Mercurial > repos > other > Puppet

diff modules/postfix/manifests/init.pp @ 313:49e66019faf7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Configure Postfix for IPv6 w/proxy Also centralised and standardised some IP settings Currently untested on IPv4 - Postfix might not like the "[ip.add.re.ss]" format, *but* we can't pass the brackets as part of the parameter because then it doesn't validate as IPv6!
author IBBoard <dev@ibboard.co.uk>
date Mon, 24 Feb 2020 20:49:51 +0000
parents 01d1b0f6dbaf
children 63e0b5149cfb
line wrap: on
line diff
--- a/modules/postfix/manifests/init.pp	Sun Feb 23 20:29:42 2020 +0000
+++ b/modules/postfix/manifests/init.pp	Mon Feb 24 20:49:51 2020 +0000
@@ -1,14 +1,17 @@
 class postfix (
-  $mailserver,
-  $protocols='all'
+  Stdlib::Fqdn $mailserver,
+  Stdlib::IP::Address $mailserver_ip,
+  Optional[Stdlib::IP::Address::V6] $mailserver_proxy = undef,
+  Array[Stdlib::IP::Address::V6] $proxy_upstream = [],
+  Enum['all', 'ipv4', 'ipv6'] $protocols='all'
   ){
 
-  if has_key($facts, 'ipaddress') {
+  if $mailserver_ip =~ Stdlib::IP::Address::V4 {
     $lo_ip = '127.0.0.1'
     $lo_networks = '127.0.0.0/8'
   } else {
-    $lo_ip = '[::1]'
-    $lo_networks = '[::1]'
+    $lo_ip = '::1'
+    $lo_networks = '::1'
   }
   
   package { 'sendmail':
@@ -24,6 +27,24 @@
     ensure    => running,
     subscribe => Package['postfix'],
   }
+  firewall { '101 allow SMTP':
+    destination => $mailserver_ip,
+    dport => [25, 465, 587],
+    proto => tcp,
+    action => accept,
+  }
+  if $mailserver_proxy != undef {
+    $proxy_upstream.each |Stdlib::IP::Address::V6 $upstream_addr| {
+      firewall { "101 limit PROXY protocol for SMTP to upstream $upstream_addr":
+        source => $upstream_addr,
+        destination => $mailserver_proxy,
+        dport => [25, 465, 587],
+        proto => tcp,
+        action => accept,
+      }
+    }
+  }
+
   exec { 'postmap-files':
     command     => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox transport; do postmap $file; done',
     cwd         => '/etc/postfix/',
@@ -37,10 +58,24 @@
     require => Package['postfix'],
   }
   file { '/etc/postfix/main.cf':
-    content => template('postfix/main.cf.erb'),
+    content => epp('postfix/main.cf.epp',
+                   {
+                     'mailserver' => $mailserver,
+                     'lo_ip' => $lo_ip,
+                     'lo_networks' => $lo_networks,
+                     'protocols' => $protocols,
+                   }
+                  ),
   }
   file { '/etc/postfix/master.cf':
-    content => template('postfix/master.cf.erb'),
+    content => epp('postfix/master.cf.epp',
+                   {
+                     'mailserver_ip' => $mailserver_ip,
+                     'mailserver_proxy' => $mailserver_proxy,
+                     'lo_ip' => $lo_ip,
+                     'lo_networks' => $lo_networks,
+                   }
+                  ),
   }
   #Hosted domains
   file { '/etc/postfix/vdomains':