From b5fbda1ca3832043e1636ee964a806ff222cb05f Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Fri, 21 Aug 2015 17:13:34 -0700
Subject: add support for configurable mail alias maps

---
 .../site_postfix/manifests/mx/static_aliases.pp    | 58 ++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 puppet/modules/site_postfix/manifests/mx/static_aliases.pp

(limited to 'puppet/modules/site_postfix/manifests/mx/static_aliases.pp')

diff --git a/puppet/modules/site_postfix/manifests/mx/static_aliases.pp b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
new file mode 100644
index 00000000..786d74c1
--- /dev/null
+++ b/puppet/modules/site_postfix/manifests/mx/static_aliases.pp
@@ -0,0 +1,58 @@
+#
+# Defines static, hard coded aliases that are not in the database.
+#
+
+class site_postfix::mx::static_aliases {
+
+  $mx = hiera('mx')
+  $aliases = $mx['aliases']
+
+  #
+  # Predefined aliases.
+  #
+  # Defines which mail addresses shouldn't be available and where they should
+  # fwd
+  #
+  # TODO: reconcile this with the node property webapp.forbidden_usernames
+  #
+  # NOTE: if you remove one of these, they will still appear in the
+  # /etc/aliases file
+  #
+  postfix::mailalias {
+    [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
+      'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
+      'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
+      'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
+      'www-data',
+    ]:
+      ensure    => present,
+      recipient => 'root'
+  }
+
+  #
+  # Custom aliases.
+  #
+  # This does not use the puppet mailalias resource because we want to be able
+  # to guarantee the contents of the alias file. This is needed so if you
+  # remove an alias from the node's config, it will get removed from the alias
+  # file.
+  #
+
+  # both alias files must be listed under "alias_database", because once you
+  # specify one, then `newaliases` no longer will default to updating
+  # "/etc/aliases.db".
+  postfix::config {
+    'alias_database':
+      value => "/etc/aliases, /etc/postfix/custom-aliases";
+    'alias_maps':
+      value => "hash:/etc/aliases, hash:/etc/postfix/custom-aliases";
+  }
+
+  file { '/etc/postfix/custom-aliases':
+    content => template('site_postfix/custom-aliases.erb'),
+    owner   => root,
+    group   => root,
+    mode    => 0600,
+    notify  => Exec['newaliases']
+  }
+}
-- 
cgit v1.2.3