diff options
| author | Micah <micah@leap.se> | 2016-07-12 16:46:25 -0400 |
|---|---|---|
| committer | Micah <micah@leap.se> | 2016-07-12 16:46:25 -0400 |
| commit | 5247b7ccf5b5889ee16262dd976b03047e34e32c (patch) | |
| tree | c2a8483ac22f75d842ebc3ad6f3c6f24954b9cef /puppet/modules/postfix/manifests/tlspolicy.pp | |
| parent | d8a8d30b04d34387f309d9f5b7afdbcad01f7cbc (diff) | |
git subrepo clone https://leap.se/git/puppet_postfix puppet/modules/postfix
subrepo:
subdir: "puppet/modules/postfix"
merged: "cce918f"
upstream:
origin: "https://leap.se/git/puppet_postfix"
branch: "master"
commit: "cce918f"
git-subrepo:
version: "0.3.0"
origin: "https://github.com/ingydotnet/git-subrepo"
commit: "1e79595"
Change-Id: I325a79fe1780ee6a5d61959310cf8e52c9a6896f
Diffstat (limited to 'puppet/modules/postfix/manifests/tlspolicy.pp')
| -rw-r--r-- | puppet/modules/postfix/manifests/tlspolicy.pp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/puppet/modules/postfix/manifests/tlspolicy.pp b/puppet/modules/postfix/manifests/tlspolicy.pp new file mode 100644 index 00000000..d9017108 --- /dev/null +++ b/puppet/modules/postfix/manifests/tlspolicy.pp @@ -0,0 +1,55 @@ +# +# == Class: postfix::tlspolicy +# +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines +# +# Parameters: +# - $fingerprint_digest (defaults to sha1) +# +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. +# +class postfix::tlspolicy( + $fingerprint_digest = 'sha1' +) { + + include common::moduledir + common::module_dir{'postfix/tls_policy': } + + $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" + $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" + + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', + } + + postfix::hash { '/etc/postfix/tls_policy': + source => "$postfix_merged_tlspolicy", + subscribe => File["$postfix_merged_tlspolicy"], + } + + postfix::config { + 'smtp_tls_fingerprint_digest': value => "$fingerprint_digest"; + } + + postfix::config { 'smtp_tls_policy_maps': + value => 'hash:/etc/postfix/tls_policy', + require => [ + Postfix::Hash['/etc/postfix/tls_policy'], + Postfix::Config['smtp_tls_fingerprint_digest'], + ], + } + + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + +} |