unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
f18f8b8284
puppet-prod/hieradata/roles/infra/mail/backend.yaml
Ben Vincent f18f8b8284 feat: implement dovecot backend server with postfix virtual mailbox integration 
- create profiles::dovecot::backend class for IMAPS server configuration
- add virtual mailbox support to profiles::postfix::gateway with enable_dovecot parameter
- restructure common hieradata elements into mail.yaml
- add virtual mailbox and alias map templates with ERB generation
- add comprehensive type validation using Stdlib::Email, Stdlib::Fqdn, Stdlib::IP types
- configure vmail user (UID/GID 5000) with shared storage on /shared/apps/maildata
- update roles::infra::mail::backend to include both dovecot and postfix profiles
2025-11-01 19:06:35 +11:00

50 lines
1.5 KiB
YAML
Raw Blame History

---
# Backend-specific configuration
# additional altnames
profiles::pki::vault::alt_names:
- mail.main.unkin.net
# backend-specific postfix configuration
postfix::mydestination: 'localhost'
postfix::mynetworks: '127.0.0.0/8 [::1]/128 10.10.12.0/24'
postfix::smtp_listen: ['0.0.0.0', '::']
# disable postscreen (backend doesn't need it)
profiles::postfix::gateway::enable_postscreen: false
profiles::postfix::gateway::myhostname: 'mail.main.unkin.net'
# enable dovecot integration
profiles::postfix::gateway::enable_dovecot: true
profiles::postfix::gateway::virtual_mailbox_domains:
- 'main.unkin.net'
profiles::postfix::gateway::virtual_mailbox_base: '/shared/apps/maildata'
# use built-in dovecot LDA support
postfix::use_dovecot_lda: true
postfix::mail_user: 'vmail:vmail'
# virtual maps using gateway profile parameters
profiles::postfix::gateway::virtual_mailbox_maps:
'ben@main.unkin.net': 'main.unkin.net/ben/'
'root@main.unkin.net': 'main.unkin.net/ben/'
'postmaster@main.unkin.net': 'main.unkin.net/ben/'
'abuse@main.unkin.net': 'main.unkin.net/ben/'
profiles::postfix::gateway::virtual_alias_maps: {}
# simplified restrictions for backend (no RBL checks)
profiles::postfix::gateway::smtpd_client_restrictions:
- 'permit_mynetworks'
- 'reject_unauth_destination'
profiles::postfix::gateway::smtpd_sender_restrictions:
- 'permit_mynetworks'
- 'reject_non_fqdn_sender'
profiles::postfix::gateway::smtpd_recipient_restrictions:
- 'permit_mynetworks'
- 'reject_non_fqdn_recipient'
- 'reject_unauth_destination'
Reference in New Issue View Git Blame Copy Permalink