From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 30 Aug 2017 07:14:29 +0000 (+0200)
Subject: confine allow-all smtp in postfix to role lists
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=90ce75f592da77241768d0f865cf21320d68dbe5;p=mirror%2Fdsa-puppet.git

confine allow-all smtp in postfix to role lists
---

diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index 6ac79cbb9..3367cbb04 100644
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,5 +1,4 @@
 class postfix {
-
 	package { 'postfix':
 		ensure => installed
 	}
@@ -18,9 +17,11 @@ class postfix {
 	munin::check { 'ps_smtp': script => 'ps_' }
 	munin::check { 'ps_smtpd': script => 'ps_' }
 
-	@ferm::rule { 'smtp':
-		domain      => '(ip ip6)',
-		description => 'Allow smtp access',
-		rule        => '&SERVICE(tcp, 25)'
+	if has_role('lists') {
+		@ferm::rule { 'smtp':
+			domain      => '(ip ip6)',
+			description => 'Allow smtp access',
+			rule        => '&SERVICE(tcp, 25)'
+		}
 	}
 }