Merge pull request #63 from saltstack-formulas/configurable-master-config

Configurable master_config.cf
This commit is contained in:
Niels Abspoel 2017-12-30 22:46:19 +01:00 committed by GitHub
commit 16f73256b2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 162 additions and 75 deletions

View file

@ -1,7 +1,20 @@
postfix:
manage_master_config: True
master_config:
enable_dovecot: False
# The following are the default values:
dovecot:
user: vmail
group: vmail
flags: DRhu
argv: "/usr/lib/dovecot/deliver -d ${recipient}"
enable_submission: False
# To replace the defaults use this:
submission:
smtpd_tls_security_level: encrypt
smtpd_sasl_auth_enable: yes
smtpd_client_restrictions: permit_sasl_authenticated,reject
enable_service: True
@ -36,6 +49,9 @@ postfix:
# Alias
alias_maps: hash:/etc/aliases
# This is the list of files for the newaliases
# cmd to process (see postconf(5) for details).
# Only local hash/btree/dbm files:
alias_database: hash:/etc/aliases
# Virtual users

View file

@ -1,3 +0,0 @@
# Managed by config management
# See man 5 aliases for format
{{pillar['postfix']['aliases']['content']}}

View file

@ -1,19 +1,20 @@
{% from "postfix/map.jinja" import postfix with context %}
include:
- postfix
/etc/postfix:
{{ postfix.config_path }}:
file.directory:
- user: root
- group: root
- group: {{ postfix.root_grp }}
- dir_mode: 755
- file_mode: 644
- makedirs: True
/etc/postfix/main.cf:
{{ postfix.config_path }}/main.cf:
file.managed:
- source: salt://postfix/files/main.cf
- user: root
- group: root
- group: {{ postfix.root_grp }}
- mode: 644
- require:
- pkg: postfix
@ -22,7 +23,7 @@ include:
- template: jinja
{% if 'vmail' in pillar.get('postfix', '') %}
/etc/postfix/virtual_alias_maps.cf:
{{ postfix.config_path }}/virtual_alias_maps.cf:
file.managed:
- source: salt://postfix/files/virtual_alias_maps.cf
- user: root
@ -34,7 +35,7 @@ include:
- service: postfix
- template: jinja
/etc/postfix/virtual_mailbox_domains.cf:
{{ postfix.config_path }}/virtual_mailbox_domains.cf:
file.managed:
- source: salt://postfix/files/virtual_mailbox_domains.cf
- user: root
@ -46,7 +47,7 @@ include:
- service: postfix
- template: jinja
/etc/postfix/virtual_mailbox_maps.cf:
{{ postfix.config_path }}/virtual_mailbox_maps.cf:
file.managed:
- source: salt://postfix/files/virtual_mailbox_maps.cf
- user: root
@ -60,11 +61,11 @@ include:
{% endif %}
{% if salt['pillar.get']('postfix:manage_master_config', True) %}
/etc/postfix/master.cf:
{{ postfix.config_path }}/master.cf:
file.managed:
- source: salt://postfix/files/master.cf
- user: root
- group: root
- group: {{ postfix.root_grp }}
- mode: 644
- require:
- pkg: postfix
@ -74,11 +75,11 @@ include:
{% endif %}
{% if 'transport' in pillar.get('postfix', '') %}
/etc/postfix/transport:
{{ postfix.config_path }}/transport:
file.managed:
- source: salt://postfix/files/transport
- user: root
- group: root
- group: {{ postfix.root_grp }}
- mode: 644
- require:
- pkg: postfix
@ -88,10 +89,10 @@ include:
run-postmap:
cmd.wait:
- name: /usr/sbin/postmap /etc/postfix/transport
- name: {{ postfix.xbin_prefix }}/sbin/postmap {{ postfix.config_path }}/transport
- cwd: /
- watch:
- file: /etc/postfix/transport
- file: {{ postfix.config_path }}/transport
{% endif %}
{%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
@ -99,7 +100,7 @@ run-postmap:
postfix_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.crt
- name: {{ postfix.config_path }}/ssl/{{ domain }}.crt
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:public_cert
- watch_in:
@ -107,7 +108,7 @@ postfix_{{ domain }}_ssl_certificate:
postfix_{{ domain }}_ssl_key:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.key
- name: {{ postfix.config_path }}/ssl/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:private_key

13
postfix/defaults.yaml Normal file
View file

@ -0,0 +1,13 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
postfix:
aliases_file: /etc/aliases
config_path: /etc/postfix
package: postfix
postsrsd_pkg: postsrsd
postgrey_pkg: postgrey
root_grp: root
service: postfix
xbin_prefix: /usr
dovecot_deliver: /usr/lib/dovecot/deliver

View file

@ -1,6 +1,18 @@
{%- from "postfix/map.jinja" import postfix with context -%}
{%- set config = salt['pillar.get']('postfix:config', {}) -%}
{% set processed_parameters = ['aliases_file', 'virtual', 'sasl_passwd', 'sender_canonical'] %}
{%- if not salt['pillar.get']('postfix:mapping', False) %}
{#- Let the user configure mapping manually. -#}
{%- set processed_parameters = [] %}
{%- else -%}
{#- TODO: alias_maps probably belongs here, too: #}
{%- set processed_parameters = [
'virtual_alias_maps',
'smtp_sasl_password_maps',
'sender_canonical_maps',
] %}
{%- endif -%}
{%- macro set_parameter(parameter, default=None) -%}
{% set value = config.get(parameter, default) %}
{%- if value is not none %}
@ -12,6 +24,7 @@
{%- do processed_parameters.append(parameter) %}
{%- endif %}
{%- endmacro -%}
# Managed by config management
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
@ -69,6 +82,7 @@
{%- endif %}
{{ set_parameter('myhostname', grains['fqdn']) }}
{#- TODO: The following two may not be the same: #}
{{ set_parameter('alias_maps', 'hash:' ~ postfix.aliases_file) }}
{{ set_parameter('alias_database', 'hash:' ~ postfix.aliases_file) }}
{{ set_parameter('mydestination', [grains['fqdn'], 'localhost', 'localhost.localdomain', grains['domain']]) }}
@ -97,17 +111,22 @@ policy-spf_time_limit = {{ policyd_spf.get('time_limit', '3600s') }}
{%- endif %}
{{ set_parameter('smtpd_recipient_restrictions', recipient_restrictions) }}
{% if 'virtual' in pillar.get('postfix','') %}
virtual_alias_maps = hash:/etc/postfix/virtual
{% endif %}
{# From init.sls #}
{%- set default_database_type = salt['pillar.get']('postfix:config:default_database_type', 'hash') %}
{% if 'sasl_passwd' in pillar.get('postfix','') %}
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
{% endif %}
{%- for mapping, data in salt['pillar.get']('postfix:mapping', {}).items() %}
{%- set file_path = salt['pillar.get']('postfix:config:' ~ mapping) %}
{%- if ':' in file_path %}
{%- set file_type, file_path = file_path.split(':') %}
{%- else %}
{%- set file_type = default_database_type %}
{%- endif %}
{%- if not file_path.startswith('/') %}
{%- set file_path = postfix.config_path ~ '/' ~ file_path %}
{%- endif %}
{% if 'sender_canonical' in pillar.get('postfix','') %}
sender_canonical_maps = hash:/etc/postfix/sender_canonical
{% endif %}
{{ mapping }} = {{ file_type }}:{{ file_path }}
{% endfor %}
{# Accept arbitrary parameters -#}
{% for parameter in config -%}

View file

@ -1,11 +1,16 @@
# Managed by config management
{#- Some files (mainly the aliases one) require key and values
to be separated with a colon. For this `colon: True` should
be passed to the template #}
{%- if colon is not defined %}
{%- set colon = False %}
{%- endif %}
{%- macro format_value(key, value) %}
{#- Some settings, like virtual_alias_maps can take multiple values. Handle this case. -#}
{%- if value is iterable and value is not string -%}
{{ key }} {{ value|join(", ") }}
{{ key }}{% if colon %}:{% endif %} {{ value|join(", ") }}
{%- else -%}
{{ key }} {{ value }}
{{ key }}{% if colon %}:{% endif %} {{ value }}
{%- endif -%}
{%- endmacro %}

View file

@ -1,4 +1,15 @@
{%- from "postfix/map.jinja" import postfix with context -%}
{%- macro set_option(parameter, value) -%}
{%- if value is number or value is string -%}
-o {{ parameter }}={{ value }}
{%- elif value is iterable -%}
-o {{ parameter }}={{ value | join(', ')}}
{%- endif -%}
{%- endmacro -%}
{% set master_config = salt['pillar.get']('postfix:master_config', {}) -%}
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
@ -15,11 +26,17 @@ smtp inet n - n - - smtpd
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
{% if master_config.get('enable_submission', False) %}
{%- if master_config.get('enable_submission', False) %}
submission inet n - n - - smtpd
{%- if master_config.get('submission', False) -%}
{% for parameter, value in master_config.get('submission', {}).items() %}
{{ set_option(parameter, value) }}
{%- endfor -%}
{% else %}
# -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
{% endif %}
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
@ -27,7 +44,7 @@ submission inet n - n - - smtpd
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
{% endif %}
{% endif -%}
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
@ -131,7 +148,12 @@ scache unix - - n - 1 scache
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
{% if salt['pillar.get']('postfix:policyd-spf:enabled', False) %}
{%- if salt['pillar.get']('postfix:policyd-spf:enabled', False) %}
policy-spf unix - n n - - spawn
user=nobody argv=/usr/bin/policyd-spf
user=nobody argv={{ xbin_prefix }}/bin/policyd-spf
{%- endif %}
{%- if master_config.get('enable_dovecot', False) -%}
{%- set dovecot = master_config.get('dovecot', {} )%}
dovecot unix - n n - - pipe
flags={{ dovecot.get('flags', 'DRhu') }} user={{ dovecot.get('user', 'vmail') }}:{{ dovecot.get('group', 'vmail') }} argv={{ dovecot.get('argv', postfix.dovecot_deliver) ~ ' -d ${recipient}' }}
{% endif -%}

View file

@ -31,11 +31,18 @@ postfix:
postfix_alias_database:
file.managed:
- name: {{ file_path }}
- source: salt://postfix/aliases
{% if salt['pillar.get']('postfix:aliases:content', None) is string %}
- contents_pillar: postfix:aliases:content
{% else %}
- source: salt://postfix/files/mapping.j2
{% endif %}
- user: root
- group: root
- group: {{ postfix.root_grp }}
- mode: 644
- template: jinja
- context:
data: {{ salt['pillar.get']('postfix:aliases:present') }}
colon: True
- require:
- pkg: postfix
{%- if need_newaliases %}
@ -69,6 +76,9 @@ postfix_alias_absent_{{ user }}:
{%- else %}
{%- set file_type = default_database_type %}
{%- endif %}
{%- if not file_path.startswith('/') %}
{%- set file_path = postfix.config_path ~ '/' ~ file_path %}
{%- endif %}
{%- if file_type in ("btree", "cdb", "dbm", "hash", "sdbm") %}
{%- set need_postmap = True %}
{%- endif %}
@ -77,7 +87,7 @@ postfix_{{ mapping }}:
- name: {{ file_path }}
- source: salt://postfix/files/mapping.j2
- user: root
- group: root
- group: {{ postfix.root_grp }}
{%- if mapping.endswith('_sasl_password_maps') %}
- mode: 600
{%- else %}
@ -90,7 +100,7 @@ postfix_{{ mapping }}:
- pkg: postfix
{%- if need_postmap %}
cmd.wait:
- name: /usr/sbin/postmap {{ file_path }}
- name: {{ postfix.xbin_prefix }}/sbin/postmap {{ file_path }}
- cwd: /
- watch:
- file: {{ file_path }}

View file

@ -1,36 +1,15 @@
{% set postfix = salt['grains.filter_by']({
'Debian': {
'package': 'postfix',
'policyd_spf_pkg': 'postfix-policyd-spf-python',
'postsrsd_pkg': 'postsrsd',
'postgrey_pkg': 'postgrey',
'pcre_pkg': 'postfix-pcre',
'mysql_pkg': 'postfix-mysql',
'service': 'postfix',
'aliases_file': '/etc/aliases',
},
'Gentoo': {
'package': 'mail-mta/postfix',
'policyd_spf_pkg': 'mail-filter/pypolicyd-spf',
'postsrsd_pkg': 'mail-filter/postsrsd',
'postgrey_pkg': 'mail-filter/postgrey',
'service': 'postfix',
'aliases_file': '/etc/mail/aliases',
},
'RedHat': {
'package': 'postfix',
'policyd_spf_pkg': 'pypolicyd-spf',
'postsrsd_pkg': 'postsrsd',
'postgrey_pkg': 'postgrey',
'service': 'postfix',
'aliases_file': '/etc/aliases',
},
'Arch' : {
'package': 'postfix',
'policyd_spf_pkg': 'python-postfix-policyd-spf',
'postsrsd_pkg': 'postsrsd',
'postgrey_pkg': 'postgrey',
'service': 'postfix',
'aliases_file': '/etc/aliases',
},
}, merge=salt['pillar.get']('postfix:lookup')) %}
# -*- coding: utf-8 -*-
# vim: ft=jinja
{% import_yaml "postfix/defaults.yaml" as defaults %}
{% import_yaml "postfix/osmap.yaml" as osmap %}
{% set postfix = salt['grains.filter_by'](
defaults,
merge=salt['grains.filter_by'](
osmap,
grain='os',
merge=salt['pillar.get']('postfix:lookup', {}),
),
base='postfix')
%}

25
postfix/osmap.yaml Normal file
View file

@ -0,0 +1,25 @@
Arch:
policyd_spf_pkg: python-postfix-policyd-spf
Debian:
policyd_spf_pkg: postfix-policyd-spf-python
pcre_pkg: postfix-pcre
mysql_pkg: postfix-mysql
FreeBSD:
policyd_spf_pkg: py27-postfix-policyd-spf-python
aliases_file: /etc/mail/aliases
xbin_prefix: /usr/local
config_path: /usr/local/etc/postfix
root_grp: wheel
dovecot_deliver: /usr/local/libexec/dovecot/deliver
Gentoo:
package: mail-mta/postfix
policyd_spf_pkg: mail-filter/pypolicyd-spf
postsrsd_pkg: mail-filter/postsrsd
postgrey_pkg: mail-filter/postgrey
aliases_file: /etc/mail/aliases
RedHat:
policyd_spf_pkg: pypolicyd-spf