diff options
Diffstat (limited to 'puppet/modules/site_postfix/manifests/mx/static_aliases.pp')
| -rw-r--r-- | puppet/modules/site_postfix/manifests/mx/static_aliases.pp | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp new file mode 100644 index 00000000..786d74c1 --- /dev/null +++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp @@ -0,0 +1,58 @@ +# +# Defines static, hard coded aliases that are not in the database. +# + +class site_postfix::mx::static_aliases { + + $mx = hiera('mx') + $aliases = $mx['aliases'] + + # + # Predefined aliases. + # + # Defines which mail addresses shouldn't be available and where they should + # fwd + # + # TODO: reconcile this with the node property webapp.forbidden_usernames + # + # NOTE: if you remove one of these, they will still appear in the + # /etc/aliases file + # + postfix::mailalias { + [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron', + 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp', + 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql', + 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www', + 'www-data', + ]: + ensure => present, + recipient => 'root' + } + + # + # Custom aliases. + # + # This does not use the puppet mailalias resource because we want to be able + # to guarantee the contents of the alias file. This is needed so if you + # remove an alias from the node's config, it will get removed from the alias + # file. + # + + # both alias files must be listed under "alias_database", because once you + # specify one, then `newaliases` no longer will default to updating + # "/etc/aliases.db". + postfix::config { + 'alias_database': + value => "/etc/aliases, /etc/postfix/custom-aliases"; + 'alias_maps': + value => "hash:/etc/aliases, hash:/etc/postfix/custom-aliases"; + } + + file { '/etc/postfix/custom-aliases': + content => template('site_postfix/custom-aliases.erb'), + owner => root, + group => root, + mode => 0600, + notify => Exec['newaliases'] + } +} |