- require:
- pkg: postfix
+/etc/postfix/mkpostfixcert:
+ file.managed:
+ - source: salt://postfix/files/mkpostfixcert
+ - user: root
+ - group: root
+ - mode: 744
+ - require:
+ - file: /etc/postfix
+ - backup: minion
+
/etc/postfix/main.cf:
file.managed:
- source: salt://postfix/files/main.cf
--- /dev/null
+#! /bin/sh
+#
+# This is a short script to quickly generate a self-signed X.509 key for
+# Postfix over SSL. Normally this script would get called by an automatic
+# package installation routine.
+
+test -x /usr/bin/openssl || exit 0
+
+prefix="/usr"
+pemfile="/etc/postfix/postfix.pem"
+randfile="/etc/postfix/postfix.rand"
+conffile="/etc/postfix/postfix-cert.cnf"
+
+if [[ -f "${pemfile}" ]]; then
+ echo "${pemfile} already exists."
+ exit 1
+fi
+
+if [[ ! -f "${conffile}" [] ; then
+ echo "${conffile} does not exists!"
+ exit 2
+fi
+
+cp /dev/null "${pemfile}"
+chmod 600 "${pemfile}"
+chown root "${pemfile}"
+
+cleanup() {
+ rm -f "${pemfile}"
+ rm -f "${randfile}"
+ exit 1
+}
+
+dd if=/dev/urandom of="${randfile}" count=1 2>/dev/null
+/usr/bin/openssl req -new -x509 -days 3650 -nodes \
+ -config "${conffile}" -out "${pemfile}" -keyout "${pemfile}" || cleanup
+/usr/bin/openssl gendh -rand "${randfile}" 512 >> "${pemfile}" || cleanup
+/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in "${pemfile}" || cleanup
+rm -f "${randfile}"
+
projects / salt / states.git / commitdiff