2 files changed, 137 insertions, 0 deletions

diff --git a/puppet/modules/leap_mx/manifests/init.pp b/puppet/modules/leap_mx/manifests/init.pp
new file mode 100644
index 00000000..d758e3ab
--- /dev/null
+++ b/puppet/modules/leap_mx/manifests/init.pp
@@ -0,0 +1,119 @@
+# deploy leap mx service
+class leap_mx {
+
+  $leap_mx          = hiera('couchdb_leap_mx_user')
+  $couchdb_user     = $leap_mx['username']
+  $couchdb_password = $leap_mx['password']
+
+  $couchdb_host     = 'localhost'
+  $couchdb_port     = '4096'
+
+  $sources          = hiera('sources')
+
+  include soledad::common
+
+  #
+  # USER AND GROUP
+  #
+  # Make the user for leap-mx. This user is where all legitimate, non-system
+  # mail is delivered so leap-mx can process it. Previously, we let the system
+  # pick a uid/gid, but we need to know what they are set to in order to set the
+  # virtual_uid_maps and virtual_gid_maps. Its a bit overkill write a fact just
+  # for this, so instead we pick arbitrary numbers that seem unlikely to be used
+  # and then use them in the postfix configuration
+
+  group { 'leap-mx':
+    ensure    => present,
+    gid       => 42424,
+    allowdupe => false;
+  }
+
+  user { 'leap-mx':
+    ensure     => present,
+    comment    => 'Leap Mail',
+    allowdupe  => false,
+    uid        => 42424,
+    gid        => 'leap-mx',
+    home       => '/var/mail/leap-mx',
+    shell      => '/bin/false',
+    managehome => true,
+    require    => Group['leap-mx'];
+  }
+
+  file {
+    '/var/mail/leap-mx':
+      ensure  => directory,
+      owner   => 'leap-mx',
+      group   => 'leap-mx',
+      mode    => '0755',
+      require => User['leap-mx'];
+
+    '/var/mail/leap-mx/Maildir':
+      ensure => directory,
+      owner  => 'leap-mx',
+      group  => 'leap-mx',
+      mode   => '0700';
+
+    '/var/mail/leap-mx/Maildir/new':
+      ensure => directory,
+      owner  => 'leap-mx',
+      group  => 'leap-mx',
+      mode   => '0700';
+
+    '/var/mail/leap-mx/Maildir/cur':
+      ensure => directory,
+      owner  => 'leap-mx',
+      group  => 'leap-mx',
+      mode   => '0700';
+
+    '/var/mail/leap-mx/Maildir/tmp':
+      ensure => directory,
+      owner  => 'leap-mx',
+      group  => 'leap-mx',
+      mode   => '0700';
+  }
+
+  #
+  # LEAP-MX CONFIG
+  #
+
+  file { '/etc/leap/mx.conf':
+    content => template('leap_mx/mx.conf.erb'),
+    owner   => 'leap-mx',
+    group   => 'leap-mx',
+    mode    => '0600',
+    notify  => Service['leap-mx'];
+  }
+
+  leap::logfile { 'leap-mx':
+    log     => '/var/log/leap/mx.log',
+    process => 'leap-mx'
+  }
+
+  #
+  # LEAP-MX CODE AND DEPENDENCIES
+  #
+
+  package {
+    $sources['leap-mx']['package']:
+      ensure  => $sources['leap-mx']['revision'],
+      require => [
+        Class['site_apt::leap_repo'],
+        User['leap-mx'] ];
+
+    'leap-keymanager':
+      ensure => latest;
+  }
+
+  #
+  # LEAP-MX DAEMON
+  #
+
+  service { 'leap-mx':
+    ensure     => running,
+    enable     => true,
+    hasstatus  => true,
+    hasrestart => true,
+    require    => [ Package['leap-mx'] ];
+  }
+}
diff --git a/puppet/modules/leap_mx/templates/mx.conf.erb b/puppet/modules/leap_mx/templates/mx.conf.erb
new file mode 100644
index 00000000..b54b3a86
--- /dev/null
+++ b/puppet/modules/leap_mx/templates/mx.conf.erb
@@ -0,0 +1,18 @@
+[mail1]
+path=/var/mail/leap-mx/Maildir
+recursive=True
+
+[couchdb]
+user=<%= @couchdb_user %>
+password=<%= @couchdb_password %>
+server=<%= @couchdb_host %>
+port=<%= @couchdb_port %>
+
+[alias map]
+port=4242
+
+[check recipient]
+port=2244
+
+[fingerprint map]
+port=2424