X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fmailrelay.pp;h=6be074edcc01aec823f3cdbaf62cc5def2bf4cd3;hb=fa67a3c70b0ad6f46691ee1495dfa7f249143d52;hp=c6abab28a76e349a84f6d425d0194963848b166f;hpb=7e5b0998aa9eebbcf6992944cbdd1af623029ab1;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp index c6abab28a..6be074edc 100644 --- a/modules/roles/manifests/mailrelay.pp +++ b/modules/roles/manifests/mailrelay.pp @@ -1,8 +1,48 @@ +# = Class: roles::mailrelay +# +# Setup for mailrelay hosts +# +# == Sample Usage: +# +# include roles::mailrelay +# class roles::mailrelay { - exim::vdomain { 'admin.debian.org': - user => mail_admin, - group => mail_admin, - maildir => '/org/admin.debian.org/mail/', - alias_file => 'puppet:///modules/exim/admin.debian.org/aliases' - } + include exim::mailrelay + + include roles::pubsub::parameters + + $rabbit_password = $roles::pubsub::parameters::rabbit_password + + roles::pubsub::config { 'emailvdomains': + key => 'dsa-emailvdomains-receive', + exchange => dsa, + queue => "email-${::fqdn}", + topic => 'dsa.email.update', + vhost => dsa, + username => $::fqdn, + password => $rabbit_password + } + + # smtp firewalling setup + ### + @@ferm::rule::simple { "dsa-smtp-from-mailrelay-${::fqdn}": + tag => 'smtp::server::to::mail-satellite', + description => 'Allow smtp access from a mailrelay', + port => '7', # will be overwritten on collection + saddr => $base::public_addresses, + } + + ferm::rule::simple { 'submission-from-satellites': + target => 'submission', + port => 'submission', + } + Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>> + + $autocertdir = hiera('paths.auto_certs_dir') + dnsextras::tlsa_record{ 'tlsa-submission': + zone => 'debian.org', + certfile => "${autocertdir}/${::fqdn}.crt", + port => 587, + hostname => $::fqdn, + } }