Mercurial > repos > other > Puppet

view modules/dovecot/manifests/init.pp @ 480:2c3e745be8d2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update server defs and own modules to match * $osver and $fqdn and others are now all in $facts * Firewall swapped action for jump and has new way to do IPv6 * SSH server setup changed * Resolve warnings from fileserver.conf * has_key() no longer exists because Puppet can do "key in array" * Some variables are now more strictly typed Also: * Try to configure full IPv6 DNS resolver * Clean up old config - unused servers and some CentOS complexity
author IBBoard <dev@ibboard.co.uk>
date Thu, 29 Aug 2024 18:58:49 +0100
parents 21f6add30502
children
line wrap: on
line source

class dovecot (
	$imapserver,
	$imapserver_ip,
	$imapserver_proxy = undef,
	$proxy_upstream = [],
	) {
	if $facts["os"]["family"] == 'RedHat' {
		$dovecot_package = 'dovecot'
	}
	elsif $facts["os"]["family"] == 'Debian' {
		$dovecot_package = 'dovecot-imapd'
	}
	
	package { $dovecot_package:
		ensure => installed,
	}
	File {
		ensure => present,
		notify => Service['dovecot'],
		require => Package[$dovecot_package],
	}
	file { '/etc/dovecot/conf.d/99-imap-only.conf':
		content => epp('dovecot/99-imap-only.conf.epp',
		                {
		                  imapserver_ip => $imapserver_ip,
		                  imapserver_proxy => $imapserver_proxy,
		                  proxy_upstream => $proxy_upstream
		                }
		              ),
	}
	file { '/etc/dovecot/conf.d/99-extra.conf':
		content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox
first_valid_uid = 500
mail_max_userip_connections = 25'
	}
	file { '/etc/dovecot/conf.d/10-auth.conf':
		content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)",
	}
	file { '/etc/dovecot/conf.d/99-sasl.conf':
		content => "!include auth-passwdfile.conf.ext
auth_mechanisms = plain login
service auth {
	unix_listener auth-userdb {
	}
	unix_listener /var/spool/postfix/private/auth {
		mode = 0660
		user = postfix
		group = postfix        
	}
}"
	}
	file { '/etc/dovecot/conf.d/99-ssl.conf':
		content => "ssl_cert = </etc/pki/custom/${imapserver}.crt
ssl_key = </etc/pki/custom/${imapserver}.key",
	}
	file { '/etc/dovecot/conf.d/99-ssl-extra.conf':
		source => 'puppet:///private/dovecot/99-ssl-extra.conf'
	}
	file { '/etc/dovecot/users':
		source => 'puppet:///private/dovecot/passwd'
	}
	file { "/etc/pki/custom/${imapserver}.crt":
		source => "puppet:///private/pki/custom/${imapserver}.crt"
	}
	file { "/etc/pki/custom/${imapserver}.key":
		source => "puppet:///private/pki/custom/${imapserver}.key"
	}
	service { 'dovecot':
		ensure => running,
		enable => true,
		subscribe => Package[$dovecot_package],
	}
	exec { 'Dovecot/LetsEncrypt sync restart trigger':
		command => "/usr/bin/true",
		unless => "[ /run/dovecot/master -nt $(readlink -e /etc/pki/custom/${imapserver}.crt) ]",
		notify => Service['dovecot'],
	}
	firewall { '102 allow IMAPS':
		destination => $imapserver_ip,
		dport => 993,
		proto => tcp,
		jump => accept,
	}
	if $imapserver_proxy != undef {
		$proxy_upstream.each |Stdlib::IP::Address::V6 $upstream_addr| {
			firewall { "102 limit PROXY protocol for IMAP to upstream $upstream_addr":
				source => $upstream_addr,
				destination => $imapserver_proxy,
				dport => 993,
				proto => tcp,
				jump => accept,
			}
		}
	}
}