feat: add SMTP submission listener and enhance stalwart configuration (#425)
- add SMTP submission listener on port 587 with TLS requirement - configure HAProxy frontend/backend for submission with send-proxy-v2 support - add send-proxy-v2 support to all listeners - add dynamic HAProxy node discovery for proxy trusted networks - use service hostname instead of node FQDN for autoconfig/autodiscover - remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates - update VRRP CNAME configuration to use mail.main.unkin.net Reviewed-on: #425
This commit was merged in pull request #425.
This commit is contained in:
@@ -29,6 +29,7 @@ class stalwart::config {
|
||||
content => epp('stalwart/config.toml.epp', {
|
||||
'cluster_size' => $stalwart::cluster_size,
|
||||
'other_cluster_members' => $stalwart::other_cluster_members,
|
||||
'haproxy_ips' => $stalwart::haproxy_ips,
|
||||
'effective_node_id' => $stalwart::effective_node_id,
|
||||
'bind_address' => $stalwart::bind_address,
|
||||
'advertise_address' => $stalwart::advertise_address,
|
||||
@@ -49,10 +50,12 @@ class stalwart::config {
|
||||
'enable_imap' => $stalwart::enable_imap,
|
||||
'enable_imap_tls' => $stalwart::enable_imap_tls,
|
||||
'enable_http' => $stalwart::enable_http,
|
||||
'enable_smtp_submission' => $stalwart::enable_smtp_submission,
|
||||
'data_dir' => $stalwart::data_dir,
|
||||
'tls_cert' => $stalwart::tls_cert,
|
||||
'tls_key' => $stalwart::tls_key,
|
||||
'log_level' => $stalwart::log_level,
|
||||
'service_hostname' => $stalwart::service_hostname,
|
||||
'fallback_admin_user' => $stalwart::fallback_admin_user,
|
||||
'fallback_admin_password' => $stalwart::fallback_admin_password,
|
||||
'webadmin_unpack_path' => $stalwart::webadmin_unpack_path,
|
||||
|
||||
@@ -86,6 +86,15 @@
|
||||
# @param enable_smtp_relay
|
||||
# Enable SMTP for postfix relay communication
|
||||
#
|
||||
# @param enable_smtp_submission
|
||||
# Enable SMTP submission listener on port 587
|
||||
#
|
||||
# @param haproxy_role
|
||||
# Role name for HAProxy nodes to include in proxy trusted networks
|
||||
#
|
||||
# @param service_hostname
|
||||
# Service hostname used for autoconfig/autodiscover and SMTP greeting
|
||||
#
|
||||
# @param package_ensure
|
||||
# Package version to install
|
||||
#
|
||||
@@ -133,6 +142,9 @@ class stalwart (
|
||||
Boolean $enable_imap_tls = true,
|
||||
Boolean $enable_http = true,
|
||||
Boolean $enable_smtp_relay = true,
|
||||
Boolean $enable_smtp_submission = true,
|
||||
String $haproxy_role = 'roles::infra::halb::haproxy2',
|
||||
Stdlib::Fqdn $service_hostname = $facts['networking']['fqdn'],
|
||||
String $package_ensure = 'present',
|
||||
Stdlib::Absolutepath $config_dir = '/opt/stalwart/etc',
|
||||
Stdlib::Absolutepath $data_dir = '/var/lib/stalwart',
|
||||
@@ -166,6 +178,14 @@ class stalwart (
|
||||
$other_cluster_members = $sorted_cluster_members.filter |$member| { $member != $my_fqdn }
|
||||
$cluster_size = length($sorted_cluster_members)
|
||||
|
||||
# Query HAProxy nodes for proxy trusted networks
|
||||
$haproxy_query = "enc_role='${haproxy_role}' and country='${facts['country']}' and region='${facts['region']}'"
|
||||
$haproxy_members_raw = query_nodes($haproxy_query, 'networking.ip')
|
||||
$haproxy_ips = $haproxy_members_raw ? {
|
||||
undef => [],
|
||||
default => sort($haproxy_members_raw),
|
||||
}
|
||||
|
||||
# Extract last 4 digits from hostname (e.g., ausyd1nxvm1234 -> 1234)
|
||||
if $hostname =~ /^.*(\d{4})$/ {
|
||||
$hostname_digits = $1
|
||||
|
||||
Reference in New Issue
Block a user