Mercurial > repos > other > Puppet
view modules/dovecot/manifests/init.pp @ 308:edd1e3b444e7
Blacklist more users on SSH including bugzilla
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sun, 23 Feb 2020 12:07:07 +0000 |
| parents | 7c3833d96603 |
| children | 51d3748f8112 |
line wrap: on
line source
class dovecot ( $imapserver, ) { package { 'dovecot': ensure => installed, } File { ensure => present, notify => Service['dovecot'], require => Package['dovecot'], } file { '/etc/dovecot/conf.d/99-imap-only.conf': content => 'protocols = imap service imap-login { # Only allow IMAP locally and IMAPS externally inet_listener imap { address = 127.0.0.1 } inet_listener imaps { } }', } file { '/etc/dovecot/conf.d/99-extra.conf': content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox first_valid_uid = 500' } file { '/etc/dovecot/conf.d/10-auth.conf': content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)", } file { '/etc/dovecot/conf.d/99-sasl.conf': content => "!include auth-passwdfile.conf.ext auth_mechanisms = plain login service auth { unix_listener auth-userdb { } unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } }" } file { '/etc/dovecot/conf.d/99-ssl.conf': content => "ssl_cert = </etc/pki/dovecot/certs/${imapserver}.crt ssl_key = </etc/pki/dovecot/certs/${imapserver}.key", } file { '/etc/dovecot/conf.d/99-ssl-extra.conf': source => 'puppet:///private/dovecot/99-ssl-extra.conf' } file { '/etc/dovecot/users': source => 'puppet:///private/dovecot/passwd' } file { "/etc/pki/dovecot/certs/${imapserver}.crt": source => "puppet:///private/pki/custom/${imapserver}.crt" } file { "/etc/pki/dovecot/certs/${imapserver}.key": source => "puppet:///private/pki/custom/${imapserver}.key" } service { 'dovecot': ensure => running, enable => true, subscribe => Package['dovecot'], } }