unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
f78a54c3a5
puppet-prod/hieradata/roles/infra/mail/gateway.yaml
Ben Vincent f78a54c3a5
All checks were successful
Build / precommit (pull_request) Successful in 5m18s
Details
refactor: recreate profiles::postfix::gateway with parameterization and templates 
- refactor profiles::postfix::gateway as parameterized class
- move base postfix parameters, transports, and virtuals to hiera for flexibility
- convert SMTP restrictions to arrays for better readability using join()
- add postscreen enable/disable boolean with conditional master.cf configuration
- add per-domain TLS policy maps (smtp_tls_policy_maps)
- convert alias_maps to array parameter for flexibility
- convert all postfix map files to ERB templates with parameter hashes
- add map parameters: sender_canonical_maps, sender_access_maps, relay_recipients_maps,
  relay_domains_maps, recipient_canonical_maps, recipient_access_maps, postscreen_access_maps, helo_access_maps
- move default map data to hiera while keeping parameters as empty hashes by default

This approach balances flexibility with data-driven configuration, allowing
easy customization through parameters while keeping transport/virtual maps
and default map data in hiera for role-specific overrides.
2025-11-01 17:16:00 +11:00

53 lines
1.3 KiB
YAML
Raw Blame History

---
# additional altnames
profiles::pki::vault::alt_names:
- in-mta.main.unkin.net
# base postfix configuration (passed to postfix class)
postfix::relayhost: 'direct'
postfix::myorigin: 'main.unkin.net'
postfix::mydestination: 'blank'
postfix::mynetworks: '127.0.0.0/8 [::1]/128'
postfix::mta: true
postfix::manage_aliases: true
# profile parameters for customization
profiles::postfix::gateway::myhostname: 'in-mta.main.unkin.net'
# postfix map content (templates)
profiles::postfix::gateway::relay_recipients_maps:
'@main.unkin.net': 'OK'
profiles::postfix::gateway::relay_domains_maps:
'main.unkin.net': 'OK'
profiles::postfix::gateway::postscreen_access_maps:
'127.0.0.1/32': 'permit'
'10.10.12.200/32': 'permit'
profiles::postfix::gateway::helo_access_maps:
'.dynamic.': 'REJECT'
'.dialup.': 'REJECT'
'unknown': 'REJECT'
'localhost': 'REJECT You are not localhost'
# postfix transports
postfix::transports:
'main.unkin.net':
ensure: present
destination: 'relay'
nexthop: 'ausyd1nxvm2120.main.unkin.net:25'
# postfix virtuals
postfix::virtuals:
'root':
ensure: present
destination: 'ben@main.unkin.net'
'postmaster':
ensure: present
destination: 'ben@main.unkin.net'
'abuse':
ensure: present
destination: 'ben@main.unkin.net'
Reference in New Issue View Git Blame Copy Permalink