From 8ce9ae825993934113cc24d80428292aaf47b824 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Wed, 10 Nov 2010 21:17:00 +0100
Subject: Add support for managing Postfix TLS policy.

---
 manifests/definitions/tlspolicy_snippet.pp | 47 ++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 manifests/definitions/tlspolicy_snippet.pp

(limited to 'manifests/definitions/tlspolicy_snippet.pp')

diff --git a/manifests/definitions/tlspolicy_snippet.pp b/manifests/definitions/tlspolicy_snippet.pp
new file mode 100644
index 0000000..2596dbc
--- /dev/null
+++ b/manifests/definitions/tlspolicy_snippet.pp
@@ -0,0 +1,47 @@
+/*
+== Definition: postfix::tlspolicy_snippet
+
+Adds a TLS policy snippets to /etc/postfix/tls_policy.d/.
+See the postfix::tlspolicy class for details.
+
+Parameters:
+- *name*: name of destination domain Postfix will lookup. See TLS_README.
+- *value*: right-hand part of the tls_policy map
+- *ensure*: present/absent, defaults to present.
+
+Requires:
+- Class["postfix"]
+- Class["postfix::tlspolicy"]
+
+Example usage:
+
+  node "toto.example.com" {
+    $postfix_manage_tls_policy = yes
+    include postfix
+    postfix::tlspolicy_snippet {
+      'example.com':  value => 'encrypt';
+      '.example.com': value => 'encrypt';
+      'nothing.com':  value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29';
+    }
+  }
+
+*/
+
+define postfix::tlspolicy_snippet ($ensure="present", $value = false) {
+
+  include postfix::tlspolicy
+
+  if ($value == false) and ($ensure == "present") {
+    fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.")
+  }
+
+  file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}":
+    ensure  => "$ensure",
+    content => "${name}		${value}\n",
+    mode    => 600,
+    owner   => root,
+    group   => 0,
+    notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"],
+  }
+
+}
-- 
cgit v1.2.3