heroes / salt

Clone
Source Code
GIT

Blame salt/profile/mailserver/init.sls

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_allow_jinja_in_secrets anikitin/web_mirrors__proxy_mirrorcache bootloader cboltz-borgbackup cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o gateway hellcp/matrix-synapse-workers-syntax hellcp/paste-sync ifconfig infra libvirt lrupp-production-patch-08358 lrupp/add_identification lrupp/remove_login_interface lrupp/retire lrupp/serve_www mailman micro monitoring-restart paste-socket postfix-aliases production repositories set-secret-detection-config-1 sysctl update-access-crtmgr
  1.   d91308a35604a384c304f87fd902fd0551102f15
  2.   salt
  3.   profile
  4.   mailserver
  5.   init.sls
Blob History Raw
9c01e4 
/etc/postfix/master.cf:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/master.cf
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - template: jinja
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: postfix
9c01e4 
    - watch_in:
9c01e4 
      - service: postfix
9c01e4
a73377 
{% for crt in [
a73377 
  'star_opensuse_org_ecdsa_letsencrypt.crt',
a73377 
  'star_opensuse_org_ecdsa_letsencrypt_key.pem',
a73377 
  'star_opensuse_org_rsa_letsencrypt.crt',
a73377 
  'star_opensuse_org_rsa_letsencrypt_key.pem',
a73377 
  'LetsEncryptCA_chain.crt'
a73377 
] %}
a73377 
/etc/postfix/{{crt}}:
cd7bcb 
  file.exists:
cd7bcb 
    - require_in:
cd7bcb 
      - service: postfix
a73377 
{% endfor %}
a73377
9c01e4 
{% for file in [
9c01e4 
  'handling_special_recipients',
e13367 
  'manually-blocked-users',
9c01e4 
  'no-internal-tls',
9c01e4 
  'ratelimit',
9c01e4 
  'transport',
9c01e4 
  'virtual-domains',
9c01e4 
  'virtual-opensuse-aliases',
9c01e4 
  'virtual-opensuse-mailinglists'
9c01e4 
] %}
9c01e4 
/etc/postfix/{{file}}:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/{{file}}
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
  cmd.run:
9c01e4 
    - name: postmap /etc/postfix/{{file}}
9c01e4 
    - runas: root
9c01e4 
    - onchanges:
9c01e4 
      - file: /etc/postfix/{{file}}
9c01e4 
    - watch_in:
9c01e4 
      - service: postfix
9c01e4 
    - require:
9c01e4 
      - pkg: postfix
9c01e4 
{% endfor %}
9c01e4
9c01e4 
/etc/sysconfig/postgrey:
9c01e4 
  file.line:
9c01e4 
    - match: ^POSTGREY_EXTRA_OPTIONS=
9c01e4 
    - content: POSTGREY_EXTRA_OPTIONS="--auto-whitelist-clients --greylist-text='Service temporarily unavailable, please retry later'"
9c01e4 
    - mode: replace
9c01e4
9c01e4 
/etc/postfix/header_checks:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/header_checks
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4
9c01e4 
{% for file in [
9c01e4 
  'bounce-old-mlmmj.pcre',
9c01e4 
  'greylist_helos.pcre',
9c01e4 
  'suspicious_client.pcre',
9c01e4 
  'virtual-opensuse-mm3-bounces.pcre'
9c01e4 
] %}
9c01e4 
/etc/postfix/{{file}}:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/{{file}}
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: postfix
9c01e4 
    - watch_in:
9c01e4 
      - service: postfix
9c01e4 
{% endfor %}
9c01e4
9c01e4 
/etc/clamd.conf:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/clamd.conf
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: clamav
9c01e4 
    - watch_in:
9c01e4 
      - service: clamd
9c01e4
9c01e4 
/etc/freshclam.conf:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/freshclam.conf
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: clamav
9c01e4 
    - watch_in:
9c01e4 
      - service: freshclam
9c01e4
9c01e4 
/etc/postgrey/whitelist_clients.local:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/whitelist_clients.local
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: postgrey
9c01e4 
    - watch_in:
9c01e4 
      - service: postgrey
9c01e4
9c01e4 
{% for file, dir in [
9c01e4 
  ('spampd', 'sysconfig'),
9c01e4 
  ('local.cf', 'mail/spamassassin'),
9c01e4 
  ('opensuse.cf', 'mail/spamassassin'),
9c01e4 
  ('opensuse-rules.cf', 'mail/spamassassin'),
9c01e4 
]%}
9c01e4 
/etc/{{dir}}/{{file}}:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/spamassassin/{{file}}
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - require:
9c01e4 
      - pkg: spamassassin
9c01e4 
    - watch_in:
9c01e4 
      - service: spampd
9c01e4 
{% endfor %}
9c01e4
9c01e4 
spampd-in:
9c01e4 
  host.present:
9c01e4 
    - ip: 127.0.0.98
9c01e4
9c01e4 
spampd-out:
9c01e4 
  host.present:
9c01e4 
    - ip: 127.0.0.99
9c01e4
9c01e4 
postsrsd:
9c01e4 
  host.present:
4abf44 
    - ip: 127.0.0.91
9c01e4
9c01e4 
# MAYBE: remove override for clamd, seems to be standard now?
9c01e4 
{% for svc in ['clamd', 'spampd'] %}
9c01e4 
/etc/systemd/system/{{svc}}.service.d/override.conf:
9c01e4 
  file.managed:
9c01e4 
    - user: root
9c01e4 
    - group: root
9c01e4 
    - mode: 0644
9c01e4 
    - replace: True
9c01e4 
    - makedirs: True
9c01e4 
    - contents:
9c01e4 
        - '[Service]'
9c01e4 
        - 'RestartSec=10'
9c01e4 
        - 'Restart=always'
9c01e4 
{% endfor %}
9c01e4
9c01e4 
{% for svc in ['clamd', 'freshclam', 'spampd', 'postsrsd', 'postgrey'] %}
9c01e4 
service {{svc}}:
9c01e4 
  service.running:
9c01e4 
    - name: {{svc}}
9c01e4 
    - enable: True
9c01e4 
{% endfor %}
9c01e4
9c01e4 
{% for file, dir in [
9c01e4 
  ('dhprimes','/etc/cron.d'),
9c01e4 
  ('regen_dh_primes','/usr/local/bin'),
9c01e4 
  ('member_aliases','/etc/cron.d'),
9c01e4 
  ('get_member_aliases', '/usr/local/bin')
9c01e4 
]%}
9c01e4 
{{dir}}/{{file}}:
9c01e4 
  file.managed:
9c01e4 
    - source: salt://profile/mailserver/files/cron/{{file}}
9c01e4 
    - user: root
9c01e4 
    - group: root
9cbb82 
    - mode: {{ '0755' if dir.endswith('/bin') else '0644' }}
9c01e4 
    - replace: True
d91308 
    - template: jinja
9c01e4 
{% endfor %}
9c01e4
d91308 
/root/.my.cnf:
d91308 
  file.managed:
d91308 
    - contents:
d91308 
      - '[client]'
d91308 
      - 'user={{ pillar.profile.mailserver.members.user }}'
d91308 
      - 'password={{ salt['pillar.get']('profile:mailserver:members:password', '') }}'
d91308 
    - user: root
d91308 
    - group: root
d91308 
    - mode: 0600
d91308
d91308 
# make sure the user database exists and is ready to use
d91308 
/etc/postfix/virtual-opensuse-users:
d91308 
  cmd.run:
d91308 
    - name: /usr/local/bin/get_member_aliases
d91308 
    - runas: root
d91308 
    - unless:
d91308 
      - test -f /etc/postfix/virtual-opensuse-users
d91308 
    - require:
d91308 
      - pkg: mariadb-client
d91308 
      - file: /root/.my.cnf
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.