tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
puppet/postfix/manifests/init.pp
Ossi Salmi 7ca414fc9f postfix: Add support for ECDSA certificates
2013-11-05 01:14:45 +02:00

260 lines
6.9 KiB
Puppet
Raw Blame History

# Install Postfix packages.
#
# === Global variables
#
# $mail_domain:
# SMTP domain name.
#
# $mydestination:
# Destinations we will accept and relay mail for.
#
# $mail_server:
# Optional smarthost used for sending mail.
#
# $postfix_hostname:
# Hostname of postfix server. Defaults to $homename.
#
# $postfix_interfaces:
# Interfaces to listen. Defaults to 'localhost'.
#
# $postfix_networks:
# Optional value for mynetworks variable.
#
# $postfix_home_mailbox:
# Optional value for home_mailbox variable.
#
# $postfix_rbl:
# List of RBL hosts to use.
#
# $postfix_key:
# Path to SSL private key. Defaults to puppet client key.
#
# $postfix_cert:
# Path to SSL certificate. Defaults to puppet client certificate.
#
# $postfix_ec_key:
# Path to ECDSA private key.
#
# $postfix_ec_cert:
# Path to ECDSA certificate.
#
# $postfix_chain:
# Path to intermediary CA cert.
#
# $postgrey:
# Whether to run postgrey or not.
#
# $submission:
# Whether to enable submission (and sasl::saslauthd).
#
# $cyrus_lmtp:
# Whether to enable cyrus-lmtp delivery.
class postfix {
include ssl
if !$postfix_key {
$postfix_key = "${puppet_ssldir}/private_keys/${homename}.pem"
}
if !$postfix_cert {
$postfix_cert = "${puppet_ssldir}/certs/${homename}.pem"
}
if !$mail_domain {
if $::domain {
$mail_domain = $::domain
} else {
fail("Failed to set \$mail_domain, missing \$domain")
}
}
if !$postfix_hostname {
$postfix_hostname = $::homename
}
if !$postfix_interfaces {
$postfix_interfaces = "localhost"
}
file { "${ssl::certs}/postfix.crt":
ensure => present,
source => $postfix_cert,
mode => "0644",
owner => "root",
group => "root",
require => Package["postfix"],
notify => Service["postfix"],
}
if $postfix_chain {
file { "${ssl::certs}/postfix-chain.crt":
ensure => present,
source => $postfix_chain,
mode => "0644",
owner => "root",
group => "root",
require => Package["postfix"],
notify => Service["postfix"],
}
}
file { "${ssl::private}/postfix.key":
ensure => present,
source => $postfix_key,
mode => "0640",
owner => "root",
group => "postfix",
require => Package["postfix"],
notify => Service["postfix"],
}
if $postfix_ec_cert and $postfix_ec_key {
file { "${ssl::certs}/postfix-ec.crt":
ensure => present,
source => $postfix_ec_cert,
mode => "0644",
owner => "root",
group => "root",
require => Package["postfix"],
notify => Service["postfix"],
}
file { "${ssl::private}/postfix-ec.key":
ensure => present,
source => $postfix_ec_key,
mode => "0640",
owner => "root",
group => "postfix",
require => Package["postfix"],
notify => Service["postfix"],
}
}
exec { "usermod-postfix-ssl-cert":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G ssl-cert postfix",
unless => "id -n -G postfix | grep '\\bssl-cert\\b'",
notify => Service["postfix"],
}
if $postgrey {
case $::operatingsystem {
"debian","ubuntu": {
package {"postgrey": ensure => installed,}
exec { "usermod-postfix":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "usermod -a -G mail postfix",
unless => "id -n -G postfix | grep '\\bmail\\b'",
}
}
default: {
fail("Postgrey module not yet supported in ${::operatingsystem}.")
}
}
}
package { "postfix":
ensure => installed,
}
service { "postfix":
ensure => running,
enable => true,
require => Package["postfix"],
}
file { "/etc/postfix/main.cf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("postfix/main.cf.erb"),
notify => Service["postfix"],
require => Package["postfix"],
}
if $submission {
include sasl::saslauthd
file { "/var/spool/postfix/var":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/spool/postfix/var/run":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
file { "/var/spool/postfix/var/run/saslauthd":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
mount { "/var/spool/postfix/var/run/saslauthd":
ensure => mounted,
atboot => true,
device => "/var/run/saslauthd",
options => "bind,noauto",
fstype => "bind",
dump => "0",
pass => "0",
}
file { "/etc/postfix/sasl/smtpd.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///modules/postfix/smtpd.conf",
notify => Service["postfix"],
}
}
file { "/etc/postfix/master.cf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
content => template("postfix/master.cf.erb"),
notify => Service["postfix"],
require => Package["postfix"],
}
file { "/etc/aliases":
ensure => present,
source => [
"puppet:///files/mail/aliases.${homename}",
"puppet:///files/mail/aliases",
"puppet:///modules/postfix/aliases",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["newaliases"],
}
exec { "newaliases":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
file { "/etc/postfix/virtual":
ensure => present,
source => [
"puppet:///files/mail/virtual.${homename}",
"puppet:///files/mail/virtual",
"puppet:///modules/postfix/empty",
],
mode => "0644",
owner => "root",
group => "root",
notify => Exec["postmap /etc/postfix/virtual"],
}
exec { "postmap /etc/postfix/virtual":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
}
}
Reference in a new issue View git blame Copy permalink