view modules/dovecot/manifests/init.pp @ 203:6813609829e3 puppet-3.6

Blacklist more usernames no-one will ever log in with
author IBBoard <dev@ibboard.co.uk>
date Wed, 29 May 2019 19:51:42 +0100
parents 7c3833d96603
children 51d3748f8112
line wrap: on
line source

class dovecot (
	$imapserver,
	) {
	package { 'dovecot':
		ensure => installed,
	}
	File {
		ensure => present,
		notify => Service['dovecot'],
		require => Package['dovecot'],
	}
	file { '/etc/dovecot/conf.d/99-imap-only.conf':
		content => 'protocols = imap
service imap-login {
  # Only allow IMAP locally and IMAPS externally
  inet_listener imap {
     address = 127.0.0.1
  }
  inet_listener imaps {
  }
}',
	}
	file { '/etc/dovecot/conf.d/99-extra.conf':
		content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox
first_valid_uid = 500'
	}
	file { '/etc/dovecot/conf.d/10-auth.conf':
		content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)",
	}
	file { '/etc/dovecot/conf.d/99-sasl.conf':
		content => "!include auth-passwdfile.conf.ext
auth_mechanisms = plain login
service auth {
	unix_listener auth-userdb {
	}
	unix_listener /var/spool/postfix/private/auth {
		mode = 0660
		user = postfix
		group = postfix        
	}
}"
	}
	file { '/etc/dovecot/conf.d/99-ssl.conf':
		content => "ssl_cert = </etc/pki/dovecot/certs/${imapserver}.crt
ssl_key = </etc/pki/dovecot/certs/${imapserver}.key",
	}
	file { '/etc/dovecot/conf.d/99-ssl-extra.conf':
		source => 'puppet:///private/dovecot/99-ssl-extra.conf'
	}
	file { '/etc/dovecot/users':
		source => 'puppet:///private/dovecot/passwd'
	}
	file { "/etc/pki/dovecot/certs/${imapserver}.crt":
		source => "puppet:///private/pki/custom/${imapserver}.crt"
	}
	file { "/etc/pki/dovecot/certs/${imapserver}.key":
		source => "puppet:///private/pki/custom/${imapserver}.key"
	}
	service { 'dovecot':
		ensure => running,
		enable => true,
		subscribe => Package['dovecot'],
	}
}