diff options
author | Micah <micah@leap.se> | 2016-05-24 10:19:37 -0400 |
---|---|---|
committer | Micah <micah@leap.se> | 2016-05-24 10:19:37 -0400 |
commit | 6570cad05280d8fc9c9c22a403e1dc234ca6ab25 (patch) | |
tree | dee9a339b1a6865cb488f434ac828e27101ca4bb /manifests/tlspolicy.pp |
Squashed 'puppet/modules/postfix/' content from commit cce918f
git-subtree-dir: puppet/modules/postfix
git-subtree-split: cce918f784ebf8a8875f43c79bc3a1f39ab9456b
Diffstat (limited to 'manifests/tlspolicy.pp')
-rw-r--r-- | manifests/tlspolicy.pp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/manifests/tlspolicy.pp b/manifests/tlspolicy.pp new file mode 100644 index 00000000..d9017108 --- /dev/null +++ b/manifests/tlspolicy.pp @@ -0,0 +1,55 @@ +# +# == Class: postfix::tlspolicy +# +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines +# +# Parameters: +# - $fingerprint_digest (defaults to sha1) +# +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. +# +class postfix::tlspolicy( + $fingerprint_digest = 'sha1' +) { + + include common::moduledir + common::module_dir{'postfix/tls_policy': } + + $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" + $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" + + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', + } + + postfix::hash { '/etc/postfix/tls_policy': + source => "$postfix_merged_tlspolicy", + subscribe => File["$postfix_merged_tlspolicy"], + } + + postfix::config { + 'smtp_tls_fingerprint_digest': value => "$fingerprint_digest"; + } + + postfix::config { 'smtp_tls_policy_maps': + value => 'hash:/etc/postfix/tls_policy', + require => [ + Postfix::Hash['/etc/postfix/tls_policy'], + Postfix::Config['smtp_tls_fingerprint_digest'], + ], + } + + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + +} |