switch postfix smarthost config to classparams

diff --git a/data/common.yaml b/data/common.yaml
index e724e5f..493121e 100644 (file)
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -13,6 +13,7 @@ resolv::searchpaths: ['debian.org']
 staticsync::user: 'staticsync'
 staticsync::basedir: '/srv/static.debian.org'
 exim::smarthost: 'mailout.debian.org'
+postfix::smarthost: 'mailout.debian.org'
 
 roles::dns_primary::allow_access:
   # easydns

diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index 88591a9..000522d 100644 (file)
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,10 +1,23 @@
+# postfix class
+# @param use_smarthost use the smarthost
+# @param smarthost host to relay through (if set and use_smarthost)
 class postfix(
+  Optional[String] $smarthost,
+  Boolean $use_smarthost = true,
   Boolean $manage_maincf = true,
 ) {
   package { 'postfix':
     ensure => installed
   }
 
+  if $use_smarthost {
+    if ! smarthost {
+      fail('No smarthost set but use_smarthost is true')
+    }
+  } else {
+    $heavy = true
+  }
+
   service { 'postfix':
     ensure => running
   }

diff --git a/modules/postfix/templates/main.cf-header.erb b/modules/postfix/templates/main.cf-header.erb
index 6f6cbe5..0934738 100644 (file)
--- a/modules/postfix/templates/main.cf-header.erb
+++ b/modules/postfix/templates/main.cf-header.erb
@@ -4,12 +4,12 @@ mydomain = debian.org
 compatibility_level = 2
 smtp_dns_support_level = dnssec
 
-<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
-smtp_tls_security_level = dane
-<%- else -%>
+<%- if @use_smarthost -%>
 smtp_tls_security_level = dane-only
 # yes, do MX lookups on the relayhost, since those have TLSA records
-relayhost = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>:submission
+relayhost = <%= @smarthost %>:submission
+<%- else -%>
+smtp_tls_security_level = dane
 <%- end -%>
 
 # tls stuff