Page MenuHomeDevCentral
Files F3909018

D3242.id8669.diff
No OneTemporary
Actions

D3242.id8669.diff
View Options

diff --git a/pillar/credentials/vault.sls b/pillar/credentials/vault.sls
--- a/pillar/credentials/vault.sls
+++ b/pillar/credentials/vault.sls
@@ -96,6 +96,7 @@
mailserver:
- ops/secrets/dbserver/cluster-A/users/mailManagement
+ - ops/secrets/dbserver/cluster-A/users/postfix
- ops/secrets/mailserver/security
opensearch:
diff --git a/roles/mailserver/init.sls b/pillar/mailserver/postfix.sls
copy from roles/mailserver/init.sls
copy to pillar/mailserver/postfix.sls
--- a/roles/mailserver/init.sls
+++ b/pillar/mailserver/postfix.sls
@@ -1,8 +1,12 @@
# -------------------------------------------------------------
-# Salt — Mail
+# Salt — postfix Configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-# This state is left intentionally blank.
+postfix_config:
+ db:
+ service: db-A
+ database: mail
+ credential: dbserver/cluster-A/users/postfix
diff --git a/pillar/top.sls b/pillar/top.sls
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -53,6 +53,7 @@
hervil:
- mailserver.vimbadmin
+ - mailserver.postfix
ysul:
- devserver.repos
diff --git a/roles/mailserver/init.sls b/roles/mailserver/init.sls
--- a/roles/mailserver/init.sls
+++ b/roles/mailserver/init.sls
@@ -5,4 +5,5 @@
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-# This state is left intentionally blank.
+include:
+ - .postfix
diff --git a/roles/mailserver/map.jinja b/roles/mailserver/map.jinja
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/map.jinja
@@ -0,0 +1,16 @@
+{% set postfix_dirs = salt['grains.filter_by']({
+ 'FreeBSD' : {
+ 'daemon': '/usr/local/libexec/postfix',
+ 'queue': '/var/spool/postfix',
+ 'data': '/var/db/postfix',
+ 'shlib': '/usr/local/lib/postfix',
+ 'cacerts': '/etc/ssl/certs',
+ },
+ 'Debian' : {
+ 'daemon': '/usr/lib/postfix',
+ 'queue': '/var/spool/postfix',
+ 'data': '/var/lib/postfix',
+ 'shlib': '/usr/lib/postfix',
+ 'cacerts': '/etc/ssl/certs',
+ }
+}, default='Debian') %}
diff --git a/roles/mailserver/postfix/files/dynamicmaps.cf b/roles/mailserver/postfix/files/dynamicmaps.cf
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/files/dynamicmaps.cf
@@ -0,0 +1,20 @@
+# -------------------------------------------------------------
+# Postfix main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix/files/dynamicmaps.cf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+# Postfix dynamic maps configuration file.
+#
+#type location of .so file open function (mkmap func)
+#==== ================================ ============= ============
+pgsql {{ dirs.lib }}/postfix/postfix-pgsql.so dict_pgsql_open
diff --git a/roles/mailserver/postfix/files/main.cf b/roles/mailserver/postfix/files/main.cf
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/files/main.cf
@@ -0,0 +1,91 @@
+# -------------------------------------------------------------
+# Postfix main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix/files/main.cf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+compatibility_level = 3.8
+
+# -------------------------------------------------------------
+# Postfix directories
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+command_directory = {{ dirs.sbin }}
+daemon_directory = {{ postfix_dirs.daemon }}
+data_directory = {{ postfix_dirs.data }}
+html_directory = {{ dirs.share }}/doc/postfix
+manpage_directory = {{ dirs.man }}
+meta_directory = {{ dirs.etc }}/postfix
+queue_directory = {{ postfix_dirs.queue }}
+readme_directory = {{ dirs.share }}/doc/postfix
+sample_directory = {{ dirs.etc }}/postfix
+shlib_directory = {{ postfix_dirs.shlib }}
+
+# -------------------------------------------------------------
+# External utilities
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+mailq_path = {{ dirs.bin }}/mailq
+newaliases_path = {{ dirs.bin }}/newaliases
+sendmail_path = {{ dirs.sbin }}/sendmail
+
+# -------------------------------------------------------------
+# UNIX users and groups
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+mail_owner = postfix
+setgid_group = maildrop
+
+# -------------------------------------------------------------
+# Debug
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+debug_peer_level = 2
+
+debugger_command =
+ PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
+ ddd $daemon_directory/$process_name $process_id & sleep 5
+
+# -------------------------------------------------------------
+# Network
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+inet_protocols = all
+mynetworks_style = host
+
+# -------------------------------------------------------------
+# Mail
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+mydestination = localhost
+unknown_local_recipient_reject_code = 550
+
+# -------------------------------------------------------------
+# TLS certificates
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+smtp_tls_CApath = {{ postfix_dirs.cacerts }}
+
+smtpd_use_tls=yes
+smtpd_tls_cert_file=/usr/local/etc/letsencrypt/live/mail.nasqueron.org/fullchain.pem
+smtpd_tls_key_file=/usr/local/etc/letsencrypt/live/mail.nasqueron.org/privkey.pem
+
+smtpd_tls_mandatory_ciphers = high
+smtpd_tls_mandatory_exclude_ciphers = aNULL,MD5
+smtpd_tls_security_level = may
+smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
+
+
+
+virtual_mailbox_domains=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-domains.cf
+virtual_mailbox_maps=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-maps.cf
+virtual_alias_maps=pgsql:{{ dirs.etc }}/postfix/pgsql-virtual-alias-maps.cf
diff --git a/roles/mailserver/postfix/files/pgsql-virtual-alias-maps.cf b/roles/mailserver/postfix/files/pgsql-virtual-alias-maps.cf
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/files/pgsql-virtual-alias-maps.cf
@@ -0,0 +1,19 @@
+# -------------------------------------------------------------
+# Postfix main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+user = {{ db.username }}
+password = {{ db.password }}
+hosts = {{ db.host }}
+dbname = {{ db.database }}
+query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
diff --git a/roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf b/roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf
@@ -0,0 +1,19 @@
+# -------------------------------------------------------------
+# Postfix main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+user = {{ db.username }}
+password = {{ db.password }}
+hosts = {{ db.host }}
+dbname = {{ db.database }}
+query = SELECT domain FROM domain WHERE domain = '%s' AND backupmx = '0' AND active = '1'
diff --git a/roles/mailserver/postfix/files/pgsql-virtual-mailbox-maps.cf b/roles/mailserver/postfix/files/pgsql-virtual-mailbox-maps.cf
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/files/pgsql-virtual-mailbox-maps.cf
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Postfix main configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix/files/pgsql-virtual-mailbox-maps.cf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+user = {{ db.username }}
+password = {{ db.password }}
+hosts = {{ db.host }}
+dbname = {{ db.database }}
+table = mailbox
+select_field = maildir
+where_field = username
diff --git a/roles/mailserver/postfix/init.sls b/roles/mailserver/postfix/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/mailserver/postfix/init.sls
@@ -0,0 +1,74 @@
+# -------------------------------------------------------------
+# Mail - Postfix
+# -------------------------------------------------------------
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/mailserver/postfix.sls
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+{% from "roles/mailserver/map.jinja" import postfix_dirs with context %}
+{% set db = pillar["postfix_config"]["db"] %}
+
+# -------------------------------------------------------------
+# Software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+postfix-pgsql:
+ pkg.installed
+
+# -------------------------------------------------------------
+# Configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/postfix/main.cf:
+ file.managed:
+ - source: salt://roles/mailserver/postfix/files/main.cf
+ - template: jinja
+ - context:
+ dirs: {{ dirs }}
+ postfix_dirs: {{ postfix_dirs }}
+
+/usr/local/etc/postfix/postfix-files:
+ file.symlink:
+ - target: /usr/local/libexec/postfix/postfix-files
+
+{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-domains.cf:
+ file.managed:
+ - source: salt://roles/mailserver/postfix/files/pgsql-virtual-mailbox-domains.cf
+ - template: jinja
+ - context:
+ db:
+ database: {{ db["database"] }}
+ username: {{ salt["credentials.get_username"](db["credential"]) }}
+ password: {{ salt["credentials.get_password"](db["credential"]) }}
+ host: {{ pillar["nasqueron_services"][db["service"]] }}
+
+{{ dirs.etc }}/postfix/pgsql-virtual-mailbox-maps.cf:
+ file.managed:
+ - source: salt://roles/mailserver/postfix/files/pgsql-virtual-mailbox-maps.cf
+ - template: jinja
+ - context:
+ db:
+ database: {{ db["database"] }}
+ username: {{ salt["credentials.get_username"](db["credential"]) }}
+ password: {{ salt["credentials.get_password"](db["credential"]) }}
+ host: {{ pillar["nasqueron_services"][db["service"]] }}
+
+{{ dirs.etc }}/postfix/pgsql-virtual-alias-maps.cf:
+ file.managed:
+ - source: salt://roles/mailserver/postfix/files/pgsql-virtual-alias-maps.cf
+ - template: jinja
+ - context:
+ db:
+ database: {{ db["database"] }}
+ username: {{ salt["credentials.get_username"](db["credential"]) }}
+ password: {{ salt["credentials.get_password"](db["credential"]) }}
+ host: {{ pillar["nasqueron_services"][db["service"]] }}
+
+{{ dirs.etc }}/postfix/dynamicmaps.cf:
+ file.managed:
+ - source: salt://roles/mailserver/postfix/files/dynamicmaps.cf
+ - template: jinja
+ - context:
+ dirs: {{ dirs }}

File Metadata

Mime Type
text/plain
Expires
Thu, Dec 19, 17:55 (20 h, 50 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2306657
Default Alt Text
D3242.id8669.diff (12 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator