From 50a71727ae3bc1e9bda222933d7de3b2c79a3065 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 9 Jun 2016 17:33:25 +0200
Subject: git subrepo clone https://leap.se/git/puppet_postfix
 puppet/modules/postfix

subrepo:
  subdir:   "puppet/modules/postfix"
  merged:   "cce918f"
upstream:
  origin:   "https://leap.se/git/puppet_postfix"
  branch:   "master"
  commit:   "cce918f"
git-subrepo:
  version:  "0.3.0"
  origin:   "https://github.com/ingydotnet/git-subrepo.git"
  commit:   "cb2995b"
---
 puppet/modules/postfix/manifests/tlspolicy.pp | 55 +++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 puppet/modules/postfix/manifests/tlspolicy.pp

(limited to 'puppet/modules/postfix/manifests/tlspolicy.pp')

diff --git a/puppet/modules/postfix/manifests/tlspolicy.pp b/puppet/modules/postfix/manifests/tlspolicy.pp
new file mode 100644
index 00000000..d9017108
--- /dev/null
+++ b/puppet/modules/postfix/manifests/tlspolicy.pp
@@ -0,0 +1,55 @@
+#
+# == Class: postfix::tlspolicy
+#
+# Manages Postfix TLS policy by merging policy snippets configured
+# via postfix::tlspolicy_snippet defines
+#
+# Parameters:
+# - $fingerprint_digest (defaults to sha1)
+#
+# Note that this class is useless when used directly.
+# The postfix::tlspolicy_snippet defines takes care of importing
+# it anyway.
+#
+class postfix::tlspolicy(
+  $fingerprint_digest = 'sha1'
+) {
+
+  include common::moduledir
+  common::module_dir{'postfix/tls_policy': }
+
+  $postfix_tlspolicy_dir          = "${common::moduledir::module_dir_path}/postfix/tls_policy"
+  $postfix_merged_tlspolicy       = "${postfix_tlspolicy_dir}/merged_tls_policy"
+
+  concat { "$postfix_merged_tlspolicy":
+    require => File[$postfix_tlspolicy_dir],
+    owner   => root,
+    group   => root,
+    mode    => '0600',
+  }
+
+  postfix::hash { '/etc/postfix/tls_policy':
+    source    => "$postfix_merged_tlspolicy",
+    subscribe => File["$postfix_merged_tlspolicy"],
+  }
+
+  postfix::config {
+    'smtp_tls_fingerprint_digest': value => "$fingerprint_digest";
+  }
+
+  postfix::config { 'smtp_tls_policy_maps':
+    value   => 'hash:/etc/postfix/tls_policy',
+    require => [
+                Postfix::Hash['/etc/postfix/tls_policy'],
+                Postfix::Config['smtp_tls_fingerprint_digest'],
+               ],
+  }
+
+  # Cleanup previous implementation's internal files
+  file { "${postfix_tlspolicy_dir}/tls_policy.d":
+    ensure  => absent,
+    recurse => true,
+    force   => true,
+  }
+
+}
-- 
cgit v1.2.3