1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
# deploy leap mx service
class leap_mx {
$leap_mx = hiera('couchdb_leap_mx_user')
$couchdb_user = $leap_mx['username']
$couchdb_password = $leap_mx['password']
$couchdb_host = 'localhost'
$couchdb_port = hiera('couchdb_port')
$sources = hiera('sources')
include soledad::common
#
# USER AND GROUP
#
# Make the user for leap-mx. This user is where all legitimate, non-system
# mail is delivered so leap-mx can process it. Previously, we let the system
# pick a uid/gid, but we need to know what they are set to in order to set the
# virtual_uid_maps and virtual_gid_maps. Its a bit overkill write a fact just
# for this, so instead we pick arbitrary numbers that seem unlikely to be used
# and then use them in the postfix configuration
group { 'leap-mx':
ensure => present,
gid => 42424,
allowdupe => false;
}
user { 'leap-mx':
ensure => present,
comment => 'Leap Mail',
allowdupe => false,
uid => 42424,
gid => 'leap-mx',
home => '/var/mail/leap-mx',
shell => '/bin/false',
managehome => true,
require => Group['leap-mx'];
}
file {
'/var/mail/leap-mx':
ensure => directory,
owner => 'leap-mx',
group => 'leap-mx',
mode => '0755',
require => User['leap-mx'];
'/var/mail/leap-mx/Maildir':
ensure => directory,
owner => 'leap-mx',
group => 'leap-mx',
mode => '0700';
'/var/mail/leap-mx/Maildir/new':
ensure => directory,
owner => 'leap-mx',
group => 'leap-mx',
mode => '0700';
'/var/mail/leap-mx/Maildir/cur':
ensure => directory,
owner => 'leap-mx',
group => 'leap-mx',
mode => '0700';
'/var/mail/leap-mx/Maildir/tmp':
ensure => directory,
owner => 'leap-mx',
group => 'leap-mx',
mode => '0700';
}
#
# LEAP-MX CONFIG
#
file { '/etc/leap/mx.conf':
content => template('leap_mx/mx.conf.erb'),
owner => 'leap-mx',
group => 'leap-mx',
mode => '0600',
notify => Service['leap-mx'];
}
leap::logfile { 'leap-mx':
log => '/var/log/leap/mx.log',
process => 'leap-mx'
}
#
# LEAP-MX CODE AND DEPENDENCIES
#
package {
$sources['leap-mx']['package']:
ensure => $sources['leap-mx']['revision'],
require => [
Class['site_apt::leap_repo'],
User['leap-mx'] ];
'leap-keymanager':
ensure => latest;
}
#
# LEAP-MX DAEMON
#
service { 'leap-mx':
ensure => running,
enable => true,
hasstatus => true,
hasrestart => true,
require => [ Package['leap-mx'] ];
}
}
|