refactor: recreate profiles::postfix::gateway with parameterization and templates
Build / precommit (pull_request) Successful in 5m18s
Build / precommit (pull_request) Successful in 5m18s
- refactor profiles::postfix::gateway as parameterized class - move base postfix parameters, transports, and virtuals to hiera for flexibility - convert SMTP restrictions to arrays for better readability using join() - add postscreen enable/disable boolean with conditional master.cf configuration - add per-domain TLS policy maps (smtp_tls_policy_maps) - convert alias_maps to array parameter for flexibility - convert all postfix map files to ERB templates with parameter hashes - add map parameters: sender_canonical_maps, sender_access_maps, relay_recipients_maps, relay_domains_maps, recipient_canonical_maps, recipient_access_maps, postscreen_access_maps, helo_access_maps - move default map data to hiera while keeping parameters as empty hashes by default This approach balances flexibility with data-driven configuration, allowing easy customization through parameters while keeping transport/virtual maps and default map data in hiera for role-specific overrides.
This commit is contained in:
@@ -0,0 +1,11 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Controls access based on HELO/EHLO hostnames to block spam patterns
|
||||
# HELO/EHLO access controls
|
||||
# Format: pattern action
|
||||
# Example: .dynamic.example.com REJECT
|
||||
# Example: localhost REJECT You are not localhost
|
||||
|
||||
<% @helo_access_maps.each do |pattern, action| -%>
|
||||
<%= pattern %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Controls which IP addresses/networks are allowed through postscreen
|
||||
# Postscreen access controls (CIDR format)
|
||||
# Format: network/mask action
|
||||
# Example: 192.168.1.0/24 permit
|
||||
|
||||
<% @postscreen_access_maps.each do |network, action| -%>
|
||||
<%= network %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,11 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Controls access based on recipient email addresses or domains
|
||||
# Recipient access controls
|
||||
# Format: recipient_pattern action
|
||||
# Example: @example.com OK
|
||||
# Example: admin@foo.net REJECT
|
||||
|
||||
<% @recipient_access_maps.each do |recipient, action| -%>
|
||||
<%= recipient %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Rewrites recipient addresses before delivery (address normalization)
|
||||
# Recipient canonical address mapping
|
||||
# Format: original_address canonical_address
|
||||
# Example: user@olddomain.com user@example.com
|
||||
|
||||
<% @recipient_canonical_maps.each do |original, canonical| -%>
|
||||
<%= original %> <%= canonical %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Defines which domains are allowed for mail relaying
|
||||
# Relay domains control
|
||||
# Format: domain action
|
||||
# Example: example.com OK
|
||||
|
||||
<% @relay_domains_maps.each do |domain, action| -%>
|
||||
<%= domain %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Defines which recipient addresses are allowed for mail relaying
|
||||
# Relay recipients control
|
||||
# Format: recipient_pattern action
|
||||
# Example: @example.com OK
|
||||
|
||||
<% @relay_recipients_maps.each do |recipient, action| -%>
|
||||
<%= recipient %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,11 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Controls access based on sender email addresses or domains
|
||||
# Sender access controls
|
||||
# Format: sender_pattern action
|
||||
# Example: spammer@foo.net REJECT
|
||||
# Example: @badspammer.com REJECT
|
||||
|
||||
<% @sender_access_maps.each do |sender, action| -%>
|
||||
<%= sender %> <%= action %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,10 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Rewrites sender addresses before sending (address masquerading)
|
||||
# Sender canonical address mapping
|
||||
# Format: original_address canonical_address
|
||||
# Example: user@internal.local user@example.com
|
||||
|
||||
<% @sender_canonical_maps.each do |original, canonical| -%>
|
||||
<%= original %> <%= canonical %>
|
||||
<% end -%>
|
||||
@@ -0,0 +1,11 @@
|
||||
# FILE MANAGED BY PUPPET, CHANGES WILL BE REPLACED
|
||||
#
|
||||
# Enforces TLS security policies for outbound mail per destination domain
|
||||
# SMTP TLS policy map for outbound connections
|
||||
# Format: destination policy
|
||||
# Example: gmail.com encrypt
|
||||
# Example: secure-bank.example.com secure
|
||||
|
||||
<% @smtp_tls_policy_maps.each do |destination, policy| -%>
|
||||
<%= destination %> <%= policy %>
|
||||
<% end -%>
|
||||
Reference in New Issue
Block a user