confine allow-all smtp in postfix to role lists

author Peter Palfrader <peter@palfrader.org>

Wed, 30 Aug 2017 07:14:29 +0000 (09:14 +0200)

committer Peter Palfrader <peter@palfrader.org>

Wed, 30 Aug 2017 07:14:38 +0000 (09:14 +0200)
author Peter Palfrader <peter@palfrader.org>
Wed, 30 Aug 2017 07:14:29 +0000 (09:14 +0200)
committer Peter Palfrader <peter@palfrader.org>
Wed, 30 Aug 2017 07:14:38 +0000 (09:14 +0200)
diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp

index 6ac79cb..3367cbb 100644 (file)
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,5 +1,4 @@
  class postfix {
-
         package { 'postfix':
                 ensure => installed
         }
@@ -18,9 +17,11 @@ class postfix {
         munin::check { 'ps_smtp': script => 'ps_' }
         munin::check { 'ps_smtpd': script => 'ps_' }
  
-       @ferm::rule { 'smtp':
-               domain      => '(ip ip6)',
-               description => 'Allow smtp access',
-               rule        => '&SERVICE(tcp, 25)'
+       if has_role('lists') {
+               @ferm::rule { 'smtp':
+                       domain      => '(ip ip6)',
+                       description => 'Allow smtp access',
+                       rule        => '&SERVICE(tcp, 25)'
+               }
         }
  }
author	Peter Palfrader <peter@palfrader.org>
	Wed, 30 Aug 2017 07:14:29 +0000 (09:14 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Wed, 30 Aug 2017 07:14:38 +0000 (09:14 +0200)