Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- class profile::postfix {
- if $::fqdn == lookup('postfix::master'){
- $relayhost = lookup('postfix::external_relay')
- $mynetworks = lookup('postfix::allowed_networks')
- $smtp_listen = '0.0.0.0'
- } else {
- $relayhost = lookup('postfix::master')
- }
- $mta = true
- $root_mail_recipient = lookup('postfix::admin')
- $virtual_maps = lookup('postfix::virtual_maps')
- $gmail_account = lookup('postfix::gmail_account')
- $gmail_password = lookup('postfix::gmail_password')
- $sasl_packages = [ 'cyrus-sasl', 'cyrus-sasl-lib', 'cyrus-sasl-plain' ]
- if $::fqdn == lookup('postfix::master') {
- package { $sasl_packages: ensure => 'installed' }
- postfix::config {
- 'smtp_sasl_auth_enable': ensure => present, value => 'yes';
- 'smtp_sasl_password_maps': ensure => present, value => 'hash:/etc/postfix/sasl_password';
- 'smtp_sasl_security_options': ensure => present, value => 'noanonymous';
- 'smtp_tls_security_level': ensure => present, value => 'secure';
- 'smtp_tls_mandatory_protocols': ensure => present, value => 'TLSv1';
- 'smtp_tls_mandatory_ciphers': ensure => present, value => 'high';
- 'smtp_tls_secure_cert_match': ensure => present, value => 'nexthop';
- 'smtp_tls_CAfile': ensure => present, value => '/etc/pki/tls/certs/ca-bundle.crt';
- 'header_checks': ensure => present, value => 'regexp:/etc/postfix/header_checks';
- }
- postfix::hash { '/etc/postfix/sasl_password':
- ensure => 'present',
- content => "$relayhost ${gmail_account}:${gmail_password}"
- }
- postfix::hash { '/etc/postfix/header_checks':
- ensure => 'present',
- source => 'puppet:///modules/postfix/header_checks',
- }
- }
- class { 'postfix':
- relayhost => $relayhost,
- smtp_listen => $smtp_listen,
- mta => $mta,
- mynetworks => $mynetworks,
- virtual_maps => $virtual_maps,
- root_mail_recipient => $root_mail_recipient,
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement