From 50a71727ae3bc1e9bda222933d7de3b2c79a3065 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 9 Jun 2016 17:33:25 +0200 Subject: git subrepo clone https://leap.se/git/puppet_postfix puppet/modules/postfix subrepo: subdir: "puppet/modules/postfix" merged: "cce918f" upstream: origin: "https://leap.se/git/puppet_postfix" branch: "master" commit: "cce918f" git-subrepo: version: "0.3.0" origin: "https://github.com/ingydotnet/git-subrepo.git" commit: "cb2995b" --- puppet/modules/postfix/manifests/amavis.pp | 5 + puppet/modules/postfix/manifests/anonsasl.pp | 18 ++ puppet/modules/postfix/manifests/config.pp | 49 +++++ puppet/modules/postfix/manifests/disable.pp | 7 + puppet/modules/postfix/manifests/disable/base.pp | 12 ++ puppet/modules/postfix/manifests/disable/debian.pp | 11 + puppet/modules/postfix/manifests/hash.pp | 71 +++++++ puppet/modules/postfix/manifests/header_checks.pp | 32 +++ .../postfix/manifests/header_checks_snippet.pp | 60 ++++++ puppet/modules/postfix/manifests/init.pp | 221 +++++++++++++++++++++ puppet/modules/postfix/manifests/mailalias.pp | 32 +++ puppet/modules/postfix/manifests/mailman.pp | 34 ++++ puppet/modules/postfix/manifests/mta.pp | 70 +++++++ puppet/modules/postfix/manifests/satellite.pp | 49 +++++ puppet/modules/postfix/manifests/smtp_auth.pp | 37 ++++ puppet/modules/postfix/manifests/tlspolicy.pp | 55 +++++ .../modules/postfix/manifests/tlspolicy_snippet.pp | 45 +++++ puppet/modules/postfix/manifests/transport.pp | 44 ++++ .../modules/postfix/manifests/transport_regexp.pp | 56 ++++++ .../postfix/manifests/transport_regexp_snippet.pp | 67 +++++++ puppet/modules/postfix/manifests/virtual.pp | 44 ++++ puppet/modules/postfix/manifests/virtual_regexp.pp | 56 ++++++ .../postfix/manifests/virtual_regexp_snippet.pp | 67 +++++++ 23 files changed, 1142 insertions(+) create mode 100644 puppet/modules/postfix/manifests/amavis.pp create mode 100644 puppet/modules/postfix/manifests/anonsasl.pp create mode 100644 puppet/modules/postfix/manifests/config.pp create mode 100644 puppet/modules/postfix/manifests/disable.pp create mode 100644 puppet/modules/postfix/manifests/disable/base.pp create mode 100644 puppet/modules/postfix/manifests/disable/debian.pp create mode 100644 puppet/modules/postfix/manifests/hash.pp create mode 100644 puppet/modules/postfix/manifests/header_checks.pp create mode 100644 puppet/modules/postfix/manifests/header_checks_snippet.pp create mode 100644 puppet/modules/postfix/manifests/init.pp create mode 100644 puppet/modules/postfix/manifests/mailalias.pp create mode 100644 puppet/modules/postfix/manifests/mailman.pp create mode 100644 puppet/modules/postfix/manifests/mta.pp create mode 100644 puppet/modules/postfix/manifests/satellite.pp create mode 100644 puppet/modules/postfix/manifests/smtp_auth.pp create mode 100644 puppet/modules/postfix/manifests/tlspolicy.pp create mode 100644 puppet/modules/postfix/manifests/tlspolicy_snippet.pp create mode 100644 puppet/modules/postfix/manifests/transport.pp create mode 100644 puppet/modules/postfix/manifests/transport_regexp.pp create mode 100644 puppet/modules/postfix/manifests/transport_regexp_snippet.pp create mode 100644 puppet/modules/postfix/manifests/virtual.pp create mode 100644 puppet/modules/postfix/manifests/virtual_regexp.pp create mode 100644 puppet/modules/postfix/manifests/virtual_regexp_snippet.pp (limited to 'puppet/modules/postfix/manifests') diff --git a/puppet/modules/postfix/manifests/amavis.pp b/puppet/modules/postfix/manifests/amavis.pp new file mode 100644 index 00000000..b6639234 --- /dev/null +++ b/puppet/modules/postfix/manifests/amavis.pp @@ -0,0 +1,5 @@ +class postfix::amavis { + postfix::config { + "content_filter": value => "amavis:[127.0.0.1]:10024"; + } +} diff --git a/puppet/modules/postfix/manifests/anonsasl.pp b/puppet/modules/postfix/manifests/anonsasl.pp new file mode 100644 index 00000000..ca97f199 --- /dev/null +++ b/puppet/modules/postfix/manifests/anonsasl.pp @@ -0,0 +1,18 @@ +class postfix::anonsasl { + + include postfix::header_checks + + postfix::config { + 'smtpd_sasl_authenticated_header': + value => 'yes'; + } + + postfix::header_checks_snippet { + 'anonsasl': + content => template("postfix/anonsasl_header_checks.erb"), + require => [ + Postfix::Config['smtpd_sasl_authenticated_header'], + ]; + } + +} diff --git a/puppet/modules/postfix/manifests/config.pp b/puppet/modules/postfix/manifests/config.pp new file mode 100644 index 00000000..ce7af9e4 --- /dev/null +++ b/puppet/modules/postfix/manifests/config.pp @@ -0,0 +1,49 @@ +/* +== Definition: postfix::config + +Uses the "postconf" command to add/alter/remove options in postfix main +configuation file (/etc/postfix/main.cf). + +Parameters: +- *name*: name of the parameter. +- *ensure*: present/absent. defaults to present. +- *value*: value of the parameter. +- *nonstandard*: inform postfix::config that this parameter is not recognized + by the "postconf" command. defaults to false. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + class { 'postfix': } + + postfix::config { + "smtp_use_tls" => "yes"; + "smtp_sasl_auth_enable" => "yes"; + "smtp_sasl_password_maps" => "hash:/etc/postfix/my_sasl_passwords"; + "relayhost" => "[mail.example.com]:587"; + } + } + +*/ +define postfix::config ($ensure = present, $value, $nonstandard = false) { + case $ensure { + present: { + exec {"postconf -e ${name}='${value}'": + unless => $nonstandard ? { + false => "test \"x$(postconf -h ${name})\" = 'x${value}'", + true => "test \"x$(egrep '^${name} ' /etc/postfix/main.cf | cut -d= -f2 | cut -d' ' -f2)\" = 'x${value}'", + }, + notify => Service["postfix"], + require => File["/etc/postfix/main.cf"], + } + } + + absent: { + fail "postfix::config ensure => absent: Not implemented" + } + } +} diff --git a/puppet/modules/postfix/manifests/disable.pp b/puppet/modules/postfix/manifests/disable.pp new file mode 100644 index 00000000..c233ec6d --- /dev/null +++ b/puppet/modules/postfix/manifests/disable.pp @@ -0,0 +1,7 @@ +# remove postfix +class postfix::disable { + case $::operatingsystem { + debian: { include postfix::disable::debian } + default: { include postfix::disable::base } + } +} diff --git a/puppet/modules/postfix/manifests/disable/base.pp b/puppet/modules/postfix/manifests/disable/base.pp new file mode 100644 index 00000000..5c56c709 --- /dev/null +++ b/puppet/modules/postfix/manifests/disable/base.pp @@ -0,0 +1,12 @@ +class postfix::disable::base { + + service{'postfix': + ensure => stopped, + enable => false, + } + package{'postfix': + ensure => absent, + require => Service['postfix'], + } + +} diff --git a/puppet/modules/postfix/manifests/disable/debian.pp b/puppet/modules/postfix/manifests/disable/debian.pp new file mode 100644 index 00000000..213efc50 --- /dev/null +++ b/puppet/modules/postfix/manifests/disable/debian.pp @@ -0,0 +1,11 @@ +# debian has some issues with absent +# init scripts. +# It's a bug in debian's provider that should be fixed in puppet, but in the +# meantime we need this hack. +# +# see: https://projects.puppetlabs.com/issues/9381 +class postfix::disable::debian inherits postfix::disable::base { + Service['postfix']{ + hasstatus => false, + } +} diff --git a/puppet/modules/postfix/manifests/hash.pp b/puppet/modules/postfix/manifests/hash.pp new file mode 100644 index 00000000..006f8815 --- /dev/null +++ b/puppet/modules/postfix/manifests/hash.pp @@ -0,0 +1,71 @@ +/* +== Definition: postfix::hash + +Creates postfix hashed "map" files. It will create "${name}", and then build +"${name}.db" using the "postmap" command. The map file can then be referred to +using postfix::config. + +Parameters: +- *name*: the name of the map file. +- *ensure*: present/absent, defaults to present. +- *source*: file source. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + class { 'postfix': } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + postfix::config { "virtual_alias_maps": + value => "hash:/etc/postfix/virtual" + } + } + +*/ +define postfix::hash ($ensure="present", $source = false) { + include ::postfix + case $source { + false: { + file {"${name}": + ensure => $ensure, + mode => 600, + owner => root, + group => root, + seltype => $postfix::postfix_seltype, + require => Package["postfix"], + } + } + default: { + file {"${name}": + ensure => $ensure, + mode => 600, + owner => root, + group => root, + source => $source, + seltype => $postfix::postfix_seltype, + require => Package["postfix"], + } + } + } + + file {"${name}.db": + ensure => $ensure, + mode => 600, + require => [File["${name}"], Exec["generate ${name}.db"]], + seltype => $postfix::postfix_seltype, + } + + exec {"generate ${name}.db": + command => "postmap ${name}", + #creates => "${name}.db", # this prevents postmap from being run ! + subscribe => File["${name}"], + refreshonly => true, + require => Package["postfix"], + } +} diff --git a/puppet/modules/postfix/manifests/header_checks.pp b/puppet/modules/postfix/manifests/header_checks.pp new file mode 100644 index 00000000..5b0c3c86 --- /dev/null +++ b/puppet/modules/postfix/manifests/header_checks.pp @@ -0,0 +1,32 @@ +# +# == Class: postfix::header_checks +# +# Manages Postfix header_checks by merging snippets configured +# via postfix::header_checks_snippet defines +# +# Note that this class is useless when used directly. +# The postfix::header_checks_snippet defines takes care of importing +# it anyway. +# +class postfix::header_checks { + + concat { '/etc/postfix/header_checks': + owner => root, + group => root, + mode => '0600', + } + + postfix::config { "header_checks": + value => 'regexp:/etc/postfix/header_checks', + require => Concat['/etc/postfix/header_checks'], + } + + # Cleanup previous implementation's internal files + include common::moduledir + file { "${common::moduledir::module_dir_path}/postfix/header_checks": + ensure => absent, + recurse => true, + force => true, + } + +} diff --git a/puppet/modules/postfix/manifests/header_checks_snippet.pp b/puppet/modules/postfix/manifests/header_checks_snippet.pp new file mode 100644 index 00000000..05929a33 --- /dev/null +++ b/puppet/modules/postfix/manifests/header_checks_snippet.pp @@ -0,0 +1,60 @@ +/* +== Definition: postfix::header_checks_snippet + +Adds a header_checks snippets to /etc/postfix/header_checks. +See the postfix::header_checks class for details. + +Parameters: +- *source* or *content*: source or content of the header_checks snippet +- *ensure*: present (default) or absent + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + class { 'postfix': } + postfix::header_checks_snippet { + 'wrong_date': content => 'FIXME'; + 'bla': source => 'puppet:///files/etc/postfix/header_checks.d/bla'; + } + } + +*/ + +define postfix::header_checks_snippet ( + $ensure = "present", + $source = '', + $content = undef +) { + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for postfix::header_checks_snippet ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for postfix::header_checks_snippet ${name}") + } + + include postfix::header_checks + + $fragment = "postfix_header_checks_${name}" + + concat::fragment { "$fragment": + ensure => "$ensure", + target => '/etc/postfix/header_checks', + } + + if $source { + Concat::Fragment["$fragment"] { + source => $source, + } + } + else { + Concat::Fragment["$fragment"] { + content => $content, + } + } + +} diff --git a/puppet/modules/postfix/manifests/init.pp b/puppet/modules/postfix/manifests/init.pp new file mode 100644 index 00000000..45c8e0c9 --- /dev/null +++ b/puppet/modules/postfix/manifests/init.pp @@ -0,0 +1,221 @@ +# +# == Class: postfix +# +# This class provides a basic setup of postfix with local and remote +# delivery and an SMTP server listening on the loopback interface. +# +# Parameters: +# - *$smtp_listen*: address on which the smtp service will listen to. defaults to 127.0.0.1 +# - *$root_mail_recipient*: who will recieve root's emails. defaults to "nobody" +# - *$anon_sasl*: set $anon_sasl="yes" to hide the originating IP in email +# - *$manage_header_checks*: manage header checks +# - *$manage_tls_policy*: manage tls policy +# - *$manage_transport_regexp*: manage transport regexps +# - *$manage_virtual_regexp*: manage virtual regexps +# - *$tls_fingerprint_digest*: fingerprint digest for tls policy class +# - *$use_amavisd*: set to "yes" to configure amavis +# - *$use_dovecot_lda*: include dovecot declaration at master.cf +# - *$use_schleuder*: whether to include schleuder portion at master.cf +# - *$use_sympa*: whether to include sympa portion at master.cf +# - *$use_firma*: whether to include firma portion at master.cf +# - *$use_mlmmj*: whether to include mlmmj portion at master.cf +# - *$use_submission*: set to "yes" to enable submission section at master.cf +# - *$use_smtps*: set to "yes" to enable smtps section at master.cf +# - *$mastercf_tail*: set this for additional content to be added at the end of master.cf +# - *$inet_interfaces*: which inet interface postfix should listen on +# - *$myorigin*: sets postfix $myorigin configuration +# +# Example usage: +# +# node "toto.example.com" { +# class { 'postfix': +# smtp_listen => "192.168.1.10" +# } +# } +# +class postfix( + $smtp_listen = '127.0.0.1', + $root_mail_recipient = 'nobody', + $anon_sasl = 'no', + $manage_header_checks = 'no', + $manage_tls_policy = 'no', + $manage_transport_regexp = 'no', + $manage_virtual_regexp = 'no', + $tls_fingerprint_digest = 'sha1', + $use_amavisd = 'no', + $use_dovecot_lda = 'no', + $use_schleuder = 'no', + $use_sympa = 'no', + $use_firma = 'no', + $use_mlmmj = 'no', + $use_postscreen = 'no', + $use_submission = 'no', + $use_smtps = 'no', + $mastercf_tail = '', + $inet_interfaces = 'all', + $myorigin = $::fqdn, + $mailname = $::fqdn, + $preseed = false, + $default_alias_maps = true +) { + + case $::operatingsystem { + + 'RedHat', 'CentOS': { + $master_cf_template = 'postfix/master.cf.redhat5.erb' + + # selinux labels differ from one distribution to another + case $::operatingsystemmajrelease { + '4': { $postfix_seltype = 'etc_t' } + '5': { $postfix_seltype = 'postfix_etc_t' } + default: { $postfix_seltype = undef } + } + + postfix::config { + 'sendmail_path': value => '/usr/sbin/sendmail.postfix'; + 'newaliases_path': value => '/usr/bin/newaliases.postfix'; + 'mailq_path': value => '/usr/bin/mailq.postfix'; + } + } + + 'Debian': { + case $::operatingsystemrelease { + /^5.*/: { + $master_cf_template = 'postfix/master.cf.debian-5.erb' + } + /^6.*/: { + $master_cf_template = 'postfix/master.cf.debian-6.erb' + } + /^7.*/: { + $master_cf_template = 'postfix/master.cf.debian-7.erb' + } + default: { + $master_cf_template = "postfix/master.cf.debian-${::operatingsystemmajrelease}.erb" + } + } + } + + 'Ubuntu': { + $master_cf_template = 'postfix/master.cf.debian-sid.erb' + } + + default: { + $postfix_seltype = undef + $master_cf_template = undef + } + } + + + # Bootstrap moduledir + include common::moduledir + common::module_dir{'postfix': } + + # Include optional classes + if $anon_sasl == 'yes' { + include postfix::anonsasl + } + # this global variable needs to get parameterized as well + if $::header_checks == 'yes' { + include postfix::header_checks + } + if $manage_tls_policy == 'yes' { + class { 'postfix::tlspolicy': + fingerprint_digest => $tls_fingerprint_digest, + } + } + if $use_amavisd == 'yes' { + include postfix::amavis + } + if $manage_transport_regexp == 'yes' { + include postfix::transport_regexp + } + if $manage_virtual_regexp == 'yes' { + include postfix::virtual_regexp + } + + package { 'mailx': + ensure => installed + } + + if ( $preseed ) { + apt::preseeded_package { 'postfix': + ensure => installed, + } + } else { + package { 'postfix': + ensure => installed + } + } + + if $::operatingsystem == 'debian' { + Package[mailx] { name => 'bsd-mailx' } + } + + service { 'postfix': + ensure => running, + require => Package['postfix'], + } + + file { '/etc/mailname': + ensure => present, + content => "${::fqdn}\n", + seltype => $postfix_seltype, + } + + # Aliases + file { '/etc/aliases': + ensure => present, + content => "# file managed by puppet\n", + replace => false, + seltype => $postfix_seltype, + notify => Exec['newaliases'], + } + + # Aliases + exec { 'newaliases': + command => '/usr/bin/newaliases', + refreshonly => true, + require => Package['postfix'], + subscribe => File['/etc/aliases'], + } + + # Config files + file { '/etc/postfix/master.cf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + content => template($master_cf_template), + seltype => $postfix_seltype, + notify => Service['postfix'], + require => Package['postfix'], + } + + # Config files + file { '/etc/postfix/main.cf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + source => 'puppet:///modules/postfix/main.cf', + replace => false, + seltype => $postfix_seltype, + notify => Service['postfix'], + require => Package['postfix'], + } + + # Default configuration parameters + if $default_alias_maps { + postfix::config { + 'alias_maps': value => 'hash:/etc/aliases'; + } + } + postfix::config { + 'myorigin': value => $myorigin; + 'inet_interfaces': value => $inet_interfaces; + } + + postfix::mailalias {'root': + recipient => $root_mail_recipient, + } +} diff --git a/puppet/modules/postfix/manifests/mailalias.pp b/puppet/modules/postfix/manifests/mailalias.pp new file mode 100644 index 00000000..2f239ac3 --- /dev/null +++ b/puppet/modules/postfix/manifests/mailalias.pp @@ -0,0 +1,32 @@ +/* +== Definition: postfix::mailalias + +Wrapper around Puppet mailalias resource, provides newaliases executable. + +Parameters: +- *name*: the name of the alias. +- *ensure*: present/absent, defaults to present. +- *recipient*: recipient of the alias. + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + + class { 'postfix': } + + postfix::mailalias { "postmaster": + ensure => present, + recipient => 'foo' + } + +*/ +define postfix::mailalias ($ensure = 'present', $recipient) { + mailalias { "${name}": + ensure => $ensure, + recipient => $recipient, + notify => Exec['newaliases'] + } +} diff --git a/puppet/modules/postfix/manifests/mailman.pp b/puppet/modules/postfix/manifests/mailman.pp new file mode 100644 index 00000000..8c6ee32c --- /dev/null +++ b/puppet/modules/postfix/manifests/mailman.pp @@ -0,0 +1,34 @@ +# +# == Class: postfix::mailman +# +# Configures a basic smtp server, able to work for the mailman mailing-list +# manager. +# +# Example usage: +# +# node "toto.example.com" { +# include mailman +# class { 'postfix::mailman': } +# } +# +class postfix::mailman { + class { 'postfix': + smtp_listen => "0.0.0.0", + } + + postfix::config { + "mydestination": value => ""; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + "mailman_destination_recipient_limit": value => "1", nonstandard => true; + } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/puppet/modules/postfix/manifests/mta.pp b/puppet/modules/postfix/manifests/mta.pp new file mode 100644 index 00000000..f7a865db --- /dev/null +++ b/puppet/modules/postfix/manifests/mta.pp @@ -0,0 +1,70 @@ +# +# == Class: postfix::mta +# +# This class configures a minimal MTA, listening on +# $postfix_smtp_listen (default to localhost) and delivering mail to +# $postfix_mydestination (default to $fqdn). +# +# A valid relay host is required ($postfix_relayhost) for outbound email. +# +# transport & virtual maps get configured and can be populated with +# postfix::transport and postfix::virtual +# +# Parameters: +# - *$postfix_relayhost* +# - *$postfix_mydestination* +# - every global variable which works for class "postfix" will work here. +# +# Requires: +# - Class["postfix"] +# +# Example usage: +# +# node "toto.example.com" { +# +# class { 'postfix': +# smtp_listen => "0.0.0.0", +# } +# +# class { 'postfix::mta': +# relayhost => "mail.example.com", +# mydestination => "\$myorigin, myapp.example.com", +# } +# +# postfix::transport { "myapp.example.com": +# ensure => present, +# destination => "local:", +# } +# } +# +class postfix::mta( + $mydestination = '', + $relayhost = '' +) { + + #case $relayhost { + # "": { fail("Required relayhost parameter is not defined.") } + #} + + case $mydestination { + "": { $postfix_mydestination = "\$myorigin" } + default: { $postfix_mydestination = "$mydestination" } + } + + postfix::config { + "mydestination": value => $postfix_mydestination; + "mynetworks": value => "127.0.0.0/8"; + "relayhost": value => $relayhost; + "virtual_alias_maps": value => "hash:/etc/postfix/virtual"; + "transport_maps": value => "hash:/etc/postfix/transport"; + } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + +} diff --git a/puppet/modules/postfix/manifests/satellite.pp b/puppet/modules/postfix/manifests/satellite.pp new file mode 100644 index 00000000..c6c1a0e4 --- /dev/null +++ b/puppet/modules/postfix/manifests/satellite.pp @@ -0,0 +1,49 @@ +# +# == Class: postfix::satellite +# +# This class configures all local email (cron, mdadm, etc) to be forwarded +# to $root_mail_recipient, using $postfix_relayhost as a relay. +# +# $valid_fqdn can be set to override $fqdn in the case where the FQDN is +# not recognized as valid by the destination server. +# +# Parameters: +# - *valid_fqdn* +# - every global variable which works for class "postfix" will work here. +# +# Example usage: +# +# node "toto.local.lan" { +# class { 'postfix::satellite': +# relayhost => "mail.example.com" +# valid_fqdn => "toto.example.com" +# root_mail_recipient => "the.sysadmin@example.com" +# } +# } +# +class postfix::satellite( + $relayhost = '', + $valid_fqdn = $::fqdn, + $root_mail_recipient = '' +) { + + # If $valid_fqdn is provided, use it to override $fqdn + if $valid_fqdn != $::fdqn { + $fqdn = $valid_fqdn + } + + class { 'postfix': + root_mail_recipient => $root_mail_recipient, + myorigin => $valid_fqdn, + mailname => $valid_fqdn + } + + class { 'postfix::mta': + relayhost => $relayhost, + } + + postfix::virtual {"@${valid_fqdn}": + ensure => present, + destination => "root", + } +} diff --git a/puppet/modules/postfix/manifests/smtp_auth.pp b/puppet/modules/postfix/manifests/smtp_auth.pp new file mode 100644 index 00000000..b553fb5b --- /dev/null +++ b/puppet/modules/postfix/manifests/smtp_auth.pp @@ -0,0 +1,37 @@ +# == Definition: postfix::smtp_auth +# +# Manages content of the /etc/postfix/smtp_auth map. +# +# Requires: +# - Class["postfix"] +# - Postfix::Hash["/etc/postfix/smtp_auth"] +# - file_line (from puppetlab's stdlib module) +# +# Example usage: +# +# node 'toto.example.com' { +# +# include postfix +# +# postfix::hash { '/etc/postfix/smtp_auth': +# ensure => present, +# } +# postfix::config { 'smtp_auth_maps': +# value => 'hash:/etc/postfix/smtp_auth' +# } +# postfix::smtp_auth { 'gmail.com': +# ensure => present, +# user => 'USER', +# password => 'PW', +# } +# } + +define postfix::smtp_auth ($user, $password, $ensure=present) { + file_line { $name: + ensure => $ensure, + path => '/etc/postfix/smtp_auth', + line => "${name} ${user}:${password}", + notify => Exec['generate /etc/postfix/smtp_auth.db'], + require => Package['postfix'], + } +} diff --git a/puppet/modules/postfix/manifests/tlspolicy.pp b/puppet/modules/postfix/manifests/tlspolicy.pp new file mode 100644 index 00000000..d9017108 --- /dev/null +++ b/puppet/modules/postfix/manifests/tlspolicy.pp @@ -0,0 +1,55 @@ +# +# == Class: postfix::tlspolicy +# +# Manages Postfix TLS policy by merging policy snippets configured +# via postfix::tlspolicy_snippet defines +# +# Parameters: +# - $fingerprint_digest (defaults to sha1) +# +# Note that this class is useless when used directly. +# The postfix::tlspolicy_snippet defines takes care of importing +# it anyway. +# +class postfix::tlspolicy( + $fingerprint_digest = 'sha1' +) { + + include common::moduledir + common::module_dir{'postfix/tls_policy': } + + $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy" + $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy" + + concat { "$postfix_merged_tlspolicy": + require => File[$postfix_tlspolicy_dir], + owner => root, + group => root, + mode => '0600', + } + + postfix::hash { '/etc/postfix/tls_policy': + source => "$postfix_merged_tlspolicy", + subscribe => File["$postfix_merged_tlspolicy"], + } + + postfix::config { + 'smtp_tls_fingerprint_digest': value => "$fingerprint_digest"; + } + + postfix::config { 'smtp_tls_policy_maps': + value => 'hash:/etc/postfix/tls_policy', + require => [ + Postfix::Hash['/etc/postfix/tls_policy'], + Postfix::Config['smtp_tls_fingerprint_digest'], + ], + } + + # Cleanup previous implementation's internal files + file { "${postfix_tlspolicy_dir}/tls_policy.d": + ensure => absent, + recurse => true, + force => true, + } + +} diff --git a/puppet/modules/postfix/manifests/tlspolicy_snippet.pp b/puppet/modules/postfix/manifests/tlspolicy_snippet.pp new file mode 100644 index 00000000..b63f812c --- /dev/null +++ b/puppet/modules/postfix/manifests/tlspolicy_snippet.pp @@ -0,0 +1,45 @@ +/* +== Definition: postfix::tlspolicy_snippet + +Adds a TLS policy snippets to /etc/postfix/tls_policy. +See the postfix::tlspolicy class for details. + +Parameters: +- *name*: name of destination domain Postfix will lookup. See TLS_README. +- *value*: right-hand part of the tls_policy map +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Class["postfix::tlspolicy"] + +Example usage: + + node "toto.example.com" { + class { 'postfix': + manage_tls_policy => 'yes', + } + postfix::tlspolicy_snippet { + 'example.com': value => 'encrypt'; + '.example.com': value => 'encrypt'; + 'nothing.com': value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29'; + } + } + +*/ + +define postfix::tlspolicy_snippet ($ensure="present", $value = false) { + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.") + } + + include postfix::tlspolicy + + concat::fragment { "postfix_tlspolicy_${name}": + ensure => "$ensure", + content => "${name} ${value}\n", + target => "$postfix::tlspolicy::postfix_merged_tlspolicy", + } + +} diff --git a/puppet/modules/postfix/manifests/transport.pp b/puppet/modules/postfix/manifests/transport.pp new file mode 100644 index 00000000..08b93e5e --- /dev/null +++ b/puppet/modules/postfix/manifests/transport.pp @@ -0,0 +1,44 @@ +/* +== Definition: postfix::transport + +Manages content of the /etc/postfix/transport map. + +Parameters: +- *name*: name of address postfix will lookup. See transport(5). +- *destination*: where the emails will be delivered to. See transport(5). +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Postfix::Hash["/etc/postfix/transport"] +- Postfix::Config["transport_maps"] +- file_line (from module stdlib) + +Example usage: + + node "toto.example.com" { + + class { 'postfix': } + + postfix::hash { "/etc/postfix/transport": + ensure => present, + } + postfix::config { "transport_maps": + value => "hash:/etc/postfix/transport" + } + postfix::transport { "mailman.example.com": + ensure => present, + destination => "mailman", + } + } + +*/ +define postfix::transport ($ensure="present", $destination) { + file_line {"${name} ${destination}": + ensure => $ensure, + path => "/etc/postfix/transport", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/transport.db"], + require => Package["postfix"], + } +} diff --git a/puppet/modules/postfix/manifests/transport_regexp.pp b/puppet/modules/postfix/manifests/transport_regexp.pp new file mode 100644 index 00000000..4961141e --- /dev/null +++ b/puppet/modules/postfix/manifests/transport_regexp.pp @@ -0,0 +1,56 @@ +# +# == Class: postfix::transport_regexp +# +# Manages Postfix transport_regexp by merging snippets shipped: +# - in the module's files/transport_regexp.d/ or puppet:///files/etc/postfix/transport_regexp.d +# (the latter takes precedence if present); site_postfix module is supported +# as well, see the source argument of file {"$postfix_transport_regexp_snippets_dir" +# bellow for details. +# - via postfix::transport_regexp_snippet defines +# +# Example usage: +# +# node "toto.example.com" { +# class { 'postfix': +# manage_transport_regexp => 'yes', +# } +# postfix::config { "transport_maps": +# value => "hash:/etc/postfix/transport, regexp:/etc/postfix/transport_regexp", +# } +# } +# +class postfix::transport_regexp { + + include common::moduledir + common::module_dir{'postfix/transport_regexp': } + + $postfix_transport_regexp_dir = "${common::moduledir::module_dir_path}/postfix/transport_regexp" + $postfix_transport_regexp_snippets_dir = "${postfix_transport_regexp_dir}/transport_regexp.d" + $postfix_merged_transport_regexp = "${postfix_transport_regexp_dir}/merged_transport_regexp" + + file {"$postfix_transport_regexp_snippets_dir": + ensure => 'directory', + owner => 'root', + group => '0', + mode => '700', + source => [ + "puppet:///modules/site_postfix/${fqdn}/transport_regexp.d", + "puppet:///modules/site_postfix/transport_regexp.d", + "puppet:///files/etc/postfix/transport_regexp.d", + "puppet:///modules/postfix/transport_regexp.d", + ], + recurse => true, + purge => false, + } + + concatenated_file { "$postfix_merged_transport_regexp": + dir => "${postfix_transport_regexp_snippets_dir}", + require => File["$postfix_transport_regexp_snippets_dir"], + } + + config_file { '/etc/postfix/transport_regexp': + source => "$postfix_merged_transport_regexp", + subscribe => File["$postfix_merged_transport_regexp"], + } + +} diff --git a/puppet/modules/postfix/manifests/transport_regexp_snippet.pp b/puppet/modules/postfix/manifests/transport_regexp_snippet.pp new file mode 100644 index 00000000..2b13ed14 --- /dev/null +++ b/puppet/modules/postfix/manifests/transport_regexp_snippet.pp @@ -0,0 +1,67 @@ +/* +== Definition: postfix::transport_regexp_snippet + +Adds a transport_regexp snippets to /etc/postfix/transport_regexp. +See the postfix::transport_regexp class for details. + +Parameters: +- *source* or *content*: source or content of the transport_regexp snippet +- *ensure*: present (default) or absent + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + class { 'postfix': } + postfix::transport_regexp { + 'wrong_date': content => 'FIXME'; + 'bla': source => 'puppet:///files/etc/postfix/transport_regexp.d/bla'; + } + } + +*/ + +define postfix::transport_regexp_snippet ( + $ensure = "present", + $source = '', + $content = undef +) { + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for postfix::transport_regexp_snippet ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for postfix::transport_regexp_snippet ${name}") + } + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::transport_regexp_snippet define with ensure=present.") + } + + include postfix::transport_regexp + + $snippetfile = "${postfix::transport_regexp::postfix_transport_regexp_snippets_dir}/${name}" + + file { "$snippetfile": + ensure => "$ensure", + mode => 600, + owner => root, + group => 0, + notify => Exec["concat_${postfix::transport_regexp::postfix_merged_transport_regexp}"], + } + + if $source { + File["$snippetfile"] { + source => $source, + } + } + else { + File["$snippetfile"] { + content => $content, + } + } + +} diff --git a/puppet/modules/postfix/manifests/virtual.pp b/puppet/modules/postfix/manifests/virtual.pp new file mode 100644 index 00000000..06df32ad --- /dev/null +++ b/puppet/modules/postfix/manifests/virtual.pp @@ -0,0 +1,44 @@ +/* +== Definition: postfix::virtual + +Manages content of the /etc/postfix/virtual map. + +Parameters: +- *name*: name of address postfix will lookup. See virtual(8). +- *destination*: where the emails will be delivered to. See virtual(8). +- *ensure*: present/absent, defaults to present. + +Requires: +- Class["postfix"] +- Postfix::Hash["/etc/postfix/virtual"] +- Postfix::Config["virtual_alias_maps"] +- file_line (from module stdlib) + +Example usage: + + node "toto.example.com" { + + class { 'postfix': } + + postfix::hash { "/etc/postfix/virtual": + ensure => present, + } + postfix::config { "virtual_alias_maps": + value => "hash:/etc/postfix/virtual" + } + postfix::virtual { "user@example.com": + ensure => present, + destination => "root", + } + } + +*/ +define postfix::virtual ($ensure="present", $destination) { + file_line {"${name} ${destination}": + ensure => $ensure, + path => "/etc/postfix/virtual", + line => "${name} ${destination}", + notify => Exec["generate /etc/postfix/virtual.db"], + require => Package["postfix"], + } +} diff --git a/puppet/modules/postfix/manifests/virtual_regexp.pp b/puppet/modules/postfix/manifests/virtual_regexp.pp new file mode 100644 index 00000000..18bbd8ce --- /dev/null +++ b/puppet/modules/postfix/manifests/virtual_regexp.pp @@ -0,0 +1,56 @@ +# +# == Class: postfix::virtual_regexp +# +# Manages Postfix virtual_regexp by merging snippets shipped: +# - in the module's files/virtual_regexp.d/ or puppet:///files/etc/postfix/virtual_regexp.d +# (the latter takes precedence if present); site_postfix module is supported +# as well, see the source argument of file {"$postfix_virtual_regexp_snippets_dir" +# bellow for details. +# - via postfix::virtual_regexp_snippet defines +# +# Example usage: +# +# node "toto.example.com" { +# class { 'postfix': +# manage_virtual_regexp => 'yes', +# } +# postfix::config { "virtual_alias_maps": +# value => 'hash://postfix/virtual, regexp:/etc/postfix/virtual_regexp', +# } +# } +# +class postfix::virtual_regexp { + + include common::moduledir + common::module_dir{'postfix/virtual_regexp': } + + $postfix_virtual_regexp_dir = "${common::moduledir::module_dir_path}/postfix/virtual_regexp" + $postfix_virtual_regexp_snippets_dir = "${postfix_virtual_regexp_dir}/virtual_regexp.d" + $postfix_merged_virtual_regexp = "${postfix_virtual_regexp_dir}/merged_virtual_regexp" + + file {"$postfix_virtual_regexp_snippets_dir": + ensure => 'directory', + owner => 'root', + group => '0', + mode => '700', + source => [ + "puppet:///modules/site_postfix/${fqdn}/virtual_regexp.d", + "puppet:///modules/site_postfix/virtual_regexp.d", + "puppet:///files/etc/postfix/virtual_regexp.d", + "puppet:///modules/postfix/virtual_regexp.d", + ], + recurse => true, + purge => false, + } + + concatenated_file { "$postfix_merged_virtual_regexp": + dir => "${postfix_virtual_regexp_snippets_dir}", + require => File["$postfix_virtual_regexp_snippets_dir"], + } + + config_file { '/etc/postfix/virtual_regexp': + source => "$postfix_merged_virtual_regexp", + subscribe => File["$postfix_merged_virtual_regexp"], + } + +} diff --git a/puppet/modules/postfix/manifests/virtual_regexp_snippet.pp b/puppet/modules/postfix/manifests/virtual_regexp_snippet.pp new file mode 100644 index 00000000..bd9a982d --- /dev/null +++ b/puppet/modules/postfix/manifests/virtual_regexp_snippet.pp @@ -0,0 +1,67 @@ +/* +== Definition: postfix::virtual_regexp_snippet + +Adds a virtual_regexp snippets to /etc/postfix/virtual_regexp. +See the postfix::virtual_regexp class for details. + +Parameters: +- *source* or *content*: source or content of the virtual_regexp snippet +- *ensure*: present (default) or absent + +Requires: +- Class["postfix"] + +Example usage: + + node "toto.example.com" { + class { 'postfix': } + postfix::virtual_regexp { + 'wrong_date': content => 'FIXME'; + 'bla': source => 'puppet:///files/etc/postfix/virtual_regexp.d/bla'; + } + } + +*/ + +define postfix::virtual_regexp_snippet ( + $ensure = "present", + $source = '', + $content = undef +) { + + if $source == '' and $content == undef { + fail("One of \$source or \$content must be specified for postfix::virtual_regexp_snippet ${name}") + } + + if $source != '' and $content != undef { + fail("Only one of \$source or \$content must specified for postfix::virtual_regexp_snippet ${name}") + } + + if ($value == false) and ($ensure == "present") { + fail("The value parameter must be set when using the postfix::virtual_regexp_snippet define with ensure=present.") + } + + include postfix::virtual_regexp + + $snippetfile = "${postfix::virtual_regexp::postfix_virtual_regexp_snippets_dir}/${name}" + + file { "$snippetfile": + ensure => "$ensure", + mode => 600, + owner => root, + group => 0, + notify => Exec["concat_${postfix::virtual_regexp::postfix_merged_virtual_regexp}"], + } + + if $source { + File["$snippetfile"] { + source => $source, + } + } + else { + File["$snippetfile"] { + content => $content, + } + } + +} -- cgit v1.2.3