puppet/postfix/manifests/init.pp

# Install Postfix packages.
#
# === Global variables
#
#   $mail_domain:
#       SMTP domain name.
#
#   $mydestination:
#       Destinations we will accept and relay mail for.
#
#   $mail_server:
#       Optional smarthost used for sending mail.
#
#   $postfix_hostname:
#       Hostname of postfix server. Defaults to $fqdn.
#
#   $postfix_interfaces:
#       Interfaces to listen. Defaults to 'localhost'.
#
#   $postfix_networks:
#       Optional value for mynetworks variable.
#
#   $postfix_home_mailbox:
#       Optional value for home_mailbox variable.
#
#   $postfix_rbl:
#       List of RBL hosts to use.
#
#   $postfix_key:
#       Path to SSL private key. Defaults to puppet client key.
#
#   $postfix_cert:
#       Path to SSL certificate. Defaults to puppet client certificate.
#
#   $postgrey:
#       Whether to run postgrey or not.
#
#   $submission:
#       Whether to enable submission (and sasl::saslauthd).
#
#   $cyrus_lmtp:
#       Whether to enable cyrus-lmtp delivery.
class postfix {

    include ssl

    if !$postfix_key {
        $postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem"
    }
    if !$postfix_cert {
        $postfix_cert = "${puppet_ssldir}/certs/${homename}.pem"
    }

    if !$mail_domain {
        if $domain {
            $mail_domain = $domain
        } else {
            fail("Failed to set \$mail_domain, missing \$domain")
        }
    }

    if !$postfix_hostname {
        if $fqdn {
            $postfix_hostname = $fqdn
        } else {
            fail("Failed to set \$postfix_hostname, missing \$fqdn")
        }
    }

    if !$postfix_interfaces {
        $postfix_interfaces = "localhost"
    }


    if $postgrey {
        case $::operatingsystem {
            "debian","ubuntu": {
                package {"postgrey": ensure => installed,}
            }
            default: {
                fail("Postgrey module not yet supported in ${::operatingsystem}.")
            }
        }
    }

    package { "postfix":
        ensure => installed,
    }

    service { "postfix":
        ensure  => running,
        enable  => true,
        require => Package["postfix"],
    }

    file { "${ssl::certs}/postfix.crt":
        ensure  => present,
        source  => $postfix_cert,
        mode    => "0644",
        owner   => "root",
        group   => "root",
        notify  => Service["postfix"],
    }
    file { "${ssl::private}/postfix.key":
        ensure  => present,
        source  => $postfix_key,
        mode    => "0600",
        owner   => "root",
        group   => "root",
        notify  => Service["postfix"],
    }

    file { "/etc/postfix/main.cf":
        ensure  => present,
        mode    => "0644",
        owner   => "root",
        group   => "root",
        content => template("postfix/main.cf.erb"),
        notify  => Service["postfix"],
        require => Package["postfix"],
    }

    if $submission {
        include sasl::saslauthd
        file { "/var/spool/postfix/var":
            ensure => directory,
            mode => "0755",
            owner => "root",
            group => "root",
        }
        file { "/var/spool/postfix/var/run":
            ensure => directory,
            mode => "0755",
            owner => "root",
            group => "root",
        }
        file { "/var/spool/postfix/var/run/saslauthd":
            ensure => directory,
            mode => "0755",
            owner => "root",
            group => "root",
        }
        mount { "/var/spool/postfix/var/run/saslauthd":
            name => "/var/run/saslauthd",
            ensure  => mounted,
            atboot  => true,
            device  => "none",
            fstype  => "tmpfs",
            options => "uid=postfix,gid=postfix,mode=0710",
            dump    => "0",
            pass    => "0",
            require => File["/var/spool/postfix/var/run/saslauthd"],
            before  => Service["postfix"],
        }
    }

    file { "/etc/postfix/master.cf":
        ensure  => present,
        mode    => "0644",
        owner   => "root",
        group   => "root",
        content => template("postfix/master.cf.erb"),
        notify  => Service["postfix"],
        require => Package["postfix"],
    }

    file { "/etc/aliases":
        ensure  => present,
        source  => [
          "puppet:///files/mail/aliases.${homename}",
          "puppet:///files/mail/aliases",
          "puppet:///modules/postfix/aliases",
        ],
        mode    => "0644",
        owner   => "root",
        group   => "root",
        notify  => Exec["newaliases"],
    }
    exec { "newaliases":
        path        => "/bin:/usr/bin:/sbin:/usr/sbin",
        refreshonly => true,
    }

    file { "/etc/postfix/virtual":
        ensure  => present,
        source  => [
          "puppet:///files/mail/virtual.${homename}",
          "puppet:///files/mail/virtual",
          "puppet:///modules/postfix/empty",
        ],
        mode    => "0644",
        owner   => "root",
        group   => "root",
        notify  => Exec["postmap /etc/postfix/virtual"],
    }
    exec { "postmap /etc/postfix/virtual":
        path        => "/bin:/usr/bin:/sbin:/usr/sbin",
        refreshonly => true,
    }

}