Mercurial > repos > other > Puppet

class dovecot (
	$imapserver,
	$imapserver_ip,
	$imapserver_proxy = undef,
	$proxy_upstream = [],
	) {
	package { 'dovecot':
		ensure => installed,
	}
	File {
		ensure => present,
		notify => Service['dovecot'],
		require => Package['dovecot'],
	}
	file { '/etc/dovecot/conf.d/99-imap-only.conf':
		content => template('dovecot/99-imap-only.conf.erb'),
	}
	file { '/etc/dovecot/conf.d/99-extra.conf':
		content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox
first_valid_uid = 500'
	}
	file { '/etc/dovecot/conf.d/10-auth.conf':
		content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)",
	}
	file { '/etc/dovecot/conf.d/99-sasl.conf':
		content => "!include auth-passwdfile.conf.ext
auth_mechanisms = plain login
service auth {
	unix_listener auth-userdb {
	}
	unix_listener /var/spool/postfix/private/auth {
		mode = 0660
		user = postfix
		group = postfix
	}
}"
	}
	file { '/etc/dovecot/conf.d/99-ssl.conf':
		content => "ssl_cert = </etc/pki/dovecot/certs/${imapserver}.crt
ssl_key = </etc/pki/dovecot/certs/${imapserver}.key",
	}
	file { '/etc/dovecot/conf.d/99-ssl-extra.conf':
		source => 'puppet:///private/dovecot/99-ssl-extra.conf'
	}
	file { '/etc/dovecot/users':
		source => 'puppet:///private/dovecot/passwd'
	}
	file { "/etc/pki/dovecot/certs/${imapserver}.crt":
		source => "puppet:///private/pki/custom/${imapserver}.crt"
	}
	file { "/etc/pki/dovecot/certs/${imapserver}.key":
		source => "puppet:///private/pki/custom/${imapserver}.key"
	}
	service { 'dovecot':
		ensure => running,
		enable => true,
		subscribe => Package['dovecot'],
	}
	firewall { '102 allow IMAPS':
		destination => $imapserver_ip,
		dport => 993,
		proto => tcp,
		action => accept,
	}
	if $imapserver_proxy != undef {
		$proxy_upstream.each |Stdlib::IP::Address::V6 $upstream_addr| {
			firewall { "102 limit PROXY protocol for IMAP to upstream $upstream_addr":
				source => $upstream_addr,
				destination => $imapserver_proxy,
				dport => 993,
				proto => tcp,
				action => accept,
			}
		}
	}
}
author	IBBoard <dev@ibboard.co.uk>
date	Sun, 23 Feb 2020 20:29:42 +0000
parents	51d3748f8112
children	f5ce1a5542ee