Config
------
- set $postfix_use_amavisd="yes" to include postfix::amavis
+- set $postfix_manage_tls_policy="yes" to manage TLS policy (see
+ postfix::tlspolicy for details)
== Example:
--- /dev/null
+#
+# == Class: postfix::tlspolicy
+#
+# Manages Postfix TLS policy by merging policy snippets shipped:
+# - in the module's files/tls_policy.d/
+# - via postfix::tlspolicy_snippet defines
+#
+# Parameters:
+# - $postfix_tls_fingerprint_digest (defaults to sha1)
+#
+# Example usage:
+#
+# node "toto.example.com" {
+# $postfix_manage_tls_policy = yes
+# include postfix
+# }
+#
+class postfix::tlspolicy {
+
+ # Default value for parameters
+ case $postfix_tls_fingerprint_digest {
+ "": { $postfix_tls_fingerprint_digest = 'sha1' }
+ }
+
+ include common::moduledir
+ module_dir{'postfix/tls_policy': }
+
+ $postfix_tlspolicy_dir = "${common::moduledir::module_dir_path}/postfix/tls_policy"
+ $postfix_tlspolicy_snippets_dir = "${postfix_tlspolicy_dir}/tls_policy.d"
+ $postfix_merged_tlspolicy = "${postfix_tlspolicy_dir}/merged_tls_policy"
+
+ file {"$postfix_tlspolicy_snippets_dir":
+ ensure => 'directory',
+ owner => 'root',
+ group => '0',
+ mode => '700',
+ source => [
+ "puppet:///modules/site-postfix/${fqdn}/tls_policy.d",
+ "puppet:///modules/site-postfix/tls_policy.d",
+ "puppet:///modules/postfix/tls_policy.d"
+ ],
+ recurse => true,
+ purge => false,
+ }
+
+ concatenated_file { "$postfix_merged_tlspolicy":
+ dir => "${postfix_tlspolicy_snippets_dir}",
+ require => File["$postfix_tlspolicy_snippets_dir"],
+ }
+
+ postfix::hash { '/etc/postfix/tls_policy':
+ source => "$postfix_merged_tlspolicy",
+ subscribe => File["$postfix_merged_tlspolicy"],
+ }
+
+ postfix::config {
+ 'smtp_tls_fingerprint_digest': value => "$postfix_tls_fingerprint_digest";
+ }
+
+ postfix::config { 'smtp_tls_policy_maps':
+ value => 'hash:/etc/postfix/tls_policy',
+ require => [
+ Postfix::Hash['/etc/postfix/tls_policy'],
+ Postfix::Config['smtp_tls_fingerprint_digest'],
+ ],
+ }
+
+}
case $root_mail_recipient {
"": { $root_mail_recipient = "nobody" }
}
+ case $postfix_manage_tls_policy {
+ "": { $postfix_manage_tls_policy = "no" }
+ }
case $postfix_use_amavisd {
"": { $postfix_use_amavisd = "no" }
}
"": { $postfix_mastercf_tail = "" }
}
+ # Bootstrap moduledir
+ include common::moduledir
+ module_dir{'postfix': }
+
+ # Include optional classes
+ if $postfix_manage_tls_policy == 'yes' {
+ include postfix::tlspolicy
+ }
if $postfix_use_amavisd == 'yes' {
include postfix::amavis
}
--- /dev/null
+/*
+== Definition: postfix::tlspolicy_snippet
+
+Adds a TLS policy snippets to /etc/postfix/tls_policy.d/.
+See the postfix::tlspolicy class for details.
+
+Parameters:
+- *name*: name of destination domain Postfix will lookup. See TLS_README.
+- *value*: right-hand part of the tls_policy map
+- *ensure*: present/absent, defaults to present.
+
+Requires:
+- Class["postfix"]
+- Class["postfix::tlspolicy"]
+
+Example usage:
+
+ node "toto.example.com" {
+ $postfix_manage_tls_policy = yes
+ include postfix
+ postfix::tlspolicy_snippet {
+ 'example.com': value => 'encrypt';
+ '.example.com': value => 'encrypt';
+ 'nothing.com': value => 'fingerprint match=2A:FF:F0:EC:52:04:99:45:73:1B:C2:22:7F:FD:31:6B:8F:07:43:29';
+ }
+ }
+
+*/
+
+define postfix::tlspolicy_snippet ($ensure="present", $value = false) {
+
+ include postfix::tlspolicy
+
+ if ($value == false) and ($ensure == "present") {
+ fail("The value parameter must be set when using the postfix::tlspolicy_snippet define with ensure=present.")
+ }
+
+ file { "${postfix::tlspolicy::postfix_tlspolicy_snippets_dir}/${name}":
+ ensure => "$ensure",
+ content => "${name} ${value}\n",
+ mode => 600,
+ owner => root,
+ group => 0,
+ notify => Exec["concat_${postfix::tlspolicy::postfix_merged_tlspolicy}"],
+ }
+
+}
projects / puppet-postfix.git / commitdiff