X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fpostfix%2Fmanifests%2Finit.pp;h=4d5c31d120fc680e695e5e0633dcc758fe5c8fe9;hb=fd745dda71cdc384b5c09294951d83087514ff15;hp=6ac79cbb918f679c0697e0965527871f4b45f8ea;hpb=f1a454006b168f623b4c234f45f9a0f8b3c36166;p=mirror%2Fdsa-puppet.git

diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index 6ac79cbb9..4d5c31d12 100644
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,26 +1,54 @@
-class postfix {
+# postfix class
+# @param use_smarthost use the smarthost
+# @param smarthost host to relay through (if set and use_smarthost)
+class postfix(
+  Optional[String] $smarthost,
+  Boolean $use_smarthost = true,
+  Boolean $manage_maincf = true,
+) {
+  package { 'postfix':
+    ensure => installed
+  }
 
-	package { 'postfix':
-		ensure => installed
-	}
+  if $use_smarthost {
+    if ! smarthost {
+      fail('No smarthost set but use_smarthost is true')
+    }
+  } else {
+    $heavy = true
+  }
 
-	service { 'postfix':
-		ensure => running
-	}
+  service { 'postfix':
+    ensure => running
+  }
 
-	munin::check { 'ps_exim4':       ensure => absent }
-	munin::check { 'exim_mailqueue': ensure => absent }
-	munin::check { 'exim_mailstats': ensure => absent }
+  munin::check { 'ps_exim4':       ensure => absent }
+  munin::check { 'exim_mailqueue': ensure => absent }
+  munin::check { 'exim_mailstats': ensure => absent }
 
-	munin::check { 'postfix_mailqueue': }
-	munin::check { 'postfix_mailstats': }
-	munin::check { 'postfix_mailvolume': }
-	munin::check { 'ps_smtp': script => 'ps_' }
-	munin::check { 'ps_smtpd': script => 'ps_' }
+  munin::check { 'postfix_mailqueue': }
+  munin::check { 'postfix_mailstats': }
+  munin::check { 'postfix_mailvolume': }
+  munin::check { 'ps_smtp': script => 'ps_' }
+  munin::check { 'ps_smtpd': script => 'ps_' }
 
-	@ferm::rule { 'smtp':
-		domain      => '(ip ip6)',
-		description => 'Allow smtp access',
-		rule        => '&SERVICE(tcp, 25)'
-	}
+  if $manage_maincf {
+    concat { '/etc/postfix/main.cf':
+      notify  => Exec['service postfix reload'],
+    }
+    concat::fragment { 'puppet-postfix-main.cf--header':
+      target  => '/etc/postfix/main.cf',
+      order   => '000',
+      content => template('postfix/main.cf-header.erb')
+    }
+  } else {
+    include fail2ban::postfix
+  }
+
+  exec { 'service postfix reload':
+    path        => '/usr/bin:/usr/sbin:/bin:/sbin',
+    command     => 'service postfix reload',
+    refreshonly => true,
+    require     =>  Package['postfix'],
+  }
 }