---
# additional altnames
profiles::pki::vault::alt_names:
  - mail.main.unkin.net

# manage dovecot
dovecot::install::packages:
  - dovecot
  - dovecot-pgsql
profiles::dovecot::server::maildir_path: "%{hiera('profiles::postfix::gateway::virtual_mailbox_base')}"
#dovecot::config:
#  ssl.conf:
#    values:
#      ssl: 'required'
#      ssl_cert: '/etc/pki/tls/vault/certificate.pem'
#      ssl_key: '/etc/pki/tls/vault/certificate.pem'
#      ssl_ca: '/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem'
#      ssl_protocols: '!SSLv2 !SSLv3'
#      ssl_cipher_list: 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'
#      ssl_prefer_server_ciphers: 'yes'
#      ssl_dh_parameters_length: '2048'
#  auth.conf:
#    values:
#      auth_mechanisms: 'plain login'
#      auth_username_format: '%Lu'
#      auth_default_realm: 'main.unkin.net'
#  auth-vmail.conf:
#    values:
#      passdb: |
#        {
#          driver = pam
#        }
#      userdb: |
#        {
#          driver = passwd
#          override_fields = uid=vmail gid=vmail home=/shared/apps/maildata/%u
#        }
#  mail.conf:
#    values:
#      mail_plugins: '$mail_plugins'
#      namespace inbox: |
#        {
#          inbox = yes
#          location =
#          mailbox Drafts {
#            special_use = \Drafts
#          }
#          mailbox Junk {
#            special_use = \Junk
#          }
#          mailbox Sent {
#            special_use = \Sent
#          }
#          mailbox "Sent Messages" {
#            special_use = \Sent
#          }
#          mailbox Trash {
#            special_use = \Trash
#          }
#        }
#    sections:
#      - name: 'namespace inbox'
#        values:
#          'inbox': 'yes'
#          'seperator': '.'
#          'prefix': 'INBOX'
#  logging.conf:
#    values:
#      log_path: 'syslog'
#      syslog_facility: 'mail'
#      auth_verbose: 'yes'
#      auth_debug: 'no'
#      mail_debug: 'no'

# backend-specific postfix configuration
postfix::mydestination: 'localhost'
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
postfix::smtp_listen: ['0.0.0.0', '::']
postfix::use_dovecot_lda: true        # use built-in dovecot LDA support
postfix::mail_user: 'vmail:vmail'
profiles::postfix::gateway::enable_postscreen: false  # disable postscreen (backend doesn't need it)
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'
profiles::postfix::gateway::enable_dovecot: true    # enable dovecot integration
profiles::postfix::gateway::virtual_mailbox_domains:
  - 'main.unkin.net'
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'

profiles::postfix::gateway::virtual_mailbox_maps:
  'ben@main.unkin.net': 'main.unkin.net/ben/'
  'root@main.unkin.net': 'main.unkin.net/ben/'
  'postmaster@main.unkin.net': 'main.unkin.net/ben/'
  'abuse@main.unkin.net': 'main.unkin.net/ben/'

profiles::postfix::gateway::smtpd_client_restrictions:
  - 'permit_mynetworks'
  - 'reject_unauth_destination'
profiles::postfix::gateway::smtpd_sender_restrictions:
  - 'permit_mynetworks'
  - 'reject_non_fqdn_sender'
profiles::postfix::gateway::smtpd_recipient_restrictions:
  - 'permit_mynetworks'
  - 'reject_non_fqdn_recipient'
  - 'reject_unauth_destination'