tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/postfix/manifests/init.pp

204 lines
5.2 KiB
Puppet
Raw Blame History

# Install Postfix packages.
#
# === Global variables
#
# $mail_domain:
# SMTP domain name.
#
# $mydestination:
# Destinations we will accept and relay mail for.
#
# $mail_server:
# Optional smarthost used for sending mail.
#
# $postfix_hostname:
# Hostname of postfix server. Defaults to $fqdn.
#
# $postfix_interfaces:
# Interfaces to listen. Defaults to 'localhost'.
#
# $postfix_networks:
# Optional value for mynetworks variable.
#
# $postfix_home_mailbox:
# Optional value for home_mailbox variable.
#
# $postfix_rbl:
# List of RBL hosts to use.
#
# $postfix_key:
# Path to SSL private key. Defaults to puppet client key.
#
# $postfix_cert:
# Path to SSL certificate. Defaults to puppet client certificate.
#
# $postgrey:
# Whether to run postgrey or not.
#
# $submission:
# Whether to enable submission (and sasl::saslauthd).
#
# $cyrus_lmtp:
# Whether to enable cyrus-lmtp delivery.
class postfix {
include ssl
if !$postfix_key {
$postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$postfix_cert {
$postfix_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
if !$mail_domain {
if $domain {
$mail_domain = $domain
} else {
fail("Failed to set \$mail_domain, missing \$domain")
}
}
if !$postfix_hostname {
if $fqdn {
$postfix_hostname = $fqdn
} else {
fail("Failed to set \$postfix_hostname, missing \$fqdn")
}
}
if !$postfix_interfaces {
$postfix_interfaces = "localhost"
}
if $postgrey {
case $::operatingsystem {
"debian","ubuntu": {
package {"postgrey": ensure => installed,}
exec { "usermod-postfix":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G mail postfix",
unless => "id -n -G openldap | grep '\\bmail\\b'",
}
}
default: {
fail("Postgrey module not yet supported in ${::operatingsystem}.")
}
}
}
package { "postfix":
ensure => installed,
}
service { "postfix":
ensure => running,
enable => true,
require => Package["postfix"],
}
file { "${ssl::certs}/postfix.crt":
ensure => present,
source => $postfix_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Service["postfix"],
}
file { "${ssl::private}/postfix.key":
ensure => present,
source => $postfix_key,
mode => "0600",
owner => "root",
group => "root",
notify => Service["postfix"],
}
file { "/etc/postfix/main.cf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("postfix/main.cf.erb"),
notify => Service["postfix"],
require => Package["postfix"],
}
if $submission {
include sasl::saslauthd
file { "/var/spool/postfix/var":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/spool/postfix/var/run":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/spool/postfix/var/run/saslauthd":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
mount { "/var/spool/postfix/var/run/saslauthd":
ensure => mounted,
atboot => true,
device => "/var/run/saslauthd",
options => "bind, errors=continue",
fstype => "bind",
dump => "0",
pass => "0",
}
}
file { "/etc/postfix/master.cf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("postfix/master.cf.erb"),
notify => Service["postfix"],
require => Package["postfix"],
}
file { "/etc/aliases":
ensure => present,
source => [
"puppet:///files/mail/aliases.${homename}",
"puppet:///files/mail/aliases",
"puppet:///modules/postfix/aliases",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
file { "/etc/postfix/virtual":
ensure => present,
source => [
"puppet:///files/mail/virtual.${homename}",
"puppet:///files/mail/virtual",
"puppet:///modules/postfix/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["postmap /etc/postfix/virtual"],
}
exec { "postmap /etc/postfix/virtual":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
Reference in a new issue View git blame Copy permalink