---
infra::role: base
+
+infra::additional_classes:
+ - infra::profile::sasl
+ - infra::profile::postfix
+
+# Necessary, because the host has a local caching only DNS resolver
+puppetconf::server: puppetmaster01.pixelpark.com
+
+#####################################################
+# SASL configuration
+sasl::authd::mechanism: 'ldap'
+sasl::authd::bind: 'ldap'
+sasl::authd::ldap_auth_method: 'bind'
+sasl::authd::ldap_search_base: 'o=isp'
+sasl::authd::ldap_servers:
+ - 'ldap://ldap.pixelpark.com'
+#sasl::authd::ldap_start_tls: false
+sasl::authd::bind_dn: 'cn=admin'
+sasl::authd::ldap_bind_dn: 'cn=admin'
+sasl::authd::ldap_password: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+sasl::authd::ldap_bind_pw: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+sasl::authd::ldap_version: '3'
+sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))'
+
+infra::profile::sasl::enable_authd: true
+infra::profile::sasl::application:
+ smtpd:
+ mech_list:
+ - PLAIN
+ - LOGIN
+ pwcheck_method: 'saslauthd'
+
+
+#####################################################
+# Postfix configuration:
+
+# Global configurations
+infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases'
+infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases'
+
+ldap_server: 'ldap.pixelpark.com'
+ldap_port: '389'
+ldap_timeout: '5'
+ldap_search_base: 'o=isp'
+ldap_bind_dn: 'cn=admin'
+ldap_bind_pw: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+
+postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf"
+postfix::inet_interfaces: 'all'
+postfix::manage_mailx: false
+postfix::mastercf_source: 'puppet:///postfix_dir/master.cf'
+postfix::myorigin: 'pixelpark.com'
+
+# Main.cf config entries
+infra::profile::postfix::configs:
+ address_verify_map:
+ ensure: 'absent'
+ alias_database:
+ value: 'hash:/etc/postfix/maps/aliases'
+ append_dot_mydomain:
+ value: 'no'
+ biff:
+ value: 'no'
+ broken_sasl_auth_clients:
+ value: 'yes'
+ command_directory:
+ ensure: 'absent'
+ daemon_directory:
+ ensure: 'absent'
+ data_directory:
+ ensure: 'absent'
+ debug_peer_level:
+ ensure: 'absent'
+ debugger_command:
+ ensure: 'absent'
+ hash_queue_depth:
+ value: '3'
+ html_directory:
+ ensure: 'absent'
+ inet_protocols:
+ value: 'all'
+ lmtp_tls_loglevel:
+ value: '1'
+ mail_owner:
+ ensure: 'absent'
+ mailbox_size_limit:
+ value: '0'
+ manpage_directory:
+ ensure: 'absent'
+ masquerade_domains:
+ value: 'hash:/etc/postfix/maps/masquerade_domains'
+ maximal_queue_lifetime:
+ value: '10d'
+ message_size_limit:
+ value: '358400000'
+ mydestination:
+ value: '$myhostname, localhost.$mydomain, localhost'
+ mydomain:
+ value: 'pixelpark.com'
+ myhostname:
+ value: "%{::fqdn}"
+ mynetworks:
+ value: 'cidr:/etc/postfix/maps/my-networks'
+ queue_directory:
+ ensure: 'absent'
+ readme_directory:
+ value: '/usr/share/doc/postfix'
+ recipient_canonical_maps:
+ value: 'hash:/etc/postfix/maps/canonical-recipients ldap:/etc/postfix/ldap/mailroutingaddress.cf'
+ recipient_delimiter:
+ value: '+'
+ relay_domains:
+ value: 'hash:/etc/postfix/maps/relay_domains'
+ relayhost:
+ ensure: 'blank'
+ sample_directory:
+ ensure: 'absent'
+ sender_dependent_default_transport_maps:
+ ensure: 'absent'
+ sender_dependent_relayhost_maps:
+ ensure: 'absent'
+ setgid_group:
+ ensure: 'absent'
+ smtp_generic_maps:
+ ensure: 'absent'
+ smtp_sasl_auth_enable:
+ ensure: 'absent'
+ smtp_tls_cert_file:
+ value: '/etc/postfix/ssl/wildcard.pixelpark.com-cert.pem'
+ smtp_tls_enforce_peername:
+ value: 'no'
+ smtp_tls_key_file:
+ value: '$smtp_tls_cert_file'
+ smtp_tls_loglevel:
+ value: '1'
+ smtp_tls_note_starttls_offer:
+ ensure: 'absent'
+ smtp_tls_per_site:
+ value: 'hash:/etc/postfix/maps/smtp-tls-peers'
+ smtp_tls_policy_maps:
+ ensure: 'absent'
+ smtp_tls_session_cache_database:
+ value: 'btree:${data_directory}/smtp_scache'
+ smtp_use_tls:
+ value: 'yes'
+ smtpd_banner:
+ value: '$myhostname ESMTP $mail_name $mail_version'
+ smtpd_client_restrictions:
+ ensure: 'absent'
+ smtpd_recipient_restrictions:
+ ensure: 'absent'
+ smtpd_relay_restrictions:
+ value: "check_client_access hash:/etc/postfix/maps/access_client, check_recipient_access hash:/etc/postfix/maps/access_recipient, check_sender_access hash:/etc/postfix/maps/access_sender, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_invalid_helo_hostname, permit_mynetworks, permit_sasl_authenticated, permit_tls_clientcerts, reject_unauth_destination, reject_unauth_destination, reject_unverified_recipient, permit"
+ smtpd_sasl_auth_enable:
+ value: 'yes'
+ smtpd_sasl_authenticated_header:
+ value: 'yes'
+ smtpd_sasl_local_domain:
+ ensure: 'absent'
+ smtpd_sender_restrictions:
+ ensure: 'absent'
+ smtpd_tls_CAfile:
+ ensure: 'absent'
+ smtpd_tls_auth_only:
+ ensure: 'absent'
+ smtpd_tls_cert_file:
+ value: '$smtp_tls_cert_file'
+ smtpd_tls_key_file:
+ value: '$smtp_tls_cert_file'
+ smtpd_tls_loglevel:
+ value: '1'
+ smtpd_tls_received_header:
+ value: 'yes'
+ smtpd_tls_session_cache_database:
+ value: 'btree:${data_directory}/smtpd_scache'
+ smtpd_tls_session_cache_timeout:
+ ensure: 'absent'
+ tls_random_prng_update_period:
+ ensure: 'absent'
+ tls_random_source:
+ ensure: 'absent'
+ smtpd_use_tls:
+ value: 'yes'
+ transport_maps:
+ value: 'hash:/etc/postfix/maps/discarded_domains hash:/etc/postfix/maps/transport ldap:/etc/postfix/ldap/mailhost.cf'
+ unknown_local_recipient_reject_code:
+ ensure: 'absent'
+ unverified_recipient_reject_code:
+ value: '550'
+ virtual_alias_maps:
+ value: 'pcre:/etc/postfix/maps/virtual-regex hash:/etc/postfix/maps/virtual-aliases'
+
+# All postfix hash databases
+infra::profile::postfix::hashes:
+ '/etc/postfix/maps/access_client':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/access_client'
+ '/etc/postfix/maps/access_recipient':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/access_recipient'
+ '/etc/postfix/maps/access_sender':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/access_sender'
+ '/etc/postfix/maps/discarded_domains':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/discarded_domains'
+ '/etc/postfix/maps/masquerade_domains':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/masquerade_domains'
+ '/etc/postfix/maps/relay_domains':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/relay_domains'
+ '/etc/postfix/maps/smtp-tls-peers':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/smtp-tls-peers'
+ '/etc/postfix/maps/transport':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/transport'
+ '/etc/postfix/maps/canonical-recipients':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/canonical-recipients'
+ '/etc/postfix/maps/virtual-aliases':
+ ensure: 'present'
+ source: 'puppet:///postfix_dir/maps/virtual-aliases'
+
+# All other postfix configuration files
+infra::profile::postfix::conffiles:
+ my-networks:
+ ensure: 'present'
+ path: '/etc/postfix/maps/my-networks'
+ source: 'puppet:///postfix_dir/maps/my-networks'
+ virtual-regex:
+ ensure: 'present'
+ path: '/etc/postfix/maps/virtual-regex'
+ source: 'puppet:///postfix_dir/maps/virtual-regex'
+ ldap-alias:
+ ensure: 'present'
+ path: '/etc/postfix/ldap/alias.cf'
+ options:
+ server_host: "%{hiera('ldap_server')}"
+ server_port: "%{hiera('ldap_port')}"
+ timeout: "%{hiera('ldap_timeout')}"
+ search_base: "%{hiera('ldap_search_base')}"
+ query_filter: '(mailAlternateAddress=%u@pixelpark.com)'
+ result_attribute: 'mail'
+ bind: 'yes'
+ bind_dn: "%{hiera('ldap_bind_dn')}"
+ bind_pw: "%{hiera('ldap_bind_pw')}"
+ ldap-mailhost:
+ ensure: 'present'
+ path: '/etc/postfix/ldap/mailhost.cf'
+ options:
+ server_host: "%{hiera('ldap_server')}"
+ server_port: "%{hiera('ldap_port')}"
+ timeout: "%{hiera('ldap_timeout')}"
+ search_base: "%{hiera('ldap_search_base')}"
+ query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))'
+ result_attribute: 'mailhost'
+ result_format: 'smtp:[%s]'
+ bind: 'yes'
+ bind_dn: "%{hiera('ldap_bind_dn')}"
+ bind_pw: "%{hiera('ldap_bind_pw')}"
+ ldap-mailroutingaddress:
+ ensure: 'present'
+ path: '/etc/postfix/ldap/mailroutingaddress.cf'
+ options:
+ server_host: "%{hiera('ldap_server')}"
+ server_port: "%{hiera('ldap_port')}"
+ timeout: "%{hiera('ldap_timeout')}"
+ search_base: "%{hiera('ldap_search_base')}"
+ query_filter: '(&(objectclass=inetLocalMailRecipient)(|(mail=%s)(mailAlternateAddress=%s)(mailEquivalentAddress=%s))(|(inetMailGroupStatus=active)(mailUserStatus=active)(mailUserStatus=hold)))'
+ result_attribute: 'mailroutingaddress'
+ bind: 'yes'
+ bind_dn: "%{hiera('ldap_bind_dn')}"
+ bind_pw: "%{hiera('ldap_bind_pw')}"
+
projects / pixelpark / hiera.git / commitdiff