diff options
| -rw-r--r-- | provider_base/services/mx.json | 1 | ||||
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx.pp | 3 |
2 files changed, 4 insertions, 0 deletions
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json index 9d0ee532..d57c3168 100644 --- a/provider_base/services/mx.json +++ b/provider_base/services/mx.json @@ -6,6 +6,7 @@ "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)" }, "couchdb_leap_mx_user": "= global.services[:couchdb].couch.users[:leap_mx]", + "mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')", "x509": { "use": true, "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", diff --git a/puppet/modules/site_postfix/manifests/mx.pp b/puppet/modules/site_postfix/manifests/mx.pp index 441252f2..de89c26e 100644 --- a/puppet/modules/site_postfix/manifests/mx.pp +++ b/puppet/modules/site_postfix/manifests/mx.pp @@ -4,6 +4,7 @@ class site_postfix::mx { $domain = $domain_hash['full_suffix'] $host_domain = $domain_hash['full'] $cert_name = hiera('name') + $mynetworks = join(hiera('mx_nodes'), ' ') $root_mail_recipient = hiera ('contacts') $postfix_smtp_listen = 'all' @@ -14,6 +15,8 @@ class site_postfix::mx { include site_config::x509::client_ca::key postfix::config { + 'mynetworks': + value => "127.0.0.0/8 [::1]/128 [fe80::]/64 ${mynetworks}"; 'mydestination': value => "\$myorigin, localhost, localhost.\$mydomain, ${domain}"; 'myhostname': |