summaryrefslogtreecommitdiff
path: root/puppet/modules/postfix/manifests/tlspolicy.pp
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/postfix/manifests/tlspolicy.pp')
m---------puppet/modules/postfix0
-rw-r--r--puppet/modules/postfix/manifests/tlspolicy.pp55
2 files changed, 55 insertions, 0 deletions
diff --git a/puppet/modules/postfix b/puppet/modules/postfix
deleted file mode 160000
-Subproject cce918f784ebf8a8875f43c79bc3a1f39ab9456
diff --git a/puppet/modules/postfix/manifests/tlspolicy.pp b/puppet/modules/postfix/manifests/tlspolicy.pp
new file mode 100644
index 00000000..d9017108
--- /dev/null
+++ b/puppet/modules/postfix/manifests/tlspolicy.pp
@@ -0,0 +1,55 @@
+#
+# == Class: postfix::tlspolicy
+#
+# Manages Postfix TLS policy by merging policy snippets configured
+# via postfix::tlspolicy_snippet defines
+#
+# Parameters:
+# - $fingerprint_digest (defaults to sha1)
+#
+# Note that this class is useless when used directly.
+# The postfix::tlspolicy_snippet defines takes care of importing
+# it anyway.
+#
+class postfix::tlspolicy(
+ $fingerprint_digest = 'sha1'
+) {
+
+ include common::moduledir
+ common::module_dir{'postfix/tls_policy': }
+
+ $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy"
+ $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy"
+
+ concat { "$postfix_merged_tlspolicy":
+ require => File[$postfix_tlspolicy_dir],
+ owner => root,
+ group => root,
+ mode => '0600',
+ }
+
+ postfix::hash { '/etc/postfix/tls_policy':
+ source => "$postfix_merged_tlspolicy",
+ subscribe => File["$postfix_merged_tlspolicy"],
+ }
+
+ postfix::config {
+ 'smtp_tls_fingerprint_digest': value => "$fingerprint_digest";
+ }
+
+ postfix::config { 'smtp_tls_policy_maps':
+ value => 'hash:/etc/postfix/tls_policy',
+ require => [
+ Postfix::Hash['/etc/postfix/tls_policy'],
+ Postfix::Config['smtp_tls_fingerprint_digest'],
+ ],
+ }
+
+ # Cleanup previous implementation's internal files
+ file { "${postfix_tlspolicy_dir}/tls_policy.d":
+ ensure => absent,
+ recurse => true,
+ force => true,
+ }
+
+}