summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2013-12-17 12:57:20 -0500
committerMicah Anderson <micah@leap.se>2013-12-17 12:57:20 -0500
commit51f17512d031e937ebbb8f6568c7cffc287b65d3 (patch)
tree89b6a74196e89153aa688ff32a03c67eab2f007d /puppet/modules
parent006a2fec91304f1814deb3c3887b72aa0872a600 (diff)
rename the tls.pp to be smtpd_tls.pp, this allows us to have a separate
class for smtp vs. smtpd tls configurations Change-Id: Ic1cc560c76924fcbbc15e245bec7b78ac2de83d3
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp (renamed from puppet/modules/site_postfix/manifests/mx/tls.pp)27
1 files changed, 1 insertions, 26 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
index 08978efd..5714218c 100644
--- a/puppet/modules/site_postfix/manifests/mx/tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
@@ -1,4 +1,4 @@
-class site_postfix::mx::tls {
+class site_postfix::mx::smtpd_tls {
include x509::variables
$ca_path = "${x509::variables::local_CAs}/${site_config::params::client_ca_name}.crt"
@@ -50,29 +50,4 @@ class site_postfix::mx::tls {
value => '/etc/postfix/smtpd_tls_dh_param.pem',
require => File['/etc/postfix/smtpd_tls_dh_param.pem']
}
-
}
- # smtp TLS
- postfix::config {
- 'smtp_use_tls': value => 'yes';
- 'smtp_tls_CApath': value => '/etc/ssl/certs/';
- 'smtp_tls_CAfile': value => $ca_path;
- 'smtp_tls_cert_file': value => $cert_path;
- 'smtp_tls_key_file': value => $key_path;
- 'smtp_tls_ask_ccert': value => 'yes';
- 'smtp_tls_loglevel': value => '1';
- 'smtp_tls_exclude_ciphers':
- value => 'aNULL, MD5, DES';
- # upstream default is md5 (since 2.5 and older used it), we force sha1
- 'smtp_tls_fingerprint_digest':
- value => 'sha1';
- 'smtp_tls_session_cache_database':
- value => 'btree:${queue_directory}/smtp_cache';
- 'smtp_tls_security_level':
- value => 'may';
- # see issue #4011
- 'smtp_tls_protocols':
- value => '!SSLv2, !SSLv3';
- }
-
-