Linux-Help/formula-postfix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Allow certs and keys to be specified in the pillar

Browse source
This commit is contained in:
Imran Haider 2015-06-20 16:49:09 -04:00 committed by Gilles Dartiguelongue
parent f488c404eb
commit 06ae3b5315
2 changed files with 114 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
pillar.example
View file

@ -27,20 +27,9 @@ postfix:
config: config:
smtpd_banner: $myhostname ESMTP $mail_name smtpd_banner: $myhostname ESMTP $mail_name
biff: 'no' biff: 'no'
append_dot_mydomain: 'no' append_dot_mydomain: 'no'
readme_directory: 'no' readme_directory: 'no'
smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls: 'yes'
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
myhostname: localhost myhostname: localhost
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
mydestination: localhost, localhost.localdomain mydestination: localhost, localhost.localdomain
relayhost: relayhost:
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
@ -48,3 +37,82 @@ postfix:
recipient_delimiter: + recipient_delimiter: +
inet_interfaces: all inet_interfaces: all
# Alias
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
# SMTP server
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtpd_use_tls: 'yes'
# SMTP server certificate and key (already installed)
smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
# SMTP server certificate and key (from pillar data)
smtpd_tls_cert_file: /etc/ssl/private/postfix-server.crt
smtpd_tls_key_file: /etc/ssl/private/postfix-server.key
# SMTP client
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
smtp_use_tls: 'yes'
smtp_tls_cert_file: /etc/ssl/private/postfix-client.crt
smtp_tls_key_file: /etc/ssl/private/postfix-client.key
ssl_certs:
server: |
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
client: |
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END CERTIFICATE-----
ssl_keys:
server: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END RSA PRIVATE KEY-----
client: |
-----BEGIN RSA PRIVATE KEY-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----END RSA PRIVATE KEY-----

35
postfix/config.sls
View file

@ -33,3 +33,38 @@ include:
- service: postfix - service: postfix
- template: jinja - template: jinja
{% endif %} {% endif %}
{% set ssl_certs = salt['pillar.get']('postfix:ssl_certs', {}) -%}
{% for name in ssl_certs %}
/etc/ssl/private/postfix-{{ name }}.crt:
file.managed:
- contents: |
{{ ssl_certs[name] | indent(8) }}
- user: nobody
- group: nobody
- mode: 444
- backup: minion
- watch_in:
- service: postfix
- require:
- pkg: postfix
{% endfor %}
{% set ssl_keys = salt['pillar.get']('postfix:ssl_keys', {}) -%}
{% for name in ssl_keys %}
/etc/ssl/private/postfix-{{ name }}.key:
file.managed:
- contents: |
{{ ssl_keys[name] | indent(8) }}
- user: nobody
- group: nobody
- mode: 400
- backup: minion
- watch_in:
- service: postfix
- require:
- pkg: postfix
{% endfor %}