add start of a postfix module to hang firewall rules/monitoring/etc off

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/manifests/site.pp b/manifests/site.pp
index bec319b..18e2377 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -52,6 +52,8 @@ node default {
                } else {
                        include exim
                }
+       } elsif $::hostname == 'bendel' {
+               include postfix
        }
 
        if $::lsbdistcodename != 'lenny' {

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 5a99b14..9f642ca 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -91,13 +91,6 @@ class ferm::per-host {
                                rule            => '&SERVICE(tcp, 6523)'
                        }
                }
-               bendel: {
-                       @ferm::rule { 'smtp':
-                               domain          => '(ip ip6)',
-                               description     => 'Allow smtp access',
-                               rule            => '&SERVICE(tcp, 25)'
-                       }
-               }
                draghi: {
                        #@ferm::rule { 'dsa-bind':
                        #    domain          => '(ip ip6)',

diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
new file mode 100644 (file)
index 0000000..0d10b4e
--- /dev/null
+++ b/modules/postfix/manifests/init.pp
@@ -0,0 +1,17 @@
+class postfix {
+       munin::check { 'ps_exim4':       ensure => absent }
+       munin::check { 'exim_mailqueue': ensure => absent }
+       munin::check { 'exim_mailstats': ensure => absent }
+
+       munin::check { 'postfix_mailqueue': }
+       munin::check { 'postfix_mailstats': }
+       munin::check { 'postfix_mailvolume': }
+       munin::check { 'ps_smtp': script => 'ps_' }
+       munin::check { 'ps_smtpd': script => 'ps_' }
+
+       @ferm::rule {
+               domain      => '(ip ip6)',
+               description => 'Allow smtp access',
+               rule        => '&SERVICE(tcp, 25)'
+       }
+}