Mercurial > repos > other > Puppet

view modules/dovecot/manifests/init.pp @ 482:d83de9b3a62b default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update hiera.yaml within Puppet config Forgot that we manage it from here. Now has content to match new packages
author IBBoard <dev@ibboard.co.uk>
date Fri, 30 Aug 2024 16:10:36 +0100
parents 2c3e745be8d2
children
line wrap: on
line source

class dovecot (
	$imapserver,
	$imapserver_ip,
	$imapserver_proxy = undef,
	$proxy_upstream = [],
	) {
	if $facts["os"]["family"] == 'RedHat' {
		$dovecot_package = 'dovecot'
	}
	elsif $facts["os"]["family"] == 'Debian' {
		$dovecot_package = 'dovecot-imapd'
	}
	
	package { $dovecot_package:
		ensure => installed,
	}
	File {
		ensure => present,
		notify => Service['dovecot'],
		require => Package[$dovecot_package],
	}
	file { '/etc/dovecot/conf.d/99-imap-only.conf':
		content => epp('dovecot/99-imap-only.conf.epp',
		                {
		                  imapserver_ip => $imapserver_ip,
		                  imapserver_proxy => $imapserver_proxy,
		                  proxy_upstream => $proxy_upstream
		                }
		              ),
	}
	file { '/etc/dovecot/conf.d/99-extra.conf':
		content => 'mail_location = maildir:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/%n/Inbox
first_valid_uid = 500
mail_max_userip_connections = 25'
	}
	file { '/etc/dovecot/conf.d/10-auth.conf':
		content => "# Blanked by Puppet - we don't use the only setting from here (PAM authentication)",
	}
	file { '/etc/dovecot/conf.d/99-sasl.conf':
		content => "!include auth-passwdfile.conf.ext
auth_mechanisms = plain login
service auth {
	unix_listener auth-userdb {
	}
	unix_listener /var/spool/postfix/private/auth {
		mode = 0660
		user = postfix
		group = postfix        
	}
}"
	}
	file { '/etc/dovecot/conf.d/99-ssl.conf':
		content => "ssl_cert = </etc/pki/custom/${imapserver}.crt
ssl_key = </etc/pki/custom/${imapserver}.key",
	}
	file { '/etc/dovecot/conf.d/99-ssl-extra.conf':
		source => 'puppet:///private/dovecot/99-ssl-extra.conf'
	}
	file { '/etc/dovecot/users':
		source => 'puppet:///private/dovecot/passwd'
	}
	file { "/etc/pki/custom/${imapserver}.crt":
		source => "puppet:///private/pki/custom/${imapserver}.crt"
	}
	file { "/etc/pki/custom/${imapserver}.key":
		source => "puppet:///private/pki/custom/${imapserver}.key"
	}
	service { 'dovecot':
		ensure => running,
		enable => true,
		subscribe => Package[$dovecot_package],
	}
	exec { 'Dovecot/LetsEncrypt sync restart trigger':
		command => "/usr/bin/true",
		unless => "[ /run/dovecot/master -nt $(readlink -e /etc/pki/custom/${imapserver}.crt) ]",
		notify => Service['dovecot'],
	}
	firewall { '102 allow IMAPS':
		destination => $imapserver_ip,
		dport => 993,
		proto => tcp,
		jump => accept,
	}
	if $imapserver_proxy != undef {
		$proxy_upstream.each |Stdlib::IP::Address::V6 $upstream_addr| {
			firewall { "102 limit PROXY protocol for IMAP to upstream $upstream_addr":
				source => $upstream_addr,
				destination => $imapserver_proxy,
				dport => 993,
				proto => tcp,
				jump => accept,
			}
		}
	}
}