heroes / salt

Clone
Source Code
GIT

Files

adjust-ci-pipeline anikitin/mirrorcache anikitin/t_allow_jinja_in_secrets anikitin/web_mirrors__proxy_mirrorcache bootloader cboltz-borgbackup cboltz-relnotes-15.3 cboltz-scar-sshd doc-o-o gateway hellcp/matrix-synapse-workers-syntax hellcp/paste-sync ifconfig infra libvirt lrupp-production-patch-08358 lrupp/add_identification lrupp/remove_login_interface lrupp/retire lrupp/serve_www mailman micro monitoring-restart paste-socket postfix-aliases production repositories set-secret-detection-config-1 sysctl update-access-crtmgr
  1.   production
  2.   salt
  3.   profile
  4.   mailserver
  5.   init.sls
Blob Blame History Raw 
include:
  - profile.cron
  - zypper.packages

/etc/postfix/master.cf:
  file.managed:
    - source: salt://profile/mailserver/files/master.cf
    - user: root
    - group: root
    - mode: '0644'
    - template: jinja
    - replace: True
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: postfix

{% for file in [
  'handling_special_recipients',
  'manually-blocked-users',
  'no-internal-tls',
  'ratelimit',
  'transport',
  'virtual-domains',
  'virtual-opensuse-aliases',
  'virtual-opensuse-mailinglists'
] %}
/etc/postfix/{{ file }}:
  file.managed:
    - source: salt://profile/mailserver/files/{{ file }}
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
  cmd.run:
    - name: postmap /etc/postfix/{{ file }}
    - runas: root
    - onchanges:
      - file: /etc/postfix/{{ file }}
    - watch_in:
      - service: postfix
    - require:
      - pkg: zypper_packages
{% endfor %}

/etc/sysconfig/postgrey:
  file.line:
    - match: ^POSTGREY_EXTRA_OPTIONS=
    - content: POSTGREY_EXTRA_OPTIONS="--auto-whitelist-clients --greylist-text='Service temporarily unavailable, please retry later'"
    - mode: replace

/etc/postfix/header_checks:
  file.managed:
    - source: salt://profile/mailserver/files/header_checks
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja

{% for file in [
  'bounce-old-mlmmj.pcre',
  'greylist_helos.pcre',
  'suspicious_client.pcre',
  'virtual-opensuse-mm3-bounces.pcre'
] %}
/etc/postfix/{{ file }}:
  file.managed:
    - source: salt://profile/mailserver/files/{{ file }}
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: postfix
{% endfor %}

/etc/clamd.conf:
  file.managed:
    - source: salt://profile/mailserver/files/clamd.conf
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: clamd

/etc/freshclam.conf:
  file.managed:
    - source: salt://profile/mailserver/files/freshclam.conf
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: freshclam

/etc/postgrey/whitelist_clients.local:
  file.managed:
    - source: salt://profile/mailserver/files/whitelist_clients.local
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: postgrey

{%- for file, dir in [
  ('spampd', 'sysconfig'),
  ('local.cf', 'mail/spamassassin'),
  ('opensuse.cf', 'mail/spamassassin'),
  ('opensuse-rules.cf', 'mail/spamassassin'),
] %}
/etc/{{ dir }}/{{ file }}:
  file.managed:
    - source: salt://profile/mailserver/files/spamassassin/{{ file }}
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - template: jinja
    - require:
      - pkg: zypper_packages
    - watch_in:
      - service: spampd
{%- endfor %}

/etc/default/postsrsd:
  file.line:
    - match: ^SRS_LISTEN_ADDR=
    - content: SRS_LISTEN_ADDR=ipv6-localhost
    - mode: replace
    - watch_in:
      - service: service postsrsd

# MAYBE: remove override for clamd, seems to be standard now?
{%- for svc in ['clamd', 'spampd'] %}
/etc/systemd/system/{{ svc }}.service.d/override.conf:
  file.managed:
    - user: root
    - group: root
    - mode: '0644'
    - replace: True
    - makedirs: True
    - contents:
        - {{ pillar['managed_by_salt'] | yaml_encode }}
        - '[Service]'
        - 'RestartSec=10'
        - 'Restart=always'
{%- endfor %}

{%- for svc in ['clamd', 'freshclam', 'spampd', 'postsrsd', 'postgrey'] %}
service {{ svc }}:
  service.running:
    - name: {{ svc }}
    - enable: True
{%- endfor %}

{%- for file, dir in [
  ('dhprimes','/etc/cron.d'),
  ('regen_dh_primes','/usr/local/bin'),
  ('member_aliases','/etc/cron.d'),
  ('get_member_aliases', '/usr/local/bin')
] %}
{{ dir }}/{{ file }}:
  file.managed:
    - source: salt://profile/mailserver/files/cron/{{ file }}
    - user: root
    - group: root
    - mode: {{ '0755' if dir.endswith('/bin') else '0644' }}
    - replace: True
    - template: jinja
{% endfor %}

/root/.my.cnf:
  file.managed:
    - contents:
      - {{ pillar['managed_by_salt'] | yaml_encode }}
      - '[client]'
      - 'host=mysql.infra.opensuse.org'
      - 'port=3307'
      - 'user={{ pillar.profile.mailserver.members.user }}'
      - 'password={{ salt['pillar.get']('profile:mailserver:members:password', '') }}'
    - user: root
    - group: root
    - mode: '0600'

# make sure the user database exists and is ready to use
/etc/postfix/virtual-opensuse-users:
  cmd.run:
    - name: /usr/local/bin/get_member_aliases
    - runas: root
    - unless:
      - test -f /etc/postfix/virtual-opensuse-users
    - require:
      - pkg: zypper_packages
      - file: /root/.my.cnf
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.