summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2015-08-31 12:22:56 -0700
committerelijah <elijah@riseup.net>2015-08-31 12:22:56 -0700
commitbe8f7335cc273f85a1949557962dd65d88548679 (patch)
tree4fd4fdbed428f62358c1e930722f0b02a66b294b
parent4f42910a6792ec3016aa6f9d0792801f75972a62 (diff)
parentb5fbda1ca3832043e1636ee964a806ff222cb05f (diff)
Merge branch 'feature/mxalias' into develop
m---------puppet/modules/postfix0
-rw-r--r--puppet/modules/site_postfix/manifests/mx.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp15
-rw-r--r--puppet/modules/site_postfix/manifests/mx/static_aliases.pp58
-rw-r--r--puppet/modules/site_postfix/templates/custom-aliases.erb11
5 files changed, 71 insertions, 16 deletions
diff --git a/puppet/modules/postfix b/puppet/modules/postfix
-Subproject f09cd0eff2bcab7e12c09ec67be3c918bc83fac
+Subproject 53572a8934fe5b0a3a567cdec10664f28892373
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp
index af0f9f56..334d04d0 100644
--- a/puppet/modules/site_postfix/manifests/mx.pp
+++ b/puppet/modules/site_postfix/manifests/mx.pp
@@ -51,7 +51,7 @@ class site_postfix::mx {
include site_postfix::mx::checks
include site_postfix::mx::smtp_tls
include site_postfix::mx::smtpd_tls
- include site_postfix::mx::reserved_aliases
+ include site_postfix::mx::static_aliases
# greater verbosity for debugging, take out for production
#include site_postfix::debug
@@ -68,6 +68,7 @@ class site_postfix::mx {
preseed => true,
root_mail_recipient => $root_mail_recipient,
smtp_listen => 'all',
+ default_alias_maps => false,
mastercf_tail =>
"smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
diff --git a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp
deleted file mode 100644
index 83e27376..00000000
--- a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp
+++ /dev/null
@@ -1,15 +0,0 @@
-# Defines which mail addresses shouldn't be available and where they should fwd
-class site_postfix::mx::reserved_aliases {
-
- postfix::mailalias {
- [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
- 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
- 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
- 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
- 'www-data',
- ]:
- ensure => present,
- recipient => 'root'
- }
-
-}
diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
new file mode 100644
index 00000000..786d74c1
--- /dev/null
+++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
@@ -0,0 +1,58 @@
+#
+# Defines static, hard coded aliases that are not in the database.
+#
+
+class site_postfix::mx::static_aliases {
+
+ $mx = hiera('mx')
+ $aliases = $mx['aliases']
+
+ #
+ # Predefined aliases.
+ #
+ # Defines which mail addresses shouldn't be available and where they should
+ # fwd
+ #
+ # TODO: reconcile this with the node property webapp.forbidden_usernames
+ #
+ # NOTE: if you remove one of these, they will still appear in the
+ # /etc/aliases file
+ #
+ postfix::mailalias {
+ [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
+ 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
+ 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
+ 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
+ 'www-data',
+ ]:
+ ensure => present,
+ recipient => 'root'
+ }
+
+ #
+ # Custom aliases.
+ #
+ # This does not use the puppet mailalias resource because we want to be able
+ # to guarantee the contents of the alias file. This is needed so if you
+ # remove an alias from the node's config, it will get removed from the alias
+ # file.
+ #
+
+ # both alias files must be listed under "alias_database", because once you
+ # specify one, then `newaliases` no longer will default to updating
+ # "/etc/aliases.db".
+ postfix::config {
+ 'alias_database':
+ value => "/etc/aliases, /etc/postfix/custom-aliases";
+ 'alias_maps':
+ value => "hash:/etc/aliases, hash:/etc/postfix/custom-aliases";
+ }
+
+ file { '/etc/postfix/custom-aliases':
+ content => template('site_postfix/custom-aliases.erb'),
+ owner => root,
+ group => root,
+ mode => 0600,
+ notify => Exec['newaliases']
+ }
+}
diff --git a/puppet/modules/site_postfix/templates/custom-aliases.erb b/puppet/modules/site_postfix/templates/custom-aliases.erb
new file mode 100644
index 00000000..f261514b
--- /dev/null
+++ b/puppet/modules/site_postfix/templates/custom-aliases.erb
@@ -0,0 +1,11 @@
+#
+# This file is managed by puppet.
+#
+# This is a map of custom, non-standard aliases. The contents of this file
+# are derived from the node property `mx.aliases`.
+#
+
+<%- @aliases.keys.sort.each do |from| -%>
+"<%= from %>": "<%= [@aliases[from]].flatten.join('", "') %>"
+<%- end -%>
+