Linux-Help/formula-postfix
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #26 from EvaSDK/keys-in-pillar

Browse source 
Manage certificates from pillars
This commit is contained in:
puneet kandhari 2015-09-03 06:07:17 -05:00
commit 31879915e2
2 changed files with 65 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
pillar.example
View file

@ -27,20 +27,9 @@ postfix:
config: config:
smtpd_banner: $myhostname ESMTP $mail_name smtpd_banner: $myhostname ESMTP $mail_name
biff: 'no' biff: 'no'
append_dot_mydomain: 'no' append_dot_mydomain: 'no'
readme_directory: 'no' readme_directory: 'no'
smtpd_tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls: 'yes'
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
myhostname: localhost myhostname: localhost
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
mydestination: localhost, localhost.localdomain mydestination: localhost, localhost.localdomain
relayhost: relayhost:
mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mynetworks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
@ -48,3 +37,47 @@ postfix:
recipient_delimiter: + recipient_delimiter: +
inet_interfaces: all inet_interfaces: all
# Alias
alias_maps: hash:/etc/aliases
alias_database: hash:/etc/aliases
# SMTP server
smtpd_tls_session_cache_database: btree:${data_directory}/smtpd_scache
smtpd_use_tls: 'yes'
# SMTP server certificate and key (from pillar data)
smtpd_tls_cert_file: /etc/postfix/ssl/server-cert.crt
smtpd_tls_key_file: /etc/postfix/ssl/server-cert.key
# SMTP client
smtp_tls_session_cache_database: btree:${data_directory}/smtp_scache
smtp_use_tls: 'yes'
smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
certificates:
server-cert:
public_cert: |
-----BEGIN CERTIFICATE-----
(Your primary SSL certificate: smtp.example.com.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your intermediate certificate: example-ca.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your root certificate: trusted-root.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private key)
-----END RSA PRIVATE KEY-----
example.com-relay-client-cert:
public_cert: |
-----BEGIN CERTIFICATE-----
(Your primary SSL certificate: smtp.example.com.crt)
-----END CERTIFICATE-----
private_key: |
-----BEGIN RSA PRIVATE KEY-----
(Your Private key)
-----END RSA PRIVATE KEY-----

21
postfix/config.sls
View file

@ -33,3 +33,24 @@ include:
- service: postfix - service: postfix
- template: jinja - template: jinja
{% endif %} {% endif %}
{%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}
postfix_{{ domain }}_ssl_certificate:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.crt
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:public_cert
- watch_in:
- service: postfix
postfix_{{ domain }}_ssl_key:
file.managed:
- name: /etc/postfix/ssl/{{ domain }}.key
- mode: 600
- makedirs: True
- contents_pillar: postfix:certificates:{{ domain }}:private_key
- watch_in:
- service: postfix
{% endfor %}