Mercurial > repos > other > Puppet
diff modules/postfix/manifests/init.pp @ 313:49e66019faf7
Configure Postfix for IPv6 w/proxy
Also centralised and standardised some IP settings
Currently untested on IPv4 - Postfix might not like the
"[ip.add.re.ss]" format, *but* we can't pass the brackets as
part of the parameter because then it doesn't validate as IPv6!
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Mon, 24 Feb 2020 20:49:51 +0000 |
parents | 01d1b0f6dbaf |
children | 63e0b5149cfb |
line wrap: on
line diff
--- a/modules/postfix/manifests/init.pp Sun Feb 23 20:29:42 2020 +0000 +++ b/modules/postfix/manifests/init.pp Mon Feb 24 20:49:51 2020 +0000 @@ -1,14 +1,17 @@ class postfix ( - $mailserver, - $protocols='all' + Stdlib::Fqdn $mailserver, + Stdlib::IP::Address $mailserver_ip, + Optional[Stdlib::IP::Address::V6] $mailserver_proxy = undef, + Array[Stdlib::IP::Address::V6] $proxy_upstream = [], + Enum['all', 'ipv4', 'ipv6'] $protocols='all' ){ - if has_key($facts, 'ipaddress') { + if $mailserver_ip =~ Stdlib::IP::Address::V4 { $lo_ip = '127.0.0.1' $lo_networks = '127.0.0.0/8' } else { - $lo_ip = '[::1]' - $lo_networks = '[::1]' + $lo_ip = '::1' + $lo_networks = '::1' } package { 'sendmail': @@ -24,6 +27,24 @@ ensure => running, subscribe => Package['postfix'], } + firewall { '101 allow SMTP': + destination => $mailserver_ip, + dport => [25, 465, 587], + proto => tcp, + action => accept, + } + if $mailserver_proxy != undef { + $proxy_upstream.each |Stdlib::IP::Address::V6 $upstream_addr| { + firewall { "101 limit PROXY protocol for SMTP to upstream $upstream_addr": + source => $upstream_addr, + destination => $mailserver_proxy, + dport => [25, 465, 587], + proto => tcp, + action => accept, + } + } + } + exec { 'postmap-files': command => 'for file in helo_whitelist recipient_bcc sender_access valias valias-blacklist virtual vmailbox transport; do postmap $file; done', cwd => '/etc/postfix/', @@ -37,10 +58,24 @@ require => Package['postfix'], } file { '/etc/postfix/main.cf': - content => template('postfix/main.cf.erb'), + content => epp('postfix/main.cf.epp', + { + 'mailserver' => $mailserver, + 'lo_ip' => $lo_ip, + 'lo_networks' => $lo_networks, + 'protocols' => $protocols, + } + ), } file { '/etc/postfix/master.cf': - content => template('postfix/master.cf.erb'), + content => epp('postfix/master.cf.epp', + { + 'mailserver_ip' => $mailserver_ip, + 'mailserver_proxy' => $mailserver_proxy, + 'lo_ip' => $lo_ip, + 'lo_networks' => $lo_networks, + } + ), } #Hosted domains file { '/etc/postfix/vdomains':