refactor: recreate profiles::postfix::gateway with parameterization and templates (#416)

- refactor profiles::postfix::gateway as parameterized class
- move base postfix parameters, transports, and virtuals to hiera for flexibility
- convert SMTP restrictions to arrays for better readability using join()
- add postscreen enable/disable boolean with conditional master.cf configuration
- add per-domain TLS policy maps (smtp_tls_policy_maps)
- convert alias_maps to array parameter for flexibility
- convert all postfix map files to ERB templates with parameter hashes
- add map parameters: sender_canonical_maps, sender_access_maps, relay_recipients_maps,
  relay_domains_maps, recipient_canonical_maps, recipient_access_maps, postscreen_access_maps, helo_access_maps
- move default map data to hiera while keeping parameters as empty hashes by default

This approach balances flexibility with data-driven configuration, allowing
easy customization through parameters while keeping transport/virtual maps
and default map data in hiera for role-specific overrides.

Reviewed-on: #416
This commit was merged in pull request #416.
This commit is contained in:
2025-11-01 17:26:00 +11:00
parent 81f289a185
commit 78adef0eee
20 changed files with 481 additions and 288 deletions
@@ -1,11 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
# HELO/EHLO access controls
# Format: pattern action
# Actions: REJECT, OK, WARN, etc.
# Block common spam patterns
.dynamic. REJECT
.dialup. REJECT
unknown REJECT
localhost REJECT You are not localhost
@@ -1,4 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
127.0.0.1/32 permit
10.10.12.200/32 permit
@@ -1,9 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
# Recipient access controls
# Format: recipient_pattern action
# Actions: REJECT, OK, WARN, DISCARD, etc.
# Protected recipients that require special handling
# Example entries:
# @main.unkin.net OK
@@ -1,8 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
# Recipient canonical address mapping
# Format: original_address canonical_address
# Used to rewrite recipient addresses
# Example mappings:
# user@olddomain.com user@main.unkin.net
@@ -1,3 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
main.unkin.net OK
@@ -1,3 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
@main.unkin.net OK
@@ -1,10 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
# Sender access controls
# Format: sender_pattern action
# Actions: REJECT, OK, WARN, DISCARD, etc.
# Block known spam domains
# Example entries:
# spammer@example.com REJECT
# @badspammer.com REJECT
@@ -1,8 +0,0 @@
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
# Sender canonical address mapping
# Format: original_address canonical_address
# Used to rewrite sender addresses
# Example mappings:
# user@internal.local user@main.unkin.net