From 0ddec3cf101140def15c2d0b7d608141a82e38f3 Mon Sep 17 00:00:00 2001 From: Tollef Fog Heen Date: Thu, 2 Jan 2014 18:22:58 +0100 Subject: [PATCH] Simply exim config slightly by checking for roles in manifest --- modules/apache2/manifests/init.pp | 6 ++-- modules/exim/manifests/init.pp | 7 ++++ modules/exim/templates/eximconf.erb | 52 ++++++++++++++--------------- 3 files changed, 36 insertions(+), 29 deletions(-) diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index b14d408d7..f29eeefeb 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -33,11 +33,11 @@ class apache2 { ensure => absent, } - if $::fqdn in $site::roles['buildd_master'] { + if has_role('buildd_master') { $memlimit = 192 * 1024**2 - } elsif $::fqdn in $site::roles['nagiosmaster']{ + } elsif has_role('nagiosmaster') { $memlimit = 96 * 1024**2 - } elsif $::fqdn in $site::roles['packagesqamaster']{ + } elsif has_role('packagesqamaster') { $memlimit = 192 * 1024**2 } else { $memlimit = 32 * 1024**2 diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 462875350..e5b051b25 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -1,5 +1,12 @@ class exim { + $is_mailrelay = has_role('mailrelay') + $is_bugsmaster = has_role('bugsmaster') + $is_bugsmx = has_role('bugsmx') + $is_rtmaster = has_role('rtmaster') + $is_packagesmaster = has_role('packagesmaster') + $is_packagesqamaster = has_role('packagesqamaster') + include exim::vdomain::setup munin::check { 'ps_exim4': script => 'ps_' } diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index b3ef52202..56b59842e 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -32,7 +32,7 @@ # flushing' operations, but should be populated with a list # of trusted machines. Wildcards are not permitted # bsmtp_domains - Domains that we deliver locally via bsmtp -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> # mailhubdomains - Domains for which we are the MX, but the mail is relayed # elsewhere. This is designed for use with small volume or # restricted machines that need to use a smarthost for mail @@ -125,7 +125,7 @@ hostlist debianhosts = <; ; 127.0.0.1 ; ::1 ; /var/lib/misc/thishost/debianhosts hostlist reservedaddrs = 0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/24 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5 -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> # Domains we relay for; that is domains that aren't considered local but we # accept mail for them. domainlist mailhubdomains = lsearch;/etc/exim4/manualroute @@ -215,7 +215,7 @@ ports = [] out = "daemon_smtp_ports = " ports << 25 -if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') +if @is_bugsmaster or @is_bugsmx ports << 587 end @@ -223,7 +223,7 @@ if not scope.lookupvar('site::nodeinfo')['mail_port'].to_s.empty? ports << scope.lookupvar('site::nodeinfo')['mail_port'] end -if scope.function_has_role('mailrelay') +if @is_mailrelay ports << scope.lookupvar('site::nodeinfo')['smarthost_port'] end @@ -292,7 +292,7 @@ acl_getprofile: hosts = !+debianhosts set acl_m_rprf = localonly -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> warn local_parts = +local_only_users domains = +mailhubdomains hosts = !+debianhosts @@ -301,28 +301,28 @@ acl_getprofile: <%- end -%> accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} -<%- if scope.function_has_role('rtmaster') -%> +<%- if @is_rtmaster -%> warn domains = rt.debian.org set acl_m_rprf = RTMail accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} <%- end -%> -<%- if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') -%> +<%- if @is_bugsmaster or @is_bugsmx -%> warn domains = bugs.debian.org set acl_m_rprf = BugsMail accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} <%- end -%> -<%- if scope.function_has_role('packagesmaster') -%> +<%- if @is_packagesmaster -%> warn domains = packages.debian.org set acl_m_rprf = PackagesMail accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}} <%- end -%> -<%- if scope.function_has_role('packagesqamaster') -%> +<%- if @is_packagesqamaster -%> warn recipients = owner@packages.qa.debian.org : postmaster@packages.qa.debian.org set acl_m_rprf = PTSOwner @@ -394,7 +394,7 @@ check_helo: warn set acl_c_scr = 0 -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> accept verify = certificate <%- end -%> @@ -490,7 +490,7 @@ check_submission: # We do this by testing for an empty sending host field. accept hosts = +debianhosts -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> accept verify = certificate <%- end -%> @@ -511,7 +511,7 @@ check_submission: endpass verify = recipient -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> accept domains = +mailhubdomains endpass verify = recipient/callout=30s,defer_ok,use_sender,no_cache @@ -526,7 +526,7 @@ check_submission: #!!# ACL that is used after the RCPT command check_recipient: -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> accept verify = certificate <%- end -%> @@ -639,7 +639,7 @@ check_recipient: warn condition = ${if eq{$acl_m_prf}{localonly}} set acl_m_lrc = ${if eq{$acl_m_lrc}{}{$local_part@$domain}{$acl_m_lrc, $local_part@$domain}} -<%- if scope.function_has_role('packagesmaster') -%> +<%- if @is_packagesmaster -%> warn condition = ${if eq {$acl_m_prf}{PackagesMail}} condition = ${if eq {$sender_address}{$local_part@$domain}} message = X-Packages-FromTo-Same: yes @@ -717,7 +717,7 @@ check_recipient: condition = ${if eq{$acl_m_act}{450}{yes}{no}} <%- end -%> -<%- if scope.function_has_role('rtmaster') -%> +<%- if @is_rtmaster -%> warn condition = ${if eq{$acl_m_prf}{RTMail}} set acl_m12 = ${if def:acl_m12 {$acl_m12} {${if or{{match{$local_part}{\N[^+]+\+\d+\N}}{match{$local_part}{\N[^+]+\+new\N}}{match{$local_part}{3520}}{match{$local_part}{3645}}} {RTMailRecipientHasSubaddress}}}} # temporary hack because weasel screwed up and gave people an rt-3520@ address, which doesn't really work normally. and rt-3645 @@ -840,7 +840,7 @@ check_recipient: message = "Sender verification failed: $acl_verify_message" <%- end -%> -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> accept domains = +mailhubdomains endpass verify = recipient/callout=30s,defer_ok,use_sender,no_cache @@ -899,7 +899,7 @@ check_message: # header. Take their crack pipe away. drop condition = ${if match{${lc:$h_From:}}{\Npostmaster@([^.]+\.)?debian\.org\N}} -<%- if scope.function_has_role('rtmaster') -%> +<%- if @is_rtmaster -%> deny condition = ${if eq {$acl_m_prf}{RTMail}} condition = ${if and{{!match {${lc:$rh_Subject:}} {debian rt}} \ {!match {${lc:$rh_Subject:]}} {\N\[rt.debian.org \N}} \ @@ -907,7 +907,7 @@ check_message: message = messages to the Request Tracker system require a subject tag or a subaddress <%- end -%> -<%- if scope.function_has_role('packagesqamaster') -%> +<%- if @is_packagesqamaster -%> deny !hosts = +debianhosts : 5.153.231.21 condition = ${if eq {$acl_m_prf}{PTSMail}} condition = ${if def:h_X-PTS-Approved:{false}{true}} @@ -992,7 +992,7 @@ check_message: !verify = header_sender message = No valid sender found in the From:, Sender: and Reply-to: headers -<%- if scope.function_has_role('packagesmaster') -%> +<%- if @is_packagesmaster -%> deny message = Congratulations, you scored $spam_score points. log_message = spam: $spam_score points. condition = ${if eq {$acl_m_prf}{PackagesMail}} @@ -1040,7 +1040,7 @@ begin routers # An address is passed to each in turn until it is accepted. # ###################################################################### -<%- if scope.function_has_role('mailrelay') -%> +<%- if @is_mailrelay -%> relay_manualroute: driver = manualroute domains = +mailhubdomains @@ -1298,7 +1298,7 @@ localuser: # Everything before here should apply only to the local domains with a # domains= rule -<%- if scope.function_has_role('packagesmaster') -%> +<%- if @is_packagesmaster -%> # This router delivers for packages.d.o packages: debug_print = "R: packages for $local_part@$domain" @@ -1316,7 +1316,7 @@ packages: no_more <%- end -%> -<%- if scope.function_has_role('rtmaster') -%> +<%- if @is_rtmaster -%> # This router delivers for rt.d.o rt_force_new_verbose: debug_print = "R: rt for $local_part+new@$domain" @@ -1449,9 +1449,9 @@ virt_users: <%= out = "" -if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') +if @is_bugsmaster or @is_bugsmx domain = 'bugs.debian.org' - if scope.function_has_role('bugsmaster') + if @is_bugsmaster domain = 'bugs-master.debian.org' end out = ' @@ -1603,7 +1603,7 @@ bsmtp: {$value}fail}\ }} -<%- if scope.function_has_role('bugsmaster') or scope.function_has_role('bugsmx') -%> +<%- if @is_bugsmaster or @is_bugsmx -%> bugs_pipe: driver = pipe command = /org/bugs.debian.org/mail/run-procmail @@ -1616,7 +1616,7 @@ bugs_pipe: user = debbugs <%- end -%> -<%- if scope.function_has_role('rtmaster') -%> +<%- if @is_rtmaster -%> rt_pipe: debug_print = "T: rt_pipe for $local_part${local_part_suffix}@$domain" driver = pipe -- 2.20.1