From 6ed6f3ef190ee312064735c2514502ae4fefb135 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Wed, 25 Apr 2012 08:03:52 +0100
Subject: [PATCH] This is better expressed as a dependency
Signed-off-by: Stephen Gran <steve@lobefin.net>
---
modules/debian-org/lib/facter/mta.rb | 15 ---------------
modules/exim/manifests/init.pp | 6 +++++-
modules/exim/templates/eximconf.erb | 10 +---------
3 files changed, 6 insertions(+), 25 deletions(-)
diff --git a/modules/debian-org/lib/facter/mta.rb b/modules/debian-org/lib/facter/mta.rb
index 9b612609..5d2242a6 100644
--- a/modules/debian-org/lib/facter/mta.rb
+++ b/modules/debian-org/lib/facter/mta.rb
@@ -7,18 +7,3 @@ Facter.add("mta") do
mta
end
end
-
-Facter.add("exim_ssl_certs") do
- certs = FileTest.exist?("/etc/exim4/ssl/") &&
- FileTest.exist?("/etc/exim4/ssl/ca.crl") &&
- FileTest.exist?("/etc/exim4/ssl/thishost.crt") &&
- FileTest.exist?("/etc/exim4/ssl/ca.crt") &&
- FileTest.exist?("/etc/exim4/ssl/thishost.key")
- setcode do
- if certs
- true
- else
- ''
- end
- end
-end
diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 5b029561..6b83cf87 100644
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -12,7 +12,10 @@ class exim {
service { 'exim4':
ensure => running,
- require => File['/etc/exim4/exim4.conf'],
+ require => [
+ File['/etc/exim4/exim4.conf'],
+ Package['exim4'],
+ ]
}
file { '/etc/exim4/':
@@ -43,6 +46,7 @@ class exim {
}
file { '/etc/exim4/exim4.conf':
content => template('exim/eximconf.erb'),
+ require => File['/etc/exim4/ssl/thishost.crt'],
notify => Service['exim4'],
}
file { '/etc/mailname':
diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 4676dadd..d508eb06 100644
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -129,14 +129,12 @@ hostlist reservedaddrs = <%= scope.lookupvar('site::nodeinfo')['reservedaddrs']
domainlist mailhubdomains = lsearch;/etc/exim4/manualroute
<%- end -%>
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
tls_try_verify_hosts = *
tls_verify_certificates = /etc/exim4/ssl/ca.crt
tls_crl = /etc/exim4/ssl/ca.crl
-<%- end -%>
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
@@ -230,9 +228,7 @@ admin_groups = adm
remote_sort_domains = *.debian.org:*.debian.net
pipelining_advertise_hosts = !*
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
tls_advertise_hosts = *
-<%- end -%>
smtp_enforce_sync = true
log_selector = +tls_cipher +tls_peerdn +queue_time +deliver_time +smtp_connection +smtp_incomplete_transaction +smtp_confirmation
@@ -1566,10 +1562,8 @@ remote_smtp:
driver = smtp
connect_timeout = 1m
delay_after_cutoff = false
-<%- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
-<%- end -%>
<%=
out = ""
@@ -1581,13 +1575,11 @@ remote_smtp_smarthost:
delay_after_cutoff = false
port = '
out += scope.lookupvar('site::nodeinfo')['smarthost_port'].to_s + "\n"
- if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true"
- out += ' tls_tempfail_tryclear = false
+ out += ' tls_tempfail_tryclear = false
hosts_require_tls = ' + scope.lookupvar('site::nodeinfo')['smarthost'] + '
tls_certificate = /etc/exim4/ssl/thishost.crt
tls_privatekey = /etc/exim4/ssl/thishost.key
'
- end
end
out
%>
--
2.39.5