diff --git a/pillar.example b/pillar.example index cd33d3e..4d12ba1 100644 --- a/pillar.example +++ b/pillar.example @@ -5,22 +5,6 @@ postfix: enable_service: True - virtual: - groupaliasexample: - - someuser_1@example.com - - someuser_2@example.com - singlealiasexample: 'someuser_3@example.com' - - relay_domains: - example.com: 'OK' - - sasl_passwd: - smtp.example.com: 'somepassword' - - sender_canonical: - root: 'servers@example.com' - nagios: 'alerts@example.com' - postgrey: enabled: True enable_service: True @@ -62,6 +46,14 @@ postfix: smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key + smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd + + sender_canonical_maps: hash:/etc/postfix/sender_canonical + + relay_recipient_maps: hash:/etc/postfix/relay_domains + + virtual_alias_maps: hash:/etc/postfix/virtual + certificates: server-cert: public_cert: | @@ -88,3 +80,20 @@ postfix: -----BEGIN RSA PRIVATE KEY----- (Your Private key) -----END RSA PRIVATE KEY----- + + mapping: + smtp_sasl_password_maps: + - smtp.example.com: myaccount:somepassword + + sender_canonical_maps: + - root: servers@example.com + - nagios: alerts@example.com + + relay_recipient_maps: + - example.com: OK + + virtual_alias_maps: + - groupaliasexample: + - someuser_1@example.com + - someuser_2@example.com + - singlealiasexample: someuser_3@example.com diff --git a/postfix/files/mapping.j2 b/postfix/files/mapping.j2 new file mode 100644 index 0000000..e403ac3 --- /dev/null +++ b/postfix/files/mapping.j2 @@ -0,0 +1,19 @@ +# Managed by config management + +{% if data is mapping -%} + {% for key, value in data.iteritems() -%} + {# Some settings, like virtual_alias_maps can take multiple values. Handle this case. -#} + {% if value is iterable and value is not string -%} + {% for item in value -%} +{{ key }} {{ item }} + {% endfor -%} + {% else -%} +{{ key }} {{ value }} + {% endif -%} + {% endfor -%} +{% else -%} + {# Some settings need order, handle OrderedDict -#} + {% for item in data -%} +{{ item.keys()[0] }} {{ item.values()[0] }} +{% endfor -%} +{% endif -%} diff --git a/postfix/init.sls b/postfix/init.sls index 494496e..fb0483c 100644 --- a/postfix/init.sls +++ b/postfix/init.sls @@ -12,25 +12,6 @@ postfix: - watch: - pkg: postfix -{%- macro postmap_file(filename, mode=644) %} -{%- set file_path = '/etc/postfix/' ~ filename %} -postmap_{{ filename }}: - file.managed: - - name: {{ file_path }} - - source: salt://postfix/{{ filename }} - - user: root - - group: root - - mode: {{ mode }} - - template: jinja - - require: - - pkg: postfix - cmd.wait: - - name: /usr/sbin/postmap {{ file_path }} - - cwd: / - - watch: - - file: {{ file_path }} -{%- endmacro %} - # manage /etc/aliases if data found in pillar {% if 'aliases' in pillar.get('postfix', '') %} {{ postfix.aliases_file }}: @@ -51,22 +32,37 @@ run-newaliases: - file: {{ postfix.aliases_file }} {% endif %} -# manage /etc/postfix/virtual if data found in pillar -{% if 'virtual' in pillar.get('postfix', '') %} -{{ postmap_file('virtual') }} -{% endif %} - -# manage /etc/postfix/relay_domains if data found in pillar -{% if 'relay_domains' in pillar.get('postfix', '') %} -{{ postmap_file('relay_domains') }} -{% endif %} - -# manage /etc/postfix/sasl_passwd if data found in pillar -{% if 'sasl_passwd' in pillar.get('postfix', '') %} -{{ postmap_file('sasl_passwd', 600) }} -{% endif %} - -# manage /etc/postfix/sender_canonical if data found in pillar -{% if 'sender_canonical' in pillar.get('postfix', '') %} -{{ postmap_file('sender_canonical') }} -{% endif %} +# manage various mappings +{% for mapping, data in salt['pillar.get']('postfix:mapping', {}).items() %} + {%- set need_postmap = False %} + {%- set file_path = salt['pillar.get']('postfix:config:' ~ mapping) %} + {%- if ':' in file_path %} + {%- set file_path = file_path.split(':')[1] %} + {%- set need_postmap = True %} + {%- endif %} +postfix_{{ mapping }}: + file.managed: + - name: {{ file_path }} + - source: salt://postfix/files/mapping.j2 + - user: root + - group: root + {%- if mapping == 'smtp_sasl_password_maps' %} + - mode: 600 + {%- else %} + - mode: 644 + {%- endif %} + - template: jinja + - context: + data: {{ data|json() }} + - require: + - pkg: postfix + {%- if need_postmap %} + cmd.wait: + - name: /usr/sbin/postmap {{ file_path }} + - cwd: / + - watch: + - file: {{ file_path }} + - watch_in: + - service: postfix + {%- endif %} +{% endfor %} diff --git a/postfix/relay_domains b/postfix/relay_domains deleted file mode 100644 index 1992301..0000000 --- a/postfix/relay_domains +++ /dev/null @@ -1,7 +0,0 @@ -# Managed by config management -{% set canonical = salt['pillar.get']('postfix:relay_domains',{}) -%} -{% if canonical is iterable -%} -{% for key,value in salt['pillar.get']('postfix:relay_domains',{}).iteritems() -%} -{{ key }} {{ value }} -{% endfor %} -{% endif %} diff --git a/postfix/sasl_passwd b/postfix/sasl_passwd deleted file mode 100644 index df651c3..0000000 --- a/postfix/sasl_passwd +++ /dev/null @@ -1,7 +0,0 @@ -# Managed by config management -{% set canonical = salt['pillar.get']('postfix:sasl_passwd',{}) -%} -{% if canonical is iterable -%} -{% for key,value in salt['pillar.get']('postfix:sasl_passwd',{}).iteritems() -%} -{{ key }} {{ value }} -{% endfor %} -{% endif %} diff --git a/postfix/sender_canonical b/postfix/sender_canonical deleted file mode 100644 index b0f7e9c..0000000 --- a/postfix/sender_canonical +++ /dev/null @@ -1,7 +0,0 @@ -# Managed by config management -{% set canonical = salt['pillar.get']('postfix:sender_canonical',{}) -%} -{% if canonical is iterable -%} - {% for key,value in salt['pillar.get']('postfix:sender_canonical',{}).iteritems() -%} - {{ key }} {{ value }} - {% endfor %} -{% endif %} diff --git a/postfix/virtual b/postfix/virtual deleted file mode 100644 index 55f9f43..0000000 --- a/postfix/virtual +++ /dev/null @@ -1,17 +0,0 @@ -# Managed by config management -{% set virtual = salt['pillar.get']('postfix:virtual',{}) -%} -{# to have virtual file emptied, just set an empty key 'virtual' -#} -{% if virtual is iterable -%} - {% for key, value in virtual.iteritems() -%} - {# Mutiple values available for single key in virtual alias maps - ie for dist groups -#} - {# We test if list was provided as value, and iterate if so -#} - {% if value is iterable and value is not string -%} - {% for item in value -%} -{{key }} {{ item }} - {% endfor -%} - {% else -%} - {# ..otherwise expect it to be just a string for the value -#} -{{ key }} {{ value }} - {% endif -%} - {% endfor -%} -{% endif -%}