lua
-  args = file=/etc/dovecot/doveauth.lua
+  driver = dict
+  args = /etc/dovecot/auth.conf
 }
 userdb {
-  driver = lua
-  args = file=/etc/dovecot/doveauth.lua
+  driver = dict
+  args = /etc/dovecot/auth.conf
 }
-
 ##
 ## Mailbox locations and namespaces
 ##