diff options
author | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2014-04-22 14:13:46 -0400 |
commit | 327d5c934e408f90011d7949b89ab01fed88998e (patch) | |
tree | 77cfefffc8f9ffe160c4413b26dd5ca5cdd6f1e8 /puppet/modules/site_postfix/manifests/mx.pp | |
parent | ca11482dd7cd4ea8ffa69407ee2fd5b5e1b7981b (diff) | |
parent | 4295f334ea4f92d7fb47f7121a42633630c368d1 (diff) |
Merge branch 'develop' (0.5.0)
Conflicts:
.gitignore
Change-Id: I778f3e1f1f4832f5894bc149ead67e9a4becf304
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx.pp')
-rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp new file mode 100644 index 00000000..bdfee665 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -0,0 +1,74 @@ +class site_postfix::mx { + + $domain_hash = hiera ('domain') + $domain = $domain_hash['full_suffix'] + $host_domain = $domain_hash['full'] + $cert_name = hiera('name') + $mynetworks = join(hiera('mynetworks'), ' ') + + $root_mail_recipient = hiera ('contacts') + $postfix_smtp_listen = 'all' + + include site_config::x509::cert + include site_config::x509::key + include site_config::x509::client_ca::ca + include site_config::x509::client_ca::key + + postfix::config { + 'mynetworks': + value => "127.0.0.0/8 [::1]/128 [fe80::]/64 ${mynetworks}"; + 'mydestination': + value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; + 'myhostname': + value => $host_domain; + 'mailbox_size_limit': + value => '0'; + 'home_mailbox': + value => 'Maildir/'; + 'virtual_alias_maps': + value => 'tcp:localhost:4242'; + 'luser_relay': + value => 'vmail'; + 'smtpd_tls_received_header': + value => 'yes'; + # Note: we are setting this here, instead of in site_postfix::mx::smtp_tls + # because the satellites need to have a different value + 'smtp_tls_security_level': + value => 'may'; + } + + include site_postfix::mx::smtpd_checks + include site_postfix::mx::checks + include site_postfix::mx::smtp_tls + include site_postfix::mx::smtpd_tls + include site_postfix::mx::reserved_aliases + + # greater verbosity for debugging, take out for production + #include site_postfix::debug + + user { 'vmail': + ensure => present, + comment => 'Leap Mailspool', + home => '/var/mail/vmail', + shell => '/bin/false', + managehome => true, + } + + class { 'postfix': + preseed => true, + root_mail_recipient => $root_mail_recipient, + smtp_listen => 'all', + mastercf_tail => + "smtps inet n - - - - smtpd + -o smtpd_tls_wrappermode=yes + -o smtpd_tls_security_level=encrypt + -o smtpd_recipient_restrictions=\$smtps_recipient_restrictions + -o smtpd_helo_restrictions=\$smtps_helo_restrictions", + require => [ + Class['Site_config::X509::Key'], + Class['Site_config::X509::Cert'], + Class['Site_config::X509::Client_ca::Key'], + Class['Site_config::X509::Client_ca::Ca'], + User['vmail'] ] + } +} |