refactor: recreate profiles::postfix::gateway with parameterization and templates (#416)
- refactor profiles::postfix::gateway as parameterized class - move base postfix parameters, transports, and virtuals to hiera for flexibility - convert SMTP restrictions to arrays for better readability using join() - add postscreen enable/disable boolean with conditional master.cf configuration - add per-domain TLS policy maps (smtp_tls_policy_maps) - convert alias_maps to array parameter for flexibility - convert all postfix map files to ERB templates with parameter hashes - add map parameters: sender_canonical_maps, sender_access_maps, relay_recipients_maps, relay_domains_maps, recipient_canonical_maps, recipient_access_maps, postscreen_access_maps, helo_access_maps - move default map data to hiera while keeping parameters as empty hashes by default This approach balances flexibility with data-driven configuration, allowing easy customization through parameters while keeping transport/virtual maps and default map data in hiera for role-specific overrides. Reviewed-on: #416
This commit was merged in pull request #416.
This commit is contained in:
@@ -158,6 +158,15 @@ lookup_options:
|
||||
rke2::config_hash:
|
||||
merge:
|
||||
strategy: deep
|
||||
postfix::configs:
|
||||
merge:
|
||||
strategy: deep
|
||||
postfix::maps:
|
||||
merge:
|
||||
strategy: deep
|
||||
postfix::virtuals:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
|
||||
@@ -3,3 +3,50 @@
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- in-mta.main.unkin.net
|
||||
|
||||
# base postfix configuration (passed to postfix class)
|
||||
postfix::relayhost: 'direct'
|
||||
postfix::myorigin: 'main.unkin.net'
|
||||
postfix::mydestination: 'blank'
|
||||
postfix::mynetworks: '127.0.0.0/8 [::1]/128'
|
||||
postfix::mta: true
|
||||
postfix::manage_aliases: true
|
||||
|
||||
# profile parameters for customization
|
||||
profiles::postfix::gateway::myhostname: 'in-mta.main.unkin.net'
|
||||
|
||||
# postfix map content (templates)
|
||||
profiles::postfix::gateway::relay_recipients_maps:
|
||||
'@main.unkin.net': 'OK'
|
||||
|
||||
profiles::postfix::gateway::relay_domains_maps:
|
||||
'main.unkin.net': 'OK'
|
||||
|
||||
profiles::postfix::gateway::postscreen_access_maps:
|
||||
'127.0.0.1/32': 'permit'
|
||||
'10.10.12.200/32': 'permit'
|
||||
|
||||
profiles::postfix::gateway::helo_access_maps:
|
||||
'.dynamic.': 'REJECT'
|
||||
'.dialup.': 'REJECT'
|
||||
'unknown': 'REJECT'
|
||||
'localhost': 'REJECT You are not localhost'
|
||||
|
||||
# postfix transports
|
||||
postfix::transports:
|
||||
'main.unkin.net':
|
||||
ensure: present
|
||||
destination: 'relay'
|
||||
nexthop: 'ausyd1nxvm2120.main.unkin.net:25'
|
||||
|
||||
# postfix virtuals
|
||||
postfix::virtuals:
|
||||
'root':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'postmaster':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
'abuse':
|
||||
ensure: present
|
||||
destination: 'ben@main.unkin.net'
|
||||
|
||||
Reference in New Issue
Block a user