projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
We want to drop some aliases on exim systems
[mirror/dsa-puppet.git]
/
modules
/
exim
/
manifests
/
init.pp
diff --git
a/modules/exim/manifests/init.pp
b/modules/exim/manifests/init.pp
index
38a77a8
..
9f36224
100644
(file)
--- a/
modules/exim/manifests/init.pp
+++ b/
modules/exim/manifests/init.pp
@@
-1,5
+1,7
@@
class exim {
class exim {
+ include exim::vdomain::setup
+
munin::check { 'ps_exim4': script => 'ps_' }
munin::check { 'exim_mailqueue': }
munin::check { 'exim_mailstats': }
munin::check { 'ps_exim4': script => 'ps_' }
munin::check { 'exim_mailqueue': }
munin::check { 'exim_mailstats': }
@@
-10,9
+12,20
@@
class exim {
package { 'exim4-daemon-heavy': ensure => installed }
package { 'exim4-daemon-heavy': ensure => installed }
+ Package['exim4-daemon-heavy']->Mailalias<| |>
+
+ concat::fragment { 'virtual_domain_template':
+ target => '/etc/exim4/virtualdomains',
+ content => template('exim/virtualdomains.erb'),
+ order => 05,
+ }
+
service { 'exim4':
ensure => running,
service { 'exim4':
ensure => running,
- require => File['/etc/exim4/exim4.conf'],
+ require => [
+ File['/etc/exim4/exim4.conf'],
+ Package['exim4-daemon-heavy'],
+ ]
}
file { '/etc/exim4/':
}
file { '/etc/exim4/':
@@
-22,11
+35,15
@@
class exim {
purge => true,
}
file { '/etc/exim4/Git':
purge => true,
}
file { '/etc/exim4/Git':
- ensure => directory,
- purge => true,
+ ensure => absent,
force => true,
force => true,
+ }
+ # git checkouts through puppet. yummy.
+ file { '/etc/exim4/email-virtualdomains':
recurse => true,
recurse => true,
- source => 'puppet:///files/empty/',
+ source => 'puppet:///modules/exim/email-virtualdomains',
+ purge => true,
+ ignore => '.git',
}
file { '/etc/exim4/conf.d':
ensure => directory,
}
file { '/etc/exim4/conf.d':
ensure => directory,
@@
-43,6
+60,7
@@
class exim {
}
file { '/etc/exim4/exim4.conf':
content => template('exim/eximconf.erb'),
}
file { '/etc/exim4/exim4.conf':
content => template('exim/eximconf.erb'),
+ require => File['/etc/exim4/ssl/thishost.crt'],
notify => Service['exim4'],
}
file { '/etc/mailname':
notify => Service['exim4'],
}
file { '/etc/mailname':
@@
-54,9
+72,6
@@
class exim {
file { '/etc/exim4/locals':
content => template('exim/locals.erb')
}
file { '/etc/exim4/locals':
content => template('exim/locals.erb')
}
- file { '/etc/exim4/virtualdomains':
- content => template('exim/virtualdomains.erb'),
- }
file { '/etc/exim4/submission-domains':
content => template('exim/submission-domains.erb'),
}
file { '/etc/exim4/submission-domains':
content => template('exim/submission-domains.erb'),
}
@@
-122,18
+137,24
@@
class exim {
case getfromhash($site::nodeinfo, 'mail_port') {
/^(\d+)$/: { $mail_port = $1 }
case getfromhash($site::nodeinfo, 'mail_port') {
/^(\d+)$/: { $mail_port = $1 }
- default: { $mail_port = '
smtp
' }
+ default: { $mail_port = '
25
' }
}
@ferm::rule { 'dsa-exim':
description => 'Allow SMTP',
}
@ferm::rule { 'dsa-exim':
description => 'Allow SMTP',
- rule =>
'&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)'
+ rule =>
"&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
}
@ferm::rule { 'dsa-exim-v6':
description => 'Allow SMTP',
domain => 'ip6',
}
@ferm::rule { 'dsa-exim-v6':
description => 'Allow SMTP',
domain => 'ip6',
- rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)'
+ rule => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
+ }
+ dnsextras::tlsa_record{ 'tlsa-mailport':
+ zone => 'debian.org',
+ certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+ port => $mail_port,
+ hostname => $::fqdn,
}
# Do we actually want this? I'm only doing it because it's harmless
}
# Do we actually want this? I'm only doing it because it's harmless
@@
-145,4
+166,17
@@
class exim {
rule => '&SERVICE(tcp, 113)'
}
rule => '&SERVICE(tcp, 113)'
}
+ # These only affect the alias @$fqdn, not say, @debian.org
+
+ mailalias { [
+ 'postmaster',
+ 'hostmaster',
+ 'usenet',
+ 'webmaster',
+ 'abuse',
+ 'noc',
+ 'security',
+ ]:
+ ensure => absent
+ }
}
}