Puppet Class: profile::mail::smarthost

Defined in:
modules/profile/manifests/mail/smarthost.pp

Overview

Parameters:

  • dkim_domains (Any) (defaults to: lookup('profile::mail::smarthost::dkim_domains', {'default_value' => []}))
  • cert_name (Any) (defaults to: lookup('profile::mail::smarthost::cert_name', {'default_value' => $facts['hostname']}))
  • relay_from_hosts (Any) (defaults to: lookup('profile::mail::smarthost::relay_from_hosts', {'default_value' => []}))
  • envelope_rewrite_rules (Any) (defaults to: lookup('profile::mail::smarthost::envelope_rewrite_rules', {'default_value' => []}))
  • root_alias_rcpt (Any) (defaults to: lookup('profile::mail::smarthost::root_alias_rcpt', {'default_value' => ':blackhole:'}))
  • exim_primary_hostname (Any) (defaults to: lookup('profile::mail::smarthost::exim_primary_hostname', {'default_value' => $facts['fqdn']}))
  • support_ipv6 (Boolean) (defaults to: lookup('profile::mail::smarthost::support_ipv6', {default_value => true})) 


27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'modules/profile/manifests/mail/smarthost.pp', line 27

class profile::mail::smarthost (
    $dkim_domains             = lookup('profile::mail::smarthost::dkim_domains', {'default_value' => []}),
    $cert_name                = lookup('profile::mail::smarthost::cert_name', {'default_value' => $facts['hostname']}),
    $relay_from_hosts         = lookup('profile::mail::smarthost::relay_from_hosts', {'default_value' => []}),
    $envelope_rewrite_rules   = lookup('profile::mail::smarthost::envelope_rewrite_rules', {'default_value' => []}),
    $root_alias_rcpt          = lookup('profile::mail::smarthost::root_alias_rcpt', {'default_value' => ':blackhole:'}),
    $exim_primary_hostname    = lookup('profile::mail::smarthost::exim_primary_hostname', {'default_value' => $facts['fqdn']}),
    Boolean $support_ipv6     = lookup('profile::mail::smarthost::support_ipv6', {default_value => true}),
) {

    class { 'exim4':
        variant => 'light',
        config  => template('profile/exim/exim4.conf.smarthost.erb'),
    }

    firewall::service { 'exim-smtp':
        proto => 'tcp',
        port  => 25,
    }

    mailalias { 'root':
        recipient => $root_alias_rcpt,
    }

    file { '/etc/exim4/bounce_message_file':
        ensure => present,
        owner  => 'root',
        group  => 'Debian-exim',
        mode   => '0444',
        source => 'puppet:///modules/profile/exim/bounce_message_file',
    }

    file { '/etc/exim4/warn_message_file':
        ensure => present,
        owner  => 'root',
        group  => 'Debian-exim',
        mode   => '0444',
        source => 'puppet:///modules/profile/exim/warn_message_file',
    }

    $dkim_domains.each |$name, $dkim_domain| {
        $selectors = [$dkim_domain['selector']].flatten
        $selectors.each |String[1] $selector| {
            exim4::dkim { "${name}-${selector}":
                domain   => $dkim_domain['domain'],
                selector => $selector,
                content  => secret("dkim/${dkim_domain['domain']}-${selector}.key"),
            }
        }
    }

    acme_chief::cert { $cert_name:
        key_group  => 'Debian-exim',
        puppet_svc => 'exim4',
    }

    mtail::program { 'exim':
        ensure => present,
        notify => Service['mtail'],
        source => 'puppet:///modules/mtail/programs/exim.mtail',
    }

    class { 'prometheus::node_exim_queue':
        ensure => present,
    }

    # Customize logrotate settings to support longer retention (T167333)
    logrotate::conf { 'exim4-base':
        ensure => 'present',
        source => 'puppet:///modules/profile/exim/logrotate/exim4-base.mx',
    }

    sudo::user { 'nagios_exim_queue':
        ensure => absent,
    }
}