2 # @param use_smarthost use the smarthost
3 # @param smarthost host to relay through (if set and use_smarthost)
4 # @param is_bugsmx this system handles bugs.debian.org
5 # @param is_mailrelay this system is a mailrelay, both in and out, for debian hosts
6 # @param is_rtmaster this system handles rt.debian.org
7 # @param is_packagesmaster this system handles packages.debian.org
8 # @param is_packagesqamaster this system handles packages.qa.debian.org
9 # @param is_trackermaster this system handles tracker.debian.org
10 # @param mail_port override the default incoming mailport (only applicable for hosts behind an incoming relay)
11 # @param smarthost_port the port on which satellites send mail to the smarthost (needs to be the same on both sides)
13 Optional[String] $smarthost,
14 Boolean $use_smarthost = true,
15 Boolean $is_bugsmx = false,
16 Boolean $is_mailrelay = false,
17 Boolean $is_rtmaster = false,
18 Boolean $is_packagesmaster = false,
19 Boolean $is_packagesqamaster = false,
20 Boolean $is_trackermaster = false,
21 Integer $smarthost_port = 587,
22 Optional[Integer] $mail_port = undef,
28 fail('No smarthost set but use_smarthost is true')
33 fail('Cannot override mail_port in heavy/no-smarthost hosts')
37 munin::check { 'ps_exim4': script => 'ps_' }
38 munin::check { 'exim_mailqueue': }
39 munin::check { 'exim_mailstats': }
41 munin::check { 'postfix_mailqueue': ensure => absent }
42 munin::check { 'postfix_mailstats': ensure => absent }
43 munin::check { 'postfix_mailvolume': ensure => absent }
45 package { 'exim4-daemon-heavy': ensure => installed }
47 Package['exim4-daemon-heavy']->Mailalias<| |>
52 File['/etc/exim4/exim4.conf'],
53 Package['exim4-daemon-heavy'],
60 require => Package['exim4-daemon-heavy'],
63 file { '/etc/exim4/conf.d':
68 source => 'puppet:///files/empty/',
70 file { '/etc/exim4/ssl':
72 group => 'Debian-exim',
76 file { '/etc/exim4/exim4.conf':
77 content => template('exim/eximconf.erb'),
78 require => File['/etc/exim4/ssl/thishost.crt'],
79 notify => Service['exim4'],
81 file { '/etc/mailname':
82 content => template('exim/mailname.erb'),
85 concat { '/etc/exim4/virtualdomains': }
86 concat::fragment { 'virtualdomains_header':
87 target => '/etc/exim4/virtualdomains',
88 content => template('exim/virtualdomains.header.erb'),
92 file { '/etc/exim4/locals':
93 content => template('exim/locals.erb')
96 concat { '/etc/exim4/submission-domains':
97 ensure_newline => true,
99 ## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
103 file { '/etc/exim4/host_blacklist':
104 source => 'puppet:///modules/exim/common/host_blacklist',
106 file { '/etc/exim4/blacklist':
107 source => 'puppet:///modules/exim/common/blacklist',
109 file { '/etc/exim4/callout_users':
110 source => 'puppet:///modules/exim/common/callout_users',
112 file { '/etc/exim4/grey_users':
113 source => 'puppet:///modules/exim/common/grey_users',
115 file { '/etc/exim4/helo-check':
116 source => 'puppet:///modules/exim/common/helo-check',
118 file { '/etc/exim4/localusers':
119 source => 'puppet:///modules/exim/common/localusers',
121 file { '/etc/exim4/rbllist':
122 source => 'puppet:///modules/exim/common/rbllist',
124 file { '/etc/exim4/rhsbllist':
125 source => 'puppet:///modules/exim/common/rhsbllist',
127 file { '/etc/exim4/whitelist':
128 source => 'puppet:///modules/exim/common/whitelist',
130 file { '/etc/logrotate.d/exim4-base':
131 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
133 file { '/etc/logrotate.d/exim4-paniclog':
134 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
136 file { '/etc/exim4/ssl/thishost.crt':
137 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".crt") %>'),
138 group => 'Debian-exim',
141 file { '/etc/exim4/ssl/thishost.key':
142 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".key") %>'),
143 group => 'Debian-exim',
146 file { '/etc/exim4/ssl/ca.crt':
147 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crt") %>'),
148 group => 'Debian-exim',
151 file { '/etc/exim4/ssl/ca.crl':
152 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crl") %>'),
153 group => 'Debian-exim',
156 file { '/var/log/exim4':
159 owner => 'Debian-exim',
163 # Do we actually want this? I'm only doing it because it's harmless
164 # and makes the logs quiet. There are better ways of making logs quiet,
166 ferm::rule { 'dsa-ident':
167 domain => '(ip ip6)',
168 description => 'Allow ident access',
169 rule => '&SERVICE(tcp, 113)'
172 # These only affect the alias @$fqdn, not say, @debian.org