From 0e22e1050b83c956f65a4d8376936115d15b8133 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 19:18:32 +0200
Subject: [PATCH] switch postfix smarthost config to classparams

---
 data/common.yaml                             |  1 +
 modules/postfix/manifests/init.pp            | 13 +++++++++++++
 modules/postfix/templates/main.cf-header.erb |  8 ++++----
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/data/common.yaml b/data/common.yaml
index e724e5fdd..493121e77 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -13,6 +13,7 @@ resolv::searchpaths: ['debian.org']
 staticsync::user: 'staticsync'
 staticsync::basedir: '/srv/static.debian.org'
 exim::smarthost: 'mailout.debian.org'
+postfix::smarthost: 'mailout.debian.org'
 
 roles::dns_primary::allow_access:
   # easydns
diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp
index 88591a94d..000522d6e 100644
--- a/modules/postfix/manifests/init.pp
+++ b/modules/postfix/manifests/init.pp
@@ -1,10 +1,23 @@
+# postfix class
+# @param use_smarthost use the smarthost
+# @param smarthost host to relay through (if set and use_smarthost)
 class postfix(
+  Optional[String] $smarthost,
+  Boolean $use_smarthost = true,
   Boolean $manage_maincf = true,
 ) {
   package { 'postfix':
     ensure => installed
   }
 
+  if $use_smarthost {
+    if ! smarthost {
+      fail('No smarthost set but use_smarthost is true')
+    }
+  } else {
+    $heavy = true
+  }
+
   service { 'postfix':
     ensure => running
   }
diff --git a/modules/postfix/templates/main.cf-header.erb b/modules/postfix/templates/main.cf-header.erb
index 6f6cbe504..093473887 100644
--- a/modules/postfix/templates/main.cf-header.erb
+++ b/modules/postfix/templates/main.cf-header.erb
@@ -4,12 +4,12 @@ mydomain = debian.org
 compatibility_level = 2
 smtp_dns_support_level = dnssec
 
-<%- if scope.lookupvar('deprecated::nodeinfo')['smarthost'].empty? -%>
-smtp_tls_security_level = dane
-<%- else -%>
+<%- if @use_smarthost -%>
 smtp_tls_security_level = dane-only
 # yes, do MX lookups on the relayhost, since those have TLSA records
-relayhost = <%= scope.lookupvar('deprecated::nodeinfo')['smarthost'] %>:submission
+relayhost = <%= @smarthost %>:submission
+<%- else -%>
+smtp_tls_security_level = dane
 <%- end -%>
 
 # tls stuff
-- 
2.20.1