+# = Class: roles::mailrelay
+#
+# Setup for mailrelay hosts
+#
+# == Sample Usage:
+#
+# include roles::mailrelay
+#
class roles::mailrelay {
- exim::vdomain { 'admin.debian.org':
- user => mail_admin,
- group => mail_admin,
- alias_file => 'puppet:///modules/exim/admin.debian.org/aliases'
- }
+ include exim::mailrelay
+
+ include roles::pubsub::parameters
+
+ $rabbit_password = $roles::pubsub::parameters::rabbit_password
+
+ roles::pubsub::config { 'emailvdomains':
+ key => 'dsa-emailvdomains-receive',
+ exchange => dsa,
+ queue => "email-${::fqdn}",
+ topic => 'dsa.email.update',
+ vhost => dsa,
+ username => $::fqdn,
+ password => $rabbit_password
+ }
+
+ # smtp firewalling setup
+ ###
+ @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}":
+ tag => 'smtp::server::to::mail-satellite',
+ description => 'Allow smtp access from a mailrelay',
+ port => '7', # will be overwritten on collection
+ saddr => $base::public_addresses,
+ }
+
+ ferm::rule::simple { 'submission-from-satellites':
+ target => 'submission',
+ port => 'submission',
+ }
+ Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+
+ $autocertdir = hiera('paths.auto_certs_dir')
+ dnsextras::tlsa_record{ 'tlsa-submission':
+ zone => 'debian.org',
+ certfile => "${autocertdir}/${::fqdn}.crt",
+ port => 587,
+ hostname => $::fqdn,
+ }
}