Add Gerrit email account and send-email configuration
We'll have to store Gerrit's email credentials in plain text. Protecting
from outside connections using these in case they'd ever leak is tricky.
We match the account `gerrit@...` in `user.access` and then the local IP
address of the gerrit container in `gerrit-client.access`, only allowing
authenticated users (`permit_sasl_authenticated`) from this IP.
Alternatively, we could use `permit` which would allow the whole gerrit
container to send emails from `gerrit@...` without login. Then the setup
would also allow more efficient, plain-text communication between Gerrit
and Postfix. The password would still be needed to login to IMAP (assu-
ming no further, invasive changes).
diff --git a/gerrit/Dockerfile.entrypoint b/gerrit/Dockerfile.entrypoint
index 6aa141b..3aa8ae1 100644
--- a/gerrit/Dockerfile.entrypoint
+++ b/gerrit/Dockerfile.entrypoint
@@ -3,7 +3,7 @@
set -e
# Allows us to bind mount arbitrary owned files
-chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache}/
+chown -R gerrit:gerrit /var/gerrit/{logs,etc,db,git,index,cache,passwd}/
# Drop privileges as we set `USER root` only to change file permissions
exec setpriv --reuid=gerrit --regid=gerrit --init-groups --inh-caps=-all /unprivileged.sh "$@"