3 $is_mailrelay = has_role('mailrelay')
4 $is_bugsmx = has_role('bugsmx')
5 $is_rtmaster = has_role('rtmaster')
6 $is_packagesmaster = has_role('packagesmaster')
7 $is_packagesqamaster = has_role('packagesqamaster')
9 include exim::vdomain::setup
10 include debian_org::mail_incoming_port
12 munin::check { 'ps_exim4': script => 'ps_' }
13 munin::check { 'exim_mailqueue': }
14 munin::check { 'exim_mailstats': }
16 munin::check { 'postfix_mailqueue': ensure => absent }
17 munin::check { 'postfix_mailstats': ensure => absent }
18 munin::check { 'postfix_mailvolume': ensure => absent }
20 package { 'exim4-daemon-heavy': ensure => installed }
22 Package['exim4-daemon-heavy']->Mailalias<| |>
24 concat::fragment { 'virtual_domain_template':
25 target => '/etc/exim4/virtualdomains',
26 content => template('exim/virtualdomains.erb'),
33 File['/etc/exim4/exim4.conf'],
34 Package['exim4-daemon-heavy'],
41 require => Package['exim4-daemon-heavy'],
44 file { '/etc/exim4/conf.d':
49 source => 'puppet:///files/empty/',
51 file { '/etc/exim4/ssl':
53 group => 'Debian-exim',
57 file { '/etc/exim4/exim4.conf':
58 content => template('exim/eximconf.erb'),
59 require => File['/etc/exim4/ssl/thishost.crt'],
60 notify => Service['exim4'],
62 file { '/etc/mailname':
63 content => template('exim/mailname.erb'),
65 file { '/etc/exim4/manualroute':
66 content => template('exim/manualroute.erb')
68 file { '/etc/exim4/locals':
69 content => template('exim/locals.erb')
71 file { '/etc/exim4/submission-domains':
72 content => template('exim/submission-domains.erb'),
74 file { '/etc/exim4/host_blacklist':
75 source => 'puppet:///modules/exim/common/host_blacklist',
77 file { '/etc/exim4/blacklist':
78 source => 'puppet:///modules/exim/common/blacklist',
80 file { '/etc/exim4/callout_users':
81 source => 'puppet:///modules/exim/common/callout_users',
83 file { '/etc/exim4/grey_users':
84 source => 'puppet:///modules/exim/common/grey_users',
86 file { '/etc/exim4/helo-check':
87 source => 'puppet:///modules/exim/common/helo-check',
89 file { '/etc/exim4/localusers':
90 source => 'puppet:///modules/exim/common/localusers',
92 file { '/etc/exim4/rbllist':
93 source => 'puppet:///modules/exim/common/rbllist',
95 file { '/etc/exim4/rhsbllist':
96 source => 'puppet:///modules/exim/common/rhsbllist',
98 file { '/etc/exim4/whitelist':
99 source => 'puppet:///modules/exim/common/whitelist',
101 file { '/etc/logrotate.d/exim4-base':
102 source => 'puppet:///modules/exim/common/logrotate-exim4-base',
104 file { '/etc/logrotate.d/exim4-paniclog':
105 source => 'puppet:///modules/exim/common/logrotate-exim4-paniclog'
107 file { '/etc/exim4/ssl/thishost.crt':
108 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".crt") %>'),
109 group => 'Debian-exim',
112 file { '/etc/exim4/ssl/thishost.key':
113 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/" + @fqdn + ".key") %>'),
114 group => 'Debian-exim',
117 file { '/etc/exim4/ssl/ca.crt':
118 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crt") %>'),
119 group => 'Debian-exim',
122 file { '/etc/exim4/ssl/ca.crl':
123 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.auto_certs_dir"]) + "/ca.crl") %>'),
124 group => 'Debian-exim',
127 file { '/var/log/exim4':
130 owner => 'Debian-exim',
134 # Do we actually want this? I'm only doing it because it's harmless
135 # and makes the logs quiet. There are better ways of making logs quiet,
137 ferm::rule { 'dsa-ident':
138 domain => '(ip ip6)',
139 description => 'Allow ident access',
140 rule => '&SERVICE(tcp, 113)'
143 # These only affect the alias @$fqdn, not say, @debian.org