Email Submission to GitLab in a Synology Docker Image

I realise this is quite a specific post; this is mainly for posterity.

I have a Synology box running this docker image for GitLab. I also have some interest in configuring GitLab to receive emails from a specified mailbox, and create new issues upon receipt of an email.

This is possible with the docker image, using variables such as IMAP_USER as described in the gitlab docker page.

When this is all set up, the docker image fails to start its mail client. You will need to log in to the docker image, by first running docker ps. This will allow you to obtain the CONTAINER_ID of the docker image.

This will allow you to obtain a shell for the docker image, by typing docker exec -it CONTAINER_ID bash.

Then, on the docker image, run sudo -u git -H RAILS_ENV=production bin/mail_room start. This will start the mail_room, and if configured correctly, your docker image should start polling the configured IMAP server.

Reconnecting Ubiquiti OpenVPN connections

I have owned a Ubiquiti EdgeRouter Lite for more than a year, and continue to be impressed at its versatility. It's three gigabit ports that you can do almost any conceivable thing with. Currently I am using it to route all of my internet traffic through a VPN with Private Internet Access. This is straightforward to set up, but can be annoying for me (and even worse, the people I live with who don't have ssh), when the connection is dropped. A quick reboot is enough; but I wanted something automated.

Setup

Currently I have my config files in /config/auth/pia/melbourne2.ovpn. I created a shell script in /config/auth/pia/restart.sh:

#!/bin/bash

curl -s --connect-timeout 5 http://google.com > /dev/null
if [[ $? -eq 0 ]]; then
 echo "Online"
else
 pkill -f /usr/sbin/openvpn
 /usr/sbin/openvpn --daemon --verb 3 --writepid /var/run/openvpn-vtun0.pid --status /var/run/openvpn/status/vtun0.status 30 --config /config/auth/pia/melbourne2.ovpn --dev-type tun --dev vtun0
fi

chmod +x restart.sh will make this file executable.

This script looks to see if Google is contactable from the router, and uses this test to determine if the VPN is offline. If vtun0 is determined to be offline, then the openvpn process is killed, and restarted.

The router does have a a facility to set up scheduled tasks, but to me it was a little opaque. Login to your router as root, and edit the file /etc/crontab. Add the following line below the others:

* *     * * *   root    /config/auth/pia/restart.sh

The restart.sh script will be run every minute. Next time your internet drops out, you VPN connection should be re-established around a minute or so after your internet is.

S/MIME Self-Encrypt Patch for Mutt

To save sent items when using S/MIME, the item must be encrypted using a different key than the one for sending the message. When using Mutt, this is not a feature that's not available in the base installation. A patch is required. This patch works for mutt-1.6.2:

diff -pruN mutt-1.6.2-orig/PATCHES mutt-1.6.2/PATCHES
--- mutt-1.6.2-orig/PATCHES 2016-07-07 03:35:02.000000000 +1000
+++ mutt-1.6.2/PATCHES 2016-09-30 18:23:31.000000000 +1000
@@ -0,0 +1 @@
+patch-1.5.6.ow.smime-encrypt-self.2
diff -pruN mutt-1.6.2-orig/crypt.c mutt-1.6.2/crypt.c
--- mutt-1.6.2-orig/crypt.c 2016-07-07 03:35:18.000000000 +1000
+++ mutt-1.6.2/crypt.c 2016-09-30 18:22:09.000000000 +1000
@@ -231,8 +231,18 @@ int mutt_protect (HEADER *msg, char *key
if ((WithCrypto & APPLICATION_SMIME)
&& (msg->security & APPLICATION_SMIME))
{
- if (!(tmp_pbody = crypt_smime_build_smime_entity (tmp_smime_pbody,
- keylist)))
+ char *new_keylist = keylist;
+
+ if (SmimeDefaultKey && query_quadoption(OPT_SMIMEENCRYPTSELF, _("Encrypt message to S/MIME Default Key also?")) == M_YES)
+ {
+ int size = mutt_strlen(keylist) + mutt_strlen (SmimeDefaultKey) + 2; /* +1 for NULL, +1 for \n */
+ new_keylist = safe_malloc(size);
+ snprintf(new_keylist, size, "%s%s\n", keylist, SmimeDefaultKey);
+ }
+
+ tmp_pbody = crypt_smime_build_smime_entity (tmp_smime_pbody, new_keylist);
+ safe_free((void **)&new_keylist);
+ if (!tmp_pbody)
{
/* signed ? free it! */
return (-1);
diff -pruN mutt-1.6.2-orig/init.h mutt-1.6.2/init.h
--- mutt-1.6.2-orig/init.h 2016-07-07 03:35:18.000000000 +1000
+++ mutt-1.6.2/init.h 2016-09-30 18:22:31.000000000 +1000
@@ -2914,6 +2914,11 @@ struct option_t MuttVars[] = {
** possible \fCprintf(3)\fP-like sequences.
** (S/MIME only)
*/
+ { "smime_encrypt_self", DT_QUAD, R_NONE, OPT_SMIMEENCRYPTSELF, M_YES },
+ /*
+ ** .pp
+ ** Encrypt the message to smime_default_key too.
+ */
{ "smime_timeout", DT_NUM, R_NONE, UL &SmimeTimeout, 300 },
/*
** .pp
diff -pruN mutt-1.6.2-orig/mutt.h mutt-1.6.2/mutt.h
--- mutt-1.6.2-orig/mutt.h 2016-07-07 03:35:18.000000000 +1000
+++ mutt-1.6.2/mutt.h 2016-09-30 18:22:48.000000000 +1000
@@ -275,6 +275,7 @@ enum
OPT_QUIT,
OPT_REPLYTO,
OPT_RECALL,
+ OPT_SMIMEENCRYPTSELF, /* Encrypt the message to self also */
#if defined(USE_SSL)
OPT_SSLSTARTTLS,
#endif

If you're using homebrew as per this post, you can edit your homebrew file as follows:

 patch do
 url "file:///path/to/smime.patch"
 sha256 "bb498405d71eb3eb48f91be7a0c1a3147b5961407a2ad26ae925700f45e3c6e1"
 end if build.with? "smime-self-patch"