postfix: Add support for ECDSA certificates

2013-11-05 01:14:45 +02:00 · 2013-11-05 01:14:45 +02:00 · 7ca414fc9f
commit 7ca414fc9f
parent 01a37e8bf7
2 changed files with 31 additions and 0 deletions
--- a/postfix/manifests/init.pp
+++ b/postfix/manifests/init.pp
@ -32,6 +32,12 @@
 #   $postfix_cert:
 #       Path to SSL certificate. Defaults to puppet client certificate.
 #
+#   $postfix_ec_key:
+#       Path to ECDSA private key.
+#
+#   $postfix_ec_cert:
+#       Path to ECDSA certificate.
+#
 #   $postfix_chain:
 #       Path to intermediary CA cert.
 #
@ -102,6 +108,27 @@ class postfix {
        notify  => Service["postfix"],
    }

+    if $postfix_ec_cert and $postfix_ec_key {
+        file { "${ssl::certs}/postfix-ec.crt":
+            ensure  => present,
+            source  => $postfix_ec_cert,
+            mode    => "0644",
+            owner   => "root",
+            group   => "root",
+            require => Package["postfix"],
+            notify  => Service["postfix"],
+        }
+        file { "${ssl::private}/postfix-ec.key":
+            ensure  => present,
+            source  => $postfix_ec_key,
+            mode    => "0640",
+            owner   => "root",
+            group   => "postfix",
+            require => Package["postfix"],
+            notify  => Service["postfix"],
+        }
+    }
+
    exec { "usermod-postfix-ssl-cert":
        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
        command => "usermod -a -G ssl-cert postfix",