modules/debian_org/manifests/mail_incoming_port.pp

   1 class debian_org::mail_incoming_port {
   2         case getfromhash($deprecated::nodeinfo, 'mail_port') {
   3                 Numeric: { $mail_port = sprintf("%d", getfromhash($deprecated::nodeinfo, 'mail_port')) }
   4                 /^(\d+)$/: { $mail_port = $1 }
   5                 default: { $mail_port = '25' }
   6         }
   7
   8         ferm::rule { 'dsa-mail':
   9                 description => 'Allow SMTP',
  10                 rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
  11         }
  12
  13         ferm::rule { 'dsa-mail-v6':
  14                 description => 'Allow SMTP',
  15                 domain      => 'ip6',
  16                 rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
  17         }
  18         $autocertdir = hiera('paths.auto_certs_dir')
  19         dnsextras::tlsa_record{ 'tlsa-mailport':
  20                 zone     => 'debian.org',
  21                 certfile => "${autocertdir}/${::fqdn}.crt",
  22                 port     => $mail_port,
  23                 hostname => $::fqdn,
  24         }
  25 }