SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!eNULL:!LOW:!MD5:!EXP:!RC4:!SEED:!DSS
<% end -%>
- <%- if has_variable?("apache2deb9") && @apache2deb9 == "true" -%>
+ <%- if has_variable?("apache2deb9") && @apache2deb9 -%>
SSLUseStapling On
# the default size is 32k, but we make it 1M.
<%- end -%>
queue_list_requires_admin = false
-<%- if has_variable?("clamd") && @clamd == "true" -%>
+<%- if has_variable?("clamd") && @clamd -%>
av_scanner = clamd:/var/run/clamav/clamd.ctl
<%- end -%>
ratelimit = 10 / 60m / per_rcpt / $sender_host_address
message = slow down (no reverse dns, mismatched ehlo, dialup, or in blacklists)
-<%- if has_variable?("policydweight") && @policydweight == "true" -%>
+<%- if has_variable?("policydweight") && @policydweight -%>
# Check with policyd-weight - this only works with a version after etch's,
# sadly. etch's version attempts to hold the socket open, since that's what
# postfix expects. Exim, on the other hand, expects the remote side to close
<%- end -%>
-<%- if has_variable?("greylistd") && @greylistd == "true" -%>
+<%- if has_variable?("greylistd") && @greylistd -%>
defer
message = $sender_host_address is not yet authorized to deliver mail from <$sender_address> to <$local_part@$domain>.
log_message = greylisted.
$local_part@$domain}\
{5s}{}{false}}
-<%- elsif has_variable?("postgrey") && @postgrey == "true" -%>
+<%- elsif has_variable?("postgrey") && @postgrey -%>
# next three are greylisting, inspired by http://www.bebt.de/blog/debian/archives/2006/07/30/T06_12_27/index.html
# this adds acl_m_grey if there isn't one (so unique per message)
warn
condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
message = Your mailer is not RFC 2047 compliant: message rejected
-<%- if has_variable?("clamd") && @clamd == "true" -%>
+<%- if has_variable?("clamd") && @clamd -%>
discard condition = ${if eq {$acl_m_prf}{blackhole}}
demime = *
malware = */defer_ok
SocksPort 0
Log notice syslog
-<%- if has_variable?("tor_ge_0_2_9") && tor_ge_0_2_9 == "true" -%>
+<%- if has_variable?("tor_ge_0_2_9") && tor_ge_0_2_9 -%>
#HiddenServiceSingleHopMode 1
#HiddenServiceNonAnonymousMode 1
<%- end -%>
[debian]
path = /srv/mirrors/debian/
-<%- unless has_variable?("has_srv_mirrors_debian") && has_srv_mirrors_debian == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian") && has_srv_mirrors_debian -%>
list = no
<%- end -%>
comment = Debian archive (contact mirrors@debian.org for access; see https://www.debian.org/mirror/size for size)
[debian-debug]
path = /srv/mirrors/debian-debug/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug -%>
list = no
<%- end -%>
comment = Debug packages for Debian archive (contact mirrors@debian.org for access)
[debian-ports]
path = /srv/mirrors/debian-ports/
-<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_debug") && has_srv_mirrors_debian_debug -%>
list = no
<%- end -%>
comment = Debian ports archive (contact mirrors@debian.org for access)
[debian-security]
path = /srv/mirrors/debian-security/
-<%- unless has_variable?("has_srv_mirrors_debian_security") && has_srv_mirrors_debian_security == "true" -%>
+<%- unless has_variable?("has_srv_mirrors_debian_security") && has_srv_mirrors_debian_security -%>
list = no
<%- end -%>
comment = Debian security archive (contact mirrors@debian.org for access)
lines = []
%w{debian debian-debug debian-ports debian-security}.each do |archive|
varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
- if has_variable?(varname) and (eval(varname)) == 'true'
+ if has_variable?(varname) and (eval(varname))
lines << " Alias /#{archive}/project/trace/ /srv/mirrors/#{archive}/project/trace/"
lines << " <Directory /srv/mirrors/#{archive}/project/trace/>"
lines << " Require all granted"
lines = []
%w{debian debian-debug debian-ports debian-security}.each do |archive|
varname = 'has_srv_mirrors_' + archive.gsub(/[\/-]/,'_')
- if has_variable?(varname) and (eval(varname)) == 'true'
+ if has_variable?(varname) and (eval(varname))
lines << "<li>#{archive} [<a href=\"/#{archive}/project/trace/\">trace directory</a>]</li>"
end
end
/dev/pts /dev/pts none rw,bind 0 0
tmpfs-shm /dev/shm tmpfs defaults,size=64m 0 0
-<%- if has_variable?("has_srv_build_trees") && has_srv_build_trees == "true" -%>
+<%- if has_variable?("has_srv_build_trees") && has_srv_build_trees -%>
/srv/build-trees /build none rw,bind 0 0
<% end %>
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
-<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key == "true" -%>
+<%- if has_variable?("has_etc_ssh_ssh_host_ed25519_key") && @has_etc_ssh_ssh_host_ed25519_key -%>
HostKey /etc/ssh/ssh_host_ed25519_key
<% end %>
#Privilege Separation is turned on for security
projects / mirror / dsa-puppet.git / commitdiff