From d91308a35604a384c304f87fd902fd0551102f15 Mon Sep 17 00:00:00 2001
From: Olav Reinert <seroton10@gmail.com>
Date: Jan 06 2022 09:32:14 +0000
Subject: mailserver: fetch user database


---

diff --git a/pillar/role/mailserver.sls b/pillar/role/mailserver.sls
index e39804f..5d68090 100644
--- a/pillar/role/mailserver.sls
+++ b/pillar/role/mailserver.sls
@@ -1,4 +1,13 @@
+{% if salt['grains.get']('include_secrets', True) %}
+include:
+  - secrets.role.mailserver
+{% endif %}
+
+
 profile:
+  mailserver:
+    members:
+      user: 'mbr_postfix'
   postfix:
     aliases:
       root: admin-auto@opensuse.org
@@ -103,6 +112,7 @@ profile:
       # 20210401 back off
       soft_bounce: 'no'
 
+
 zypper:
   packages:
     postsrsd: {}
@@ -110,3 +120,5 @@ zypper:
     clamav: {}
     spamassassin: {}
     mailgraph: {}
+    mariadb-client: {}
+    nsca-client: {}
diff --git a/pillar/secrets/role/mailserver.sls b/pillar/secrets/role/mailserver.sls
new file mode 100644
index 0000000..778a21a
--- /dev/null
+++ b/pillar/secrets/role/mailserver.sls
@@ -0,0 +1,85 @@
+#!yaml|gpg
+
+profile:
+  mailserver:
+    members:
+      password: |
+        -----BEGIN PGP MESSAGE-----
+
+        hQQOA7A9CHm0S6RyEA/9FARypq45dM/y5ZTv8ANzZIuK9Kt4rJHUjvODqFGp/eUq
+        TZwObOMRci/q8XGdV73CeJija75x0IU1yPRvNU0U2m6MJ+OLzlyaIyphjKd8R8Pv
+        mbWK5A6dlq+qR6tkTHbAdS1FQROzt4TK148Tukd3h78+6xdxtbvUO2tW+lxYk7Ff
+        HqJFQeYJQ2aVXYOt9qhkobGe3C2ww9ixl3gmgNmhC1282rX+Nm/9bTszWx8tIj5O
+        xj3FhkfUkko+U8CxGLHsHi9XRecFDMF4iZieJoUB+g4k3e8rZEYBd0Ht8NOoHIaE
+        UAqYcCMQfgnJZkSBn+/GDUCa481osBUo6X8VKNb9h9//GEbvquhH9k9vMPBXSD81
+        exiCcG9ParZSuymmx5SoXS0DUu1ApRjAX0oQNfGZf/oVA/+T2tnVYv5dDEKXcwAZ
+        rVqcZOXNZzSzvvq6Tf+FOT9jANbxUsJKGf0HQ4ZDz/hINOCbCoqaaAyMoeROj53e
+        z/NvL/qFcEvzlkwQbyaXVqYyXUG8E04YAlze5vt0KFBhR+aiwqXSvJM8/5itHqnH
+        GknBwuBV7/XM39CWsDidnfl/aMRjaTepLl9B4qyEFd81GvXWMXbjd0wNptfITNTz
+        Zn3Jbb2Bp/oQqz/suwjHAzQtAiKwD6hbkvew9Cdnlb9z6iMhywdcW3Ge5romg5UP
+        /A6P87etFVpRbiJRA6Ya0m0lQFU61LJrWcpWuUsAPDm1py3pEyVnis38SfLnmEwg
+        j/95hnFjYA+90slAo2NUg8C6GX173GSjpnVCBLTqGLra36jd/pZTcOmNpSdaNf0B
+        9lbT6ZysRFO2ovDGVc7wbxUKUdsl4WnbI4fsQrqVjS1tOtLv6WE3GLBGyW290fA1
+        lwKQx7vvTaX6JMWXGLkGJohCA22FiXANxwTAlbThzTxjoA+Q6d9GTF3U9SdPuDd4
+        zOFcrvND0JSz08qCOGAQXL8lUDA3WHhfd8Huv6PjvKPW54ZjIWLkedd+0sYW29i2
+        zv3X+YNXsg9+13MxlvCcj0i2I5csIliRS/x2HZTIvS3ETxQhaInBffmLNwXH4K4A
+        lJioEr4lElx3fUYaTD/o/ZEY7rO7a6yoiyGBmD6iEmwSItPPbN89nKzwUe9kIWSj
+        7m1z8zr0mJ/y8Y5HG66BwXoSaxQpi0ag9Ch7xksADefOOKfre2iHJoLbX1PDCFRK
+        31FkfmdnfNHTDvZmF/iNbMKV2NwqV4TRskTn3R34EKbs2PEvfGQWTguPIJnxAvl7
+        bhX+hmi3zKRPRSh1Z3lEfeAvoAKWUNsgH1oyAiRAIP1O+YVUy3YxIM9bIsWWlkBa
+        3vkF07CtCeabsK37Z2ESZEwfKpRgcd8gAZj/r3UqLc6ZhQIMA8amgupjyC8cARAA
+        0Z/4yH3zJlHI/SU4wpLY+U4TPItNXGnp4xYZn1Rt3QVKh3hT2vdYT+3/scisA+hV
+        pPeYm+EARieMZT3XbwMM2r0/YROtfwfAWlY3jFSWkf6M4eszR0N4pHR3io9GLEMp
+        1Qr4hyBIMvpP15CfTa8iZS/Egx070MKJyUuS92PktMQM0DuvYjyiHNdkzlfMJTVo
+        CTPCKQBPiYzsHYkkrZF2eIL2tWaXA2tDgJ8sufss3ndzrBx4+rWcYLVQj2wZXZLI
+        a4h6jvvVUrjxS7NHkK1EF/ep3dNlRsPuTgCPeSUHCgxQkmt4yx/U/Sz5ci26WLtI
+        a4KsgT/vlSpedTmWXG3BjhmDuCrak+Gi9d+nJ9FS/zFCRriBIQAJ6hAPqXRDCeFw
+        Dt18si5fNN0CHtjPazmoKr8r5rPsLqp19+9W0YIrIetguRbS1vQE7jS42pwQNxlm
+        dKabN1wICr4nIC1WCac4JoOMfCTruOCcAx8ttIuUbbQAPqvvND3tfPAPsJn2uU+4
+        D0iGrxerVcov4ifLyGXeFWzI3fgTdqSJU3UMVXxbfqfs9WurmDnLK8p4gxiM5nMq
+        W4wxC9sG/TBVfaq4cnsrvz3RquW8Iub5OYfMHf7XC+H/o05ShfLLfqt65kDoBVut
+        e288ugv3VsCCQchL1nTiJbw0wl3yqDQt2N4iLkFUE8eFAQ4DslgfDDfB4G8QBACN
+        KJCSOHOhN4VczoPzIzE8PDRe5EIkQ55wiopUrGHBF4HABTqskbENbvm5s99p1XCn
+        1De1+gPoOyYEsVlAzPxOODypy0NMSzCCyCj0lQuX0yUPUtIJberQ5EUupZ3cPScf
+        9ycbhivWG/6Iofn8PddjM0AekYw7tGFQj1IS/vHJdAP/UhftSzI6QFlzGz++h9zR
+        0J16fscW7+pM/Pb6M65dG2wEdEnN9LM7/4ISPanvCtYTeC9fV9tGie20gwtLm5Hk
+        ywO7mR7f//tcmNkv22sf8Pjug3v2QUgaHMrEgIbRMSx/dKrXTqo3aDht30bB6CUj
+        +2lQZvPlk7/yMk6Eg2AaO9iFAg4DiLcKbyvsTOYQCACizb8FAhZaelfxNkIot8cT
+        0t0KPm6ohuYnoefCWcuc9Ci4seoVYXW5HlS1coNnp/Tkqfe/2PynlezheMhF8Meu
+        MbspfBQ0VPHmFGCP7l52H9uH04F3wJko6fYug87ccWEplUHrxXjt9jt349P6D+5G
+        OfSIt4XL3FTZ8NM7KQRkKUK75KsbsyhLZ/xoVtpMLajl8XQoABps+b2bxk05q37Q
+        19t5sSlZlQ7bxSzA2v23x+vLc/tRV7lFQ0xoY+qDK1eaM6C4x0I3qccZeGLFcnnQ
+        z1Uamej+KuqTHjclN5Sibe9AeRTYVUS9AYnTOIeOAeluKJGVLvFeCiDjrdMNJw4E
+        B/9hCfg88mvZQWkFk8WtxnWJ6fYHzzwHa5XZpgpMSg+/azWI0nK1uz1CSapkrk0Y
+        tTikN0WT/4p9P6Rlm/fcP188WR3mFZ7gnjuzcjOJKbegY9b8Fb6pLsR8F/EE8M4e
+        0nBJtJ9dZEq7igbTUpKCilmPkNTobMQkPGh3YHlwyKjCgLDs4WRppKz7ajUPfywL
+        D2mSiIGKQciZl53we3rp87d9B0Xm7vcVTGf/sQfd/JynpklWsvwXbsj6NxPTLryx
+        OhZw4nTbmfwoQS9ABQ4Qhz2qBIgVcsPtfP2P58/Eg6mvSc7XoMaehU90n/dudkZz
+        /FQSegWaVqXjttDjjL38iCJ5hQIMA3GiBwULdMTdAQ//eac07TgT/au58WKgPOw0
+        hbEgZiSbCaju8ft2ZLJfHoDzHEh0FNqZAB/TPIEu0mbhqGR96X7NFZtgo1Crs1yc
+        menJz1liRV6hTdpT8LrqyMDdyIBFGzI4rhwX6zlnWGipitMrrKvMBtAsIkGKmdwe
+        b6awjQfRcuXuqRlh/OYwU319ZY9ZP0soSDkJ0uYpdopOoGwDMC2hX7WEip5yuzre
+        LGG1bekDVYCbQfT/bDQLYqdz0jbydvZjlDK1qSOH0vEfxIQzfYU0/bxRs63yT1tU
+        Z+cVDf5CCCARlB0ITETnO+G47INPnxg7en7803pf37OCO+UB/jFIUpHIsQFFb8uC
+        oqncnijK2/CIm0g7ajKBqSRIQY+t+20tjQc8nH3tqUq5D//hxsT8jigeNC6dqyfm
+        FS/WEAweR9iX+usimG6FHSK/CBUovrejfDDY001CR2owElg3n+Or5PEPt90zTFg7
+        W7ZK9g5mirJNvmywXMBk4qsqZNP54MLT0fJWHYlyoXGOBk1xcrChrvdhIZIXfvOy
+        pBve9wP6qTYSJjb+riSQDagu82xIhosEX3uCMhgABvJ17x/frE69McKBHkixaUAf
+        OVd8Le7Saj4Cs6SfaBhhE1PpSZ5fc9bPB9fjY/duQdOPLK0v6VhaxgVNqyi4dBno
+        UQkRDSdj/ZFl2iXUB1Mlm7GFAgwDrPDOChusaZEBEACGcfJbIaXymStfw6yhkqtF
+        15DVI8bP6vGuom7c/5wUqMmxtZPVcRzTb3n0b0n5VPYZZ53/gFp6HDP26on/3Zew
+        bQY6j/HfobOqhapalu4G5yC6UMJsfQ1FGikRzIVeSpty5E9/sRwdsMFniO8wdTyZ
+        PpXVcFiAJJJNHH4Zwck4zxhI/XdSPcMcNY8z292rkhP/ifhRDnt1kAsAsvJ4zyWF
+        p5RctDhKzarYzARQL12h9jvySUWfRWxkfuC0IZsJp3T5A+2A59h/Zo0DyhwWt5Tn
+        hE+7tBtuTpBr+HfptPZ9b8gP61U9BqdIlEnCizqanw2z10hBCzbQPIwIUD5Meey6
+        JkbysHKfjeknLbdYJOx9afIEDxym/+Scf1Eogtxf2UoPssIi48YRWPalHXMSx31l
+        MqMnnNVcQtZa0zCADL+gpEB15CxD5eNMHnAcLk2vl7XMooMKZH5fJRCahfJjpWgq
+        zj/Ju/tAdBz9mik5gULHV9SnO+L3h9NA5zOTYdfAjXITXsyDF8fF8kc5vJu12VY8
+        8dkNTcRiQ5y9gRUza186Md8jIuz4WfjUF4SCPsA2ulsh1AwYRXZE1f2kDgTrfboZ
+        FJxg/pkV/sTnshjCHarVrFedv3LujjofU9lnC1D0fou9WAM+t8Y1FTF32JkRsto2
+        erGT4OvPZQNW0ipAdQBNA9JjAcjGfLBxdVupmwPEUXXcTSsgMLiDajTpVyhiLT9U
+        nZo5GyaVMZvdpuIrgIQsMh6DCL5c6BnsxLv7dF1MJzzxyjHtxSRdZ86zgfCbQLdI
+        ToNPuQdXRcRzNV2yq6yydhLf6GB2
+        =mgtP
+        -----END PGP MESSAGE-----
+
diff --git a/salt/profile/mailserver/files/cron/get_member_aliases b/salt/profile/mailserver/files/cron/get_member_aliases
old mode 100644
new mode 100755
index a8091df..0256fe2
--- a/salt/profile/mailserver/files/cron/get_member_aliases
+++ b/salt/profile/mailserver/files/cron/get_member_aliases
@@ -1,8 +1,8 @@
 #!/bin/sh
-tmp=$(mktemp -d memberaliases.XXXXXXXXXX)
+tmp=$(mktemp -p /tmp -d memberaliases.XXXXXXXXXX)
 cd "$tmp" || exit 1
 
-nsca_client_name='mx1.infra.opensuse.org'
+nsca_client_name='{{grains.id}}'
 nsca_client_service='openSUSE virtual_users'
 nsca_server_ip='192.168.47.7'
 nsca_config='/etc/send_nsca.cfg'
@@ -15,14 +15,13 @@ send_nsca_message(){
 	echo -e "$nsca_client_name\t$nsca_client_service\t$status_code\t$status_message" | send_nsca -H $nsca_server_ip -c "$nsca_config"
 }
 
-wget -q --timeout=15 --tries=3 -O member.aliases.new \
-	'https://connect.opensuse.org/services/api/rest/txt/?method=connect.membersadmin.maildump&api_key=e28d9177fdc1268bc003f2ba6cdbb221ef8f24d8'
+mysql -h proxy.infra.opensuse.org -P3307 -Dmembers -NB -e 'select addr, email_target from email_aliases' >member.aliases.new
 
 # need to make sure it is ordered
 LC_ALL=C sort -d -k1 member.aliases.new >member.aliases.ordered
 
-added=$(diff -B /etc/postfix/virtual-opensuse-users member.aliases.ordered | grep ^\> | wc -l)
-removed=$(diff -B /etc/postfix/virtual-opensuse-users member.aliases.ordered | grep ^\< | wc -l)
+added=$(diff -B -b /etc/postfix/virtual-opensuse-users member.aliases.ordered | grep ^\> | wc -l)
+removed=$(diff -B -b /etc/postfix/virtual-opensuse-users member.aliases.ordered | grep ^\< | wc -l)
 total=$(wc -l <member.aliases.ordered)
 
 # if too many would be removed, something's probably wrong.
@@ -41,7 +40,7 @@ then
         printf "virtual-opensuse-users updated: %u additions, %u removals, now %u entries\n" $added $removed $total
         send_nsca_message "0" "virtual-opensuse-users updated: $added additions, $removed removals, now $total entries | total=$total; added=$added; removed=$removed;"
 	# debug
-	diff -B /etc/postfix/virtual-opensuse-users member.aliases.ordered
+	diff -B -b /etc/postfix/virtual-opensuse-users member.aliases.ordered
 
 	mv member.aliases.ordered /etc/postfix/virtual-opensuse-users
         postmap /etc/postfix/virtual-opensuse-users
diff --git a/salt/profile/mailserver/files/cron/member_aliases b/salt/profile/mailserver/files/cron/member_aliases
index cef388e..94f0233 100644
--- a/salt/profile/mailserver/files/cron/member_aliases
+++ b/salt/profile/mailserver/files/cron/member_aliases
@@ -2,5 +2,5 @@
 SHELL=/bin/sh
 PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/local/bin/
 MAILTO=admin-auto@opensuse.org
-# 0 * * * * root /usr/local/bin/get_member_aliases
+0 * * * * root /usr/local/bin/get_member_aliases
 
diff --git a/salt/profile/mailserver/init.sls b/salt/profile/mailserver/init.sls
index b14c8a5..785896a 100644
--- a/salt/profile/mailserver/init.sls
+++ b/salt/profile/mailserver/init.sls
@@ -187,5 +187,26 @@ service {{svc}}:
     - group: root
     - mode: {{ '0755' if dir.endswith('/bin') else '0644' }}
     - replace: True
+    - template: jinja
 {% endfor %}
 
+/root/.my.cnf:
+  file.managed:
+    - contents:
+      - '[client]'
+      - 'user={{ pillar.profile.mailserver.members.user }}'
+      - 'password={{ salt['pillar.get']('profile:mailserver:members:password', '') }}'
+    - user: root
+    - group: root
+    - mode: 0600
+
+# make sure the user database exists and is ready to use
+/etc/postfix/virtual-opensuse-users:
+  cmd.run:
+    - name: /usr/local/bin/get_member_aliases
+    - runas: root
+    - unless:
+      - test -f /etc/postfix/virtual-opensuse-users
+    - require:
+      - pkg: mariadb-client
+      - file: /root/.my.cnf