tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/smtpd/manifests/init.pp
Ossi Salmi b0bec99e0c Use native service provider on OpenBSD
2016-04-18 15:32:47 +03:00

325 lines
7.7 KiB
Puppet
Raw Permalink Blame History

# Configure smtpd.
#
# === Parameters
#
# $maildomain:
# Domain to masquerade as.
#
# $mailserver:
# Server to relay mail via.
#
# $listen:
# Listen on external interfaces. Defaults to false.
#
# $gecos:
# Boolean for whether to enable gecos aliases.
# Defaults to true.
#
# $maildir:
# Directory in user home for INBOX. Defaults to "Mail".
#
# $config:
# Path to custom configuration file.
#
# $custom:
# Array of custom accept/reject rules.
#
# $domains:
# Array of primary domains to accept mail for.
#
# $virtuals:
# Array of virtual domains to accept mail for.
#
# $ssl_key:
# Source path of private key.
#
# $ssl_cert:
# Source path of certificate.
#
class smtpd(
$maildomain=undef,
$mailserver=undef,
$listen=false,
$gecos=true,
$maildir='Mail',
$config=undef,
$custom=undef,
$domains=undef,
$virtuals=undef,
$ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
$ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem"
) {
if $listen == true and $::operatingsystem != 'OpenBSD' {
fail('listen only supported on OpenBSD')
}
case $::operatingsystem {
'centos','redhat': {
if versioncmp($::operatingsystemrelease, '6') < 0 {
fail("smtpd requires atleast ${::operatingsystem} 6")
}
$package = 'opensmtpd'
$service = 'opensmtpd'
$confdir = '/etc/opensmtpd'
$aliases = '/etc/aliases'
$mda = undef
package { $package:
ensure => installed,
before => File["${confdir}/smtpd.conf"],
}
exec { '/usr/sbin/alternatives --set mta /usr/sbin/sendmail.opensmtpd':
refreshonly => true,
subscribe => Package[$package],
before => Service[$service],
}
service { [ 'postfix', 'sendmail' ]:
ensure => stopped,
enable => false,
before => Service[$service],
}
}
'ubuntu': {
if versioncmp($::operatingsystemrelease, '14.04') < 0 {
fail("smtpd requires atleast ${::operatingsystem} 14.04")
}
$package = 'opensmtpd'
$service = 'opensmtpd'
$confdir = '/etc'
$aliases = '/etc/aliases'
$mda = undef
package { $package:
ensure => installed,
before => File["${confdir}/smtpd.conf"],
}
}
'openbsd': {
$package = undef
$service = 'smtpd'
$confdir = '/etc/mail'
$aliases = '/etc/mail/aliases'
$mda = '/usr/local/bin/procmail -Y -t -f %{sender}'
file { '/etc/mailer.conf':
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
content => template('smtpd/mailer.conf.erb'),
before => Service[$service],
}
service { 'sendmail':
ensure => stopped,
enable => false,
before => Service[$service],
}
}
default: {
fail("smtpd not supported on ${::operatingsystem}")
}
}
if $mailserver {
$mailrelay = "smtp+tls://${mailserver}"
} else {
$mailrelay = undef
}
include ssl
if $config {
$content = undef
} else {
$content = $listen ? {
true => template('smtpd/server.conf.erb'),
default => template('smtpd/client.conf.erb'),
}
}
file { "${confdir}/smtpd.conf":
ensure => present,
mode => '0644',
owner => 'root',
group => $::operatingsystem ? {
'openbsd' => 'wheel',
default => 'root',
},
source => $config,
content => $content,
notify => Service[$service],
}
service { $service:
ensure => running,
enable => true,
}
if $listen == true or $config {
file { "${ssl::private}/smtpd.key":
ensure => present,
mode => '0600',
owner => 'root',
group => 'wheel',
source => $ssl_key,
notify => Service[$service],
}
file { "${ssl::certs}/smtpd.crt":
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
source => $ssl_cert,
notify => Service[$service],
}
}
if $listen == true {
include procmail
procmail::rc { '00-default.rc':
content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
}
file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
ensure => directory,
mode => '0700',
owner => 'root',
group => 'wheel',
before => Service[$service],
}
if $gecos == true {
file { '/usr/local/sbin/generate-smtpd-gecos.sh':
ensure => present,
mode => '0700',
owner => 'root',
group => 'wheel',
source => 'puppet:///modules/smtpd/generate-smtpd-gecos.sh',
}
exec { '/usr/local/sbin/generate-smtpd-gecos.sh':
unless => '/bin/test /etc/mail/gecos -nt /etc/passwd',
require => File['/usr/local/sbin/generate-smtpd-gecos.sh'],
notify => Exec['makemap aliases'],
}
}
file { '/etc/mail/aliases':
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
source => [
"puppet:///files/mail/aliases.${::homename}",
'puppet:///files/mail/aliases',
],
}
exec { 'makemap aliases':
command => $gecos ? {
false => 'makemap aliases',
true => 'cat aliases gecos > aliases.gecos && makemap -o aliases.db aliases.gecos',
},
refreshonly => true,
cwd => '/etc/mail',
path => '/bin:/usr/bin:/sbin:/usr/sbin',
subscribe => File['/etc/mail/aliases'],
before => Service[$service],
}
file { '/etc/mail/clients':
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
source => [
"puppet:///files/mail/clients.${::homename}",
'puppet:///files/mail/clients',
'puppet:///modules/smtpd/empty',
],
}
exec { 'makemap -t set clients':
refreshonly => true,
cwd => '/etc/mail',
path => '/bin:/usr/bin:/sbin:/usr/sbin',
subscribe => File['/etc/mail/clients'],
before => Service[$service],
}
if $domains {
smtpd::aliases { $domains:
gecos => $gecos,
subscribe => $gecos ? {
false => undef,
true => Exec['/usr/local/sbin/generate-smtpd-gecos.sh'],
},
}
}
if $virtuals {
smtpd::virtual { $virtuals: }
}
}
}
# Install alias mapping for domain.
#
define smtpd::aliases($gecos) {
file { "/etc/mail/aliases.${name}":
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
source => [
"puppet:///files/mail/aliases.${name}",
"puppet:///files/mail/aliases.${::homename}",
'puppet:///files/mail/aliases',
],
}
exec { "makemap aliases.${name}":
command => $gecos ? {
false => "makemap aliases.${name}",
true => "cat aliases.${name} gecos > aliases.${name}.gecos && makemap -o aliases.${name}.db aliases.${name}.gecos",
},
refreshonly => true,
cwd => '/etc/mail',
path => '/bin:/usr/bin:/sbin:/usr/sbin',
subscribe => File["/etc/mail/aliases.${name}"],
before => Service[$smtpd::service],
}
}
# Install virtual user mapping for domain.
#
define smtpd::virtual() {
file { "/etc/mail/virtual.${name}":
ensure => present,
mode => '0644',
owner => 'root',
group => 'wheel',
source => [
"puppet:///files/mail/virtual.${name}",
"puppet:///files/mail/virtual.${::homename}",
'puppet:///files/mail/virtual',
],
}
exec { "makemap virtual.${name}":
refreshonly => true,
cwd => '/etc/mail',
path => '/bin:/usr/bin:/sbin:/usr/sbin',
subscribe => File["/etc/mail/virtual.${name}"],
before => Service[$smtpd::service],
}
}
Reference in a new issue View git blame Copy permalink