other/Puppet: modules/dovecot/manifests/init.pp annotate

annotate modules/dovecot/manifests/init.pp @ 480:2c3e745be8d2

Update server defs and own modules to match * $osver and $fqdn and others are now all in $facts * Firewall swapped action for jump and has new way to do IPv6 * SSH server setup changed * Resolve warnings from fileserver.conf * has_key() no longer exists because Puppet can do "key in array" * Some variables are now more strictly typed Also: * Try to configure full IPv6 DNS resolver * Clean up old config - unused servers and some CentOS complexity

author	IBBoard <dev@ibboard.co.uk>
date	Thu, 29 Aug 2024 18:58:49 +0100
parents	21f6add30502
children

rev	line source
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	1 class dovecot (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	2 $imapserver,
311 51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	3 $imapserver_ip,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	4 $imapserver_proxy = undef,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	5 $proxy_upstream = [],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	6 ) {
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 477 diff changeset	7 if $facts["os"]["family"] == 'RedHat' {
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	8 $dovecot_package = 'dovecot'
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	9 }
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 477 diff changeset	10 elsif $facts["os"]["family"] == 'Debian' {
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	11 $dovecot_package = 'dovecot-imapd'
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	12 }
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	13
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	14 package { $dovecot_package:
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	15 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	16 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	17 File {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	18 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	19 notify => Service['dovecot'],
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	20 require => Package[$dovecot_package],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	21 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	22 file { '/etc/dovecot/conf.d/99-imap-only.conf':
329 f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	23 content => epp('dovecot/99-imap-only.conf.epp',
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	24 {
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	25 imapserver_ip => $imapserver_ip,
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	26 imapserver_proxy => $imapserver_proxy,
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	27 proxy_upstream => $proxy_upstream
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	28 }
f5ce1a5542ee Fix localhost IMAP on IPv6 (used by Webmail) IBBoard <dev@ibboard.co.uk> parents: 312 diff changeset	29 ),
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 file { '/etc/dovecot/conf.d/99-extra.conf':
138 7c3833d96603 Override minimum UID for Dovecot/IMAP, as we use old "500+ is users" range IBBoard <dev@ibboard.co.uk> parents: 131 diff changeset	32 content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox
477 21f6add30502 Increase max client connections IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	33 first_valid_uid = 500
21f6add30502 Increase max client connections IBBoard <dev@ibboard.co.uk> parents: 390 diff changeset	34 mail_max_userip_connections = 25'
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	35 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	36 file { '/etc/dovecot/conf.d/10-auth.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	37 content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	38 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 file { '/etc/dovecot/conf.d/99-sasl.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 content => "!include auth-passwdfile.conf.ext
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 auth_mechanisms = plain login
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	42 service auth {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 unix_listener auth-userdb {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	45 unix_listener /var/spool/postfix/private/auth {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 mode = 0660
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 user = postfix
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	48 group = postfix
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	49 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 }"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 file { '/etc/dovecot/conf.d/99-ssl.conf':
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	53 content => "ssl_cert = </etc/pki/custom/${imapserver}.crt
df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	54 ssl_key = </etc/pki/custom/${imapserver}.key",
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 file { '/etc/dovecot/conf.d/99-ssl-extra.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 source => 'puppet:///private/dovecot/99-ssl-extra.conf'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	59 file { '/etc/dovecot/users':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	60 source => 'puppet:///private/dovecot/passwd'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	61 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	62 file { "/etc/pki/custom/${imapserver}.crt":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 source => "puppet:///private/pki/custom/${imapserver}.crt"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 }
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	65 file { "/etc/pki/custom/${imapserver}.key":
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 source => "puppet:///private/pki/custom/${imapserver}.key"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	68 service { 'dovecot':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	69 ensure => running,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	70 enable => true,
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	71 subscribe => Package[$dovecot_package],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	72 }
381 a4867ea13d84 Restart Dovecot/Postfix after LetsEncrypt renewal IBBoard <dev@ibboard.co.uk> parents: 329 diff changeset	73 exec { 'Dovecot/LetsEncrypt sync restart trigger':
a4867ea13d84 Restart Dovecot/Postfix after LetsEncrypt renewal IBBoard <dev@ibboard.co.uk> parents: 329 diff changeset	74 command => "/usr/bin/true",
390 df5ad1612af7 Adapt configs to support Ubuntu IBBoard <dev@ibboard.co.uk> parents: 381 diff changeset	75 unless => "[ /run/dovecot/master -nt $(readlink -e /etc/pki/custom/${imapserver}.crt) ]",
381 a4867ea13d84 Restart Dovecot/Postfix after LetsEncrypt renewal IBBoard <dev@ibboard.co.uk> parents: 329 diff changeset	76 notify => Service['dovecot'],
a4867ea13d84 Restart Dovecot/Postfix after LetsEncrypt renewal IBBoard <dev@ibboard.co.uk> parents: 329 diff changeset	77 }
311 51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	78 firewall { '102 allow IMAPS':
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	79 destination => $imapserver_ip,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	80 dport => 993,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	81 proto => tcp,
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 477 diff changeset	82 jump => accept,
311 51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	83 }
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	84 if $imapserver_proxy != undef {
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	85 $proxy_upstream.each \|Stdlib::IP::Address::V6 $upstream_addr\| {
312 490d7ec20172 Make firewall rule numbering consistent for Dovecot IBBoard <dev@ibboard.co.uk> parents: 311 diff changeset	86 firewall { "102 limit PROXY protocol for IMAP to upstream $upstream_addr":
311 51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	87 source => $upstream_addr,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	88 destination => $imapserver_proxy,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	89 dport => 993,
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	90 proto => tcp,
480 2c3e745be8d2 Update server defs and own modules to match IBBoard <dev@ibboard.co.uk> parents: 477 diff changeset	91 jump => accept,
311 51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	92 }
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	93 }
51d3748f8112 Configure Dovecot (IMAP) for PROXY protocol use IBBoard <dev@ibboard.co.uk> parents: 138 diff changeset	94 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	95 }

Mercurial > repos > other > Puppet

annotate modules/dovecot/manifests/init.pp @ 480:2c3e745be8d2