heroes / salt

Clone
Source Code
GIT

Blame salt/profile/mailserver/init.sls

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_mirrorcache anikitin/web_mirrors__proxy_mirrorcache cboltz-borgbackup cboltz-forums-mysql cboltz-nginx-conftest cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o estu/new-progress feature/saltify-mx hellcp/paste-sync icc-rm identification-vms lock-module lrupp-production-patch-08358 lrupp/add_identification lrupp/include_narwal4 lrupp/remove_login_interface lrupp/retire lrupp/serve_www lrupp/tune_sysctl man-vm opi_proxy production rm-rklein set-secret-detection-config-1 update-access-crtmgr
  1.   d91308a35604a384c304f87fd902fd0551102f15
  2.   salt
  3.   profile
  4.   mailserver
  5.   init.sls
Blob History Raw
Olav Reinert 9c01e4 
/etc/postfix/master.cf:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/master.cf
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - template: jinja
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: postfix
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: postfix
Olav Reinert 9c01e4
Olav Reinert a73377 
{% for crt in [
Olav Reinert a73377 
  'star_opensuse_org_ecdsa_letsencrypt.crt',
Olav Reinert a73377 
  'star_opensuse_org_ecdsa_letsencrypt_key.pem',
Olav Reinert a73377 
  'star_opensuse_org_rsa_letsencrypt.crt',
Olav Reinert a73377 
  'star_opensuse_org_rsa_letsencrypt_key.pem',
Olav Reinert a73377 
  'LetsEncryptCA_chain.crt'
Olav Reinert a73377 
] %}
Olav Reinert a73377 
/etc/postfix/{{crt}}:
Olav Reinert cd7bcb 
  file.exists:
Olav Reinert cd7bcb 
    - require_in:
Olav Reinert cd7bcb 
      - service: postfix
Olav Reinert a73377 
{% endfor %}
Olav Reinert a73377
Olav Reinert 9c01e4 
{% for file in [
Olav Reinert 9c01e4 
  'handling_special_recipients',
Olav Reinert e13367 
  'manually-blocked-users',
Olav Reinert 9c01e4 
  'no-internal-tls',
Olav Reinert 9c01e4 
  'ratelimit',
Olav Reinert 9c01e4 
  'transport',
Olav Reinert 9c01e4 
  'virtual-domains',
Olav Reinert 9c01e4 
  'virtual-opensuse-aliases',
Olav Reinert 9c01e4 
  'virtual-opensuse-mailinglists'
Olav Reinert 9c01e4 
] %}
Olav Reinert 9c01e4 
/etc/postfix/{{file}}:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/{{file}}
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
  cmd.run:
Olav Reinert 9c01e4 
    - name: postmap /etc/postfix/{{file}}
Olav Reinert 9c01e4 
    - runas: root
Olav Reinert 9c01e4 
    - onchanges:
Olav Reinert 9c01e4 
      - file: /etc/postfix/{{file}}
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: postfix
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: postfix
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
/etc/sysconfig/postgrey:
Olav Reinert 9c01e4 
  file.line:
Olav Reinert 9c01e4 
    - match: ^POSTGREY_EXTRA_OPTIONS=
Olav Reinert 9c01e4 
    - content: POSTGREY_EXTRA_OPTIONS="--auto-whitelist-clients --greylist-text='Service temporarily unavailable, please retry later'"
Olav Reinert 9c01e4 
    - mode: replace
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
/etc/postfix/header_checks:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/header_checks
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
{% for file in [
Olav Reinert 9c01e4 
  'bounce-old-mlmmj.pcre',
Olav Reinert 9c01e4 
  'greylist_helos.pcre',
Olav Reinert 9c01e4 
  'suspicious_client.pcre',
Olav Reinert 9c01e4 
  'virtual-opensuse-mm3-bounces.pcre'
Olav Reinert 9c01e4 
] %}
Olav Reinert 9c01e4 
/etc/postfix/{{file}}:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/{{file}}
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: postfix
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: postfix
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
/etc/clamd.conf:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/clamd.conf
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: clamav
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: clamd
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
/etc/freshclam.conf:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/freshclam.conf
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: clamav
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: freshclam
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
/etc/postgrey/whitelist_clients.local:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/whitelist_clients.local
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: postgrey
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: postgrey
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
{% for file, dir in [
Olav Reinert 9c01e4 
  ('spampd', 'sysconfig'),
Olav Reinert 9c01e4 
  ('local.cf', 'mail/spamassassin'),
Olav Reinert 9c01e4 
  ('opensuse.cf', 'mail/spamassassin'),
Olav Reinert 9c01e4 
  ('opensuse-rules.cf', 'mail/spamassassin'),
Olav Reinert 9c01e4 
]%}
Olav Reinert 9c01e4 
/etc/{{dir}}/{{file}}:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/spamassassin/{{file}}
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - require:
Olav Reinert 9c01e4 
      - pkg: spamassassin
Olav Reinert 9c01e4 
    - watch_in:
Olav Reinert 9c01e4 
      - service: spampd
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
spampd-in:
Olav Reinert 9c01e4 
  host.present:
Olav Reinert 9c01e4 
    - ip: 127.0.0.98
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
spampd-out:
Olav Reinert 9c01e4 
  host.present:
Olav Reinert 9c01e4 
    - ip: 127.0.0.99
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
postsrsd:
Olav Reinert 9c01e4 
  host.present:
Olav Reinert 4abf44 
    - ip: 127.0.0.91
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
# MAYBE: remove override for clamd, seems to be standard now?
Olav Reinert 9c01e4 
{% for svc in ['clamd', 'spampd'] %}
Olav Reinert 9c01e4 
/etc/systemd/system/{{svc}}.service.d/override.conf:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9c01e4 
    - mode: 0644
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert 9c01e4 
    - makedirs: True
Olav Reinert 9c01e4 
    - contents:
Olav Reinert 9c01e4 
        - '[Service]'
Olav Reinert 9c01e4 
        - 'RestartSec=10'
Olav Reinert 9c01e4 
        - 'Restart=always'
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
{% for svc in ['clamd', 'freshclam', 'spampd', 'postsrsd', 'postgrey'] %}
Olav Reinert 9c01e4 
service {{svc}}:
Olav Reinert 9c01e4 
  service.running:
Olav Reinert 9c01e4 
    - name: {{svc}}
Olav Reinert 9c01e4 
    - enable: True
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert 9c01e4 
{% for file, dir in [
Olav Reinert 9c01e4 
  ('dhprimes','/etc/cron.d'),
Olav Reinert 9c01e4 
  ('regen_dh_primes','/usr/local/bin'),
Olav Reinert 9c01e4 
  ('member_aliases','/etc/cron.d'),
Olav Reinert 9c01e4 
  ('get_member_aliases', '/usr/local/bin')
Olav Reinert 9c01e4 
]%}
Olav Reinert 9c01e4 
{{dir}}/{{file}}:
Olav Reinert 9c01e4 
  file.managed:
Olav Reinert 9c01e4 
    - source: salt://profile/mailserver/files/cron/{{file}}
Olav Reinert 9c01e4 
    - user: root
Olav Reinert 9c01e4 
    - group: root
Olav Reinert 9cbb82 
    - mode: {{ '0755' if dir.endswith('/bin') else '0644' }}
Olav Reinert 9c01e4 
    - replace: True
Olav Reinert d91308 
    - template: jinja
Olav Reinert 9c01e4 
{% endfor %}
Olav Reinert 9c01e4
Olav Reinert d91308 
/root/.my.cnf:
Olav Reinert d91308 
  file.managed:
Olav Reinert d91308 
    - contents:
Olav Reinert d91308 
      - '[client]'
Olav Reinert d91308 
      - 'user={{ pillar.profile.mailserver.members.user }}'
Olav Reinert d91308 
      - 'password={{ salt['pillar.get']('profile:mailserver:members:password', '') }}'
Olav Reinert d91308 
    - user: root
Olav Reinert d91308 
    - group: root
Olav Reinert d91308 
    - mode: 0600
Olav Reinert d91308
Olav Reinert d91308 
# make sure the user database exists and is ready to use
Olav Reinert d91308 
/etc/postfix/virtual-opensuse-users:
Olav Reinert d91308 
  cmd.run:
Olav Reinert d91308 
    - name: /usr/local/bin/get_member_aliases
Olav Reinert d91308 
    - runas: root
Olav Reinert d91308 
    - unless:
Olav Reinert d91308 
      - test -f /etc/postfix/virtual-opensuse-users
Olav Reinert d91308 
    - require:
Olav Reinert d91308 
      - pkg: mariadb-client
Olav Reinert d91308 
      - file: /root/.my.cnf
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.