modules/salsa/manifests/mail.pp

   1 #
   2 class salsa::mail inherits salsa {
   3         package { [
   4                 'dovecot-imapd',
   5                 'dovecot-lmtpd',
   6                 ]:
   7                 ensure => installed
   8         }
   9         service { 'dovecot':
  10                 ensure => running,
  11         }
  12
  13         group { '_vmail':
  14                 system => true,
  15                 ensure => 'present',
  16         }
  17         user { '_vmail':
  18                 system => true,
  19                 gid    => '_vmail',
  20                 ensure => 'present',
  21                 home   => '/srv/mail',
  22                 shell  => '/bin/false',
  23         }
  24
  25         file { '/srv/mail':
  26                 ensure => 'directory',
  27                 mode => '0700',
  28                 owner => '_vmail',
  29                 group => '_vmail',
  30         }
  31
  32         $pw_salt = hkdf('/etc/puppet/secret', "mail-imap-dovecot-${::hostname}-${salsa::servicename}-${salsa::mail_username}-salt-generator")
  33         $hashed_pw = pw_hash($salsa::mail_password, 'SHA-512', $pw_salt)
  34         file { '/etc/dovecot/users':
  35                 mode => '440',
  36                 group => 'dovecot',
  37                 content  => @("EOF"),
  38                                 ${salsa::mail_username}:${hashed_pw}:::
  39                                 | EOF
  40         }
  41
  42         file { '/etc/dovecot/conf.d/10-auth.conf':
  43                 content  => @(EOF),
  44                                 auth_mechanisms = plain
  45                                 disable_plaintext_auth = no
  46
  47                                 passdb {
  48                                   driver = passwd-file
  49                                   args = scheme=CRYPT username_format=%u /etc/dovecot/users
  50                                 }
  51
  52                                 userdb {
  53                                   driver = passwd-file
  54                                   args = username_format=%u /etc/dovecot/users
  55                                   default_fields = uid=_vmail gid=_vmail home=/srv/mail/%u
  56                                 }
  57                                 | EOF
  58                 notify => Service['dovecot'],
  59         }
  60         file { '/etc/dovecot/local.conf':
  61                 content  => @(EOF),
  62                                 mail_location = maildir:~/Maildir
  63
  64                                 service imap-login {
  65                                   inet_listener imap {
  66                                         address = 127.0.0.1
  67                                   }
  68                                 }
  69
  70                                 service lmtp {
  71                                   unix_listener /var/spool/postfix/private/dovecot-lmtp {
  72                                     group = postfix
  73                                     user = postfix
  74                                     mode = 0660
  75                                   }
  76                                   client_limit = 1
  77                                 }
  78
  79                                 | EOF
  80                 notify => Service['dovecot'],
  81         }
  82
  83         concat::fragment { 'puppet-postfix-main.cf--salsa':
  84                 target => '/etc/postfix/main.cf',
  85                 order  => '020',
  86                 content => @("EOF"),
  87                                 recipient_delimiter = +
  88
  89                                 mydestination =
  90                                 virtual_transport = lmtp:unix:private/dovecot-lmtp
  91                                 virtual_mailbox_domains = ${salsa::servicename}
  92                                 virtual_alias_maps = hash:/etc/postfix/virtual
  93
  94                                 | EOF
  95         }
  96         exec { '/usr/sbin/postmap /etc/postfix/virtual':
  97                 refreshonly => true,
  98                 require =>  Package['postfix'],
  99         }
 100         file { '/etc/postfix/virtual':
 101                 content  => @("EOF"),
 102                                 postmaster@${salsa::servicename} postmaster@debian.org
 103                                 admin@${salsa::servicename}      salsa-admin@debian.org
 104                                 | EOF
 105                 notify => Exec['/usr/sbin/postmap /etc/postfix/virtual'],
 106         }
 107
 108 }