]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/exim/manifests/init.pp
projects / dsa-puppet.git / blob
? search:


a448d2aebfe90093951bf02bab38f696276f861c
[dsa-puppet.git] / modules / exim / manifests / init.pp
1 class exim {
2     activate_munin_check {
3             "ps_exim4": script => "ps_";
4             "exim_mailqueue":;
5             "exim_mailstats":;
6             "postfix_mailqueue":  ensure => absent;
7             "postfix_mailstats":  ensure => absent;
8             "postfix_mailvolume": ensure => absent;
9     }
10
11
12     package { exim4-daemon-heavy: ensure => installed }
13
14     file {
15         "/etc/exim4/":
16           ensure  => directory,
17           owner   => root,
18           group   => root,
19           mode    => 755,
20           purge   => true
21         ;
22         "/etc/exim4/Git":
23           ensure  => directory,
24           purge   => true,
25           force   => true,
26           recurse => true,
27           source  => "puppet:///files/empty/"
28         ;
29         "/etc/exim4/conf.d":
30           ensure  => directory,
31           purge   => true,
32           force   => true,
33           recurse => true,
34           source  => "puppet:///files/empty/"
35         ;
36         "/etc/exim4/ssl":
37           ensure  => directory,
38           owner   => root,
39           group   => Debian-exim,
40           mode    => 750,
41           require => Package["exim4-daemon-heavy"],
42           purge   => true
43         ;
44         "/etc/mailname":
45           content => template("exim/mailname.erb"),
46         ;
47         "/etc/exim4/exim4.conf":
48           content => template("exim/eximconf.erb"),
49           require => Package["exim4-daemon-heavy"],
50           notify  => Exec["exim4 reload"]
51         ;
52         "/etc/exim4/manualroute":
53           require => Package["exim4-daemon-heavy"],
54           content => template("exim/manualroute.erb")
55           ;
56         "/etc/exim4/host_blacklist":
57           require => Package["exim4-daemon-heavy"],
58           source  => [ "puppet:///modules/exim/per-host/$fqdn/host_blacklist",
59                        "puppet:///modules/exim/common/host_blacklist" ]
60           ;
61         "/etc/exim4/blacklist":
62           require => Package["exim4-daemon-heavy"],
63           source  => [ "puppet:///modules/exim/per-host/$fqdn/blacklist",
64                        "puppet:///modules/exim/common/blacklist" ]
65           ;
66         "/etc/exim4/callout_users":
67           require => Package["exim4-daemon-heavy"],
68           source  => [ "puppet:///modules/exim/per-host/$fqdn/callout_users",
69                        "puppet:///modules/exim/common/callout_users" ]
70           ;
71         "/etc/exim4/grey_users":
72           require => Package["exim4-daemon-heavy"],
73           source  => [ "puppet:///modules/exim/per-host/$fqdn/grey_users",
74                        "puppet:///modules/exim/common/grey_users" ]
75           ;
76         "/etc/exim4/helo-check":
77           require => Package["exim4-daemon-heavy"],
78           source  => [ "puppet:///modules/exim/per-host/$fqdn/helo-check",
79                        "puppet:///modules/exim/common/helo-check" ]
80           ;
81         "/etc/exim4/locals":
82           require => Package["exim4-daemon-heavy"],
83           content => template("exim/locals.erb")
84           ;
85         "/etc/exim4/localusers":
86           require => Package["exim4-daemon-heavy"],
87           source  => [ "puppet:///modules/exim/per-host/$fqdn/localusers",
88                        "puppet:///modules/exim/common/localusers" ]
89           ;
90         "/etc/exim4/rbllist":
91           require => Package["exim4-daemon-heavy"],
92           source  => [ "puppet:///modules/exim/per-host/$fqdn/rbllist",
93                        "puppet:///modules/exim/common/rbllist" ]
94           ;
95         "/etc/exim4/rhsbllist":
96           require => Package["exim4-daemon-heavy"],
97           source  => [ "puppet:///modules/exim/per-host/$fqdn/rhsbllist",
98                        "puppet:///modules/exim/common/rhsbllist" ]
99           ;
100         "/etc/exim4/virtualdomains":
101           require => Package["exim4-daemon-heavy"],
102           content => template("exim/virtualdomains.erb")
103           ;
104         "/etc/exim4/whitelist":
105           require => Package["exim4-daemon-heavy"],
106           source  => [ "puppet:///modules/exim/per-host/$fqdn/whitelist",
107                        "puppet:///modules/exim/common/whitelist" ]
108           ;
109         "/etc/exim4/submission-domains":
110           require => Package["exim4-daemon-heavy"],
111           source  => [ "puppet:///modules/exim/per-host/$fqdn/submission-domains",
112                        "puppet:///modules/exim/common/submission-domains" ]
113           ;
114         "/etc/logrotate.d/exim4-base":
115           require => Package["exim4-daemon-heavy"],
116           source  => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-base",
117                        "puppet:///modules/exim/common/logrotate-exim4-base" ]
118           ;
119         "/etc/logrotate.d/exim4-paniclog":
120           require => Package["exim4-daemon-heavy"],
121           source  => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-paniclog",
122                        "puppet:///modules/exim/common/logrotate-exim4-paniclog" ]
123           ;
124         "/etc/exim4/ssl/thishost.crt":
125           require => Package["exim4-daemon-heavy"],
126           source  => "puppet:///modules/exim/certs/$fqdn.crt",
127           owner   => root,
128           group   => Debian-exim,
129           mode    => 640
130           ;
131         "/etc/exim4/ssl/thishost.key":
132           require => Package["exim4-daemon-heavy"],
133           source  => "puppet:///modules/exim/certs/$fqdn.key",
134           owner   => root,
135           group   => Debian-exim,
136           mode    => 640
137           ;
138         "/etc/exim4/ssl/ca.crt":
139           require => Package["exim4-daemon-heavy"],
140           source  => "puppet:///modules/exim/certs/ca.crt",
141           owner   => root,
142           group   => Debian-exim,
143           mode    => 640
144           ;
145         "/etc/exim4/ssl/ca.crl":
146           require => Package["exim4-daemon-heavy"],
147           source  => "puppet:///modules/exim/certs/ca.crl",
148           owner   => root,
149           group   => Debian-exim,
150           mode    => 640
151           ;
152         "/var/log/exim4":
153           mode    => 2750,
154           ensure  => directory,
155           owner   => Debian-exim,
156           group   => maillog
157           ;
158     }
159
160     exec { "exim4 reload":
161         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
162         refreshonly => true,
163     }
164
165     case getfromhash($nodeinfo, 'mail_port') {
166       /^(\d+)$/: { $mail_port = $1 }
167       default: { $mail_port = 'smtp' }
168     }
169
170     @ferm::rule { "dsa-exim":
171             description     => "Allow SMTP",
172             rule            => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
173     }
174     @ferm::rule { "dsa-exim-v6":
175             description     => "Allow SMTP",
176             domain          => "ip6",
177             rule            => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
178     }
179     # Do we actually want this?  I'm only doing it because it's harmless
180     # and makes the logs quiet.  There are better ways of making logs quiet,
181     # though.
182     @ferm::rule { "dsa-ident":
183             domain          => "(ip ip6)",
184             description     => "Allow ident access",
185             rule            => "&SERVICE(tcp, 113)"
186     }
187 }
188 # vim:set et:
189 # vim:set sts=4 ts=4:
190 # vim:set shiftwidth=4:
Unnamed repository; edit this file 'description' to name the repository.