Compare commits

..

9 Commits

9 changed files with 172 additions and 58 deletions

View File

@ -62,12 +62,15 @@ bundle agent certbot_cert(site,webroot)
vars: vars:
"domain" string => "$(site[domain])"; "domain" string => "$(site[domain])";
"keytype" string => "rsa"; "keytype" string => "rsa";
"ds" slist => {"$(site[domain])"}; "ds" slist => {"$(site[domain])"};
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases])))); "domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
"site_json" string => storejson(@(site)); "site_json" string => storejson(@(site));
"args" string => string_mustache( "args" string => string_mustache(
@ -79,19 +82,27 @@ vars:
"--standalone", "--standalone",
"--webroot -w $(webroot)"); "--webroot -w $(webroot)");
"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem";
"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
if => isvariable ("site[domain]");
files: files:
"$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created" # "$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created"
create => "true", # create => "true",
content => "$(args)", # content => "$(args)",
classes => if_repaired(certbot_repaired); # classes => if_repaired(certbot_repaired);
classes: classes:
"no_cert_file" # "no_cert_file"
comment => "run certbot because no cert dir exists", # comment => "run certbot because no cert dir exists",
not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])"); # not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
# "run_certbot"
# or => {no_cert_file, certbot_repaired};
"run_certbot" "run_certbot"
or => {no_cert_file, certbot_repaired}; expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)"));
defaults: defaults:
"webroot" string => "standalone"; "webroot" string => "standalone";
@ -113,6 +124,15 @@ commands:
args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)"; args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
reports: reports:
# "CURRENT DOMAINS FOR $(site[domain]) : $(current_domains)";
# "EXEC IST: $(cert_test_cmd)";
# "IS '$(domains_txt)' == '$(current_domains_txt) ' ?";
# run_certbot_new::
# "WE MUST RUN CERTBOT FOR $(domains_txt)";
# !run_certbot_new::
# "WE SHOULD NOT RUN CERTBOT FOR $(domains_txt)";
} }

View File

@ -4,6 +4,8 @@
bundle agent dovecot(cfg) bundle agent dovecot(cfg)
{ {
classes:
"use_ssl" expression => strcmp("$(cfg[ssl])","true");
vars: vars:
freebsd:: freebsd::
"cfg_dir" string => "/usr/local/etc/dovecot"; "cfg_dir" string => "/usr/local/etc/dovecot";
@ -49,13 +51,8 @@ vars:
"submission_cert" string => "$(cfg_dir)/private/submission.crt"; "submission_cert" string => "$(cfg_dir)/private/submission.crt";
"service_name" string => "dovecot"; "service_name" string => "dovecot";
use_ssl::
"service_deps" slist => {
methods:
"any" usebundle => wmde_install_packages(@(pkgs),"dovecot");
"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
depends_on => {
"dovecot_pkgs_installed", "dovecot_pkgs_installed",
"dovecot_cfg_created", "dovecot_cfg_created",
"dovecot_imap_key_installed", "dovecot_imap_key_installed",
@ -63,7 +60,19 @@ methods:
"dovecot_submission_key_installed", "dovecot_submission_key_installed",
"dovecot_submission_cert_installed", "dovecot_submission_cert_installed",
}; };
services: !use_ssl::
"service_deps" slist => {
"dovecot_pkgs_installed",
"dovecot_cfg_created",
};
methods:
"any" usebundle => wmde_install_packages(@(pkgs),"dovecot");
"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
depends_on => @(service_deps);
files: files:
"$(cfg_dir)/." "$(cfg_dir)/."
@ -81,6 +90,8 @@ files:
handle => "dovecot_cfg_created", handle => "dovecot_cfg_created",
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/dovecot/dovecot.conf.mustache"; edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/dovecot/dovecot.conf.mustache";
use_ssl::
"$(imap_cert)" "$(imap_cert)"
handle => "dovecot_imap_cert_installed", handle => "dovecot_imap_cert_installed",
classes => if_repaired(dovecot_repaired), classes => if_repaired(dovecot_repaired),
@ -109,6 +120,11 @@ files:
reports: reports:
use_ssl::
"USE_SSL: TRUE";
!use_ssl::
"USE_SSL: FALSE";
# "IMAP_CERT: $(imap_cert)"; # "IMAP_CERT: $(imap_cert)";
# #
# dovecot_kept:: # dovecot_kept::
@ -135,3 +151,10 @@ files:
} }
bundle agent install_dovecot_pkgs
{
methods:
"any" usebundle => wmde_install_packages(@(dovecot.pkgs),"dovecot");
}

View File

@ -81,7 +81,8 @@ users:
classes => if_repaired(postfix_repaired); classes => if_repaired(postfix_repaired);
methods: methods:
"any" usebundle => wmde_install_packages(@(pkgs),"postfix"); # "any" usebundle => wmde_install_packages(@(pkgs),"postfix");
"any" usebundle => install_postfix_pkgs;
"any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"), "any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"),
depends_on => { depends_on => {
"postfix_pkgs_installed", "postfix_pkgs_installed",
@ -246,3 +247,13 @@ reports:
} }
#
# Install postfix pacgages as they come from repos
# This sould also create the postfix user
#
bundle agent install_postfix_pkgs
{
methods:
"any" usebundle => wmde_install_packages(@(postfix.pkgs),"postfix");
}

View File

@ -76,7 +76,7 @@ classes:
commands: commands:
install_yum_repo:: install_yum_repo::
"wget" "wget"
args => "-qO /etc/yum.repos.d/rspamd.repo https://rspamd.com/rpm-stable/centos-8/rspamd.repo && rpm --import https://rspamd.com/rpm-stable/gpg.key && yum update -y", args => "-qO /etc/yum.repos.d/rspamd.repo https://rspamd.com/rpm-stable/centos-$(sys.os_version_major)/rspamd.repo && rpm --import https://rspamd.com/rpm-stable/gpg.key && yum update -y",
contain => wmde_cmd_useshell; contain => wmde_cmd_useshell;

View File

@ -42,9 +42,9 @@ vars:
methods: methods:
"any" usebundle => install_system_repos; "any" usebundle => install_system_repos, handle => "system_repos_installed";
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan"), "any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan"),
depends_on => {"system_repos_pkgs_installed"}; depends_on => {"system_repos_installed"};
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"), "any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
depends_on => @(service_deps); depends_on => @(service_deps);
files: files:

View File

@ -8,6 +8,10 @@ classes:
"sympa_b"; "sympa_b";
vars: vars:
"user" string => "sympa";
"group" string => "sympa";
debian:: debian::
"lib_dir" string => "/usr/lib/sympa"; "lib_dir" string => "/usr/lib/sympa";
"var_lib_dir" string => "/var/lib/sympa"; "var_lib_dir" string => "/var/lib/sympa";
@ -126,6 +130,20 @@ commands:
depends_on => {"sympa_config_updated"}; depends_on => {"sympa_config_updated"};
# Configure Backup stuff
files:
run_backups::
"$(cfg[backup_dir])/."
create => "true";
methods:
run_backups::
"any" usebundle => create_mysql_backup_cron_job(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql","user_table","true");
!run_backups::
"any" usebundle => create_mysql_backup_cron_job(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql","user_table","false");
} }
@ -313,7 +331,16 @@ methods:
reports: reports:
} }
bundle agent sympa_create_mailname(cfg)
{
files:
debian::
"/etc/mailname"
create => "true",
perms => m("644"),
content=>"$(cfg[settings][domain])";
}
@ -324,6 +351,7 @@ vars:
"domains_idx" slist => getindices(@(cfg[domains])); "domains_idx" slist => getindices(@(cfg[domains]));
# "cfg_domains" slist => {"a","b","c"}; # "cfg_domains" slist => {"a","b","c"};
methods: methods:
"any" usebundle => sympa_create_mailname(@(cfg));
"any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa"); "any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa");
"any" usebundle => sympa_update_config(@(cfg)); "any" usebundle => sympa_update_config(@(cfg));
"any" usebundle => sympa_init_db(@(cfg)); "any" usebundle => sympa_init_db(@(cfg));
@ -553,5 +581,10 @@ methods:
reports: reports:
run_backup::
"SYMPA IS RUN BACKUP";
!run_backup::
"SYMPA DOES NOT RUN BACKUP";
} }

View File

@ -4,14 +4,17 @@
protocols = {{#vars.dovecot.cfg.protocols}} {{.}} {{/vars.dovecot.cfg.protocols}} protocols = {{#vars.dovecot.cfg.protocols}} {{.}} {{/vars.dovecot.cfg.protocols}}
service imap-login { #service imap-login {
inet_listener imap { # inet_listener imap {
#port = 143 # #port = 143
} # }
inet_listener imaps { #
port = 993 #{{#vars.dovecot.cfg.ssl}}
ssl = yes # inet_listener imaps {
} # port = 993
# ssl = yes
# }
#{{/vars.dovecot.cfg.ssl}}
# Number of connections to handle before starting a new process. Typically # Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
@ -23,12 +26,14 @@ service imap-login {
# If you set service_count=0, you probably need to grow this. # If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit #vsz_limit = $default_vsz_limit
} #}
protocol imap { protocol imap {
{{#vars.dovecot.cfg.ssl}}
ssl_cert = <{{vars.dovecot.imap_cert}} ssl_cert = <{{vars.dovecot.imap_cert}}
ssl_key = <{{vars.dovecot.imap_key}} ssl_key = <{{vars.dovecot.imap_key}}
{{/vars.dovecot.cfg.ssl}}
# Space separated list of plugins to load (default is global mail_plugins). # Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins #mail_plugins = $mail_plugins
@ -40,8 +45,10 @@ protocol imap {
protocol submission { protocol submission {
{{#vars.dovecot.cfg.ssl}}
ssl_cert = <{{vars.dovecot.submission_cert}} ssl_cert = <{{vars.dovecot.submission_cert}}
ssl_key = <{{vars.dovecot.submission_key}} ssl_key = <{{vars.dovecot.submission_key}}
{{/vars.dovecot.cfg.ssl}}
# Space separated list of plugins to load (default is global mail_plugins). # Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins #mail_plugins = $mail_plugins
@ -51,6 +58,15 @@ protocol submission {
#mail_max_userip_connections = 10 #mail_max_userip_connections = 10
} }
protocol lda {
mail_plugins = $mail_plugins sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
{{#vars.dovecot.cfg.userdbs}} {{#vars.dovecot.cfg.userdbs}}
userdb { userdb {

View File

@ -110,6 +110,15 @@ mail_owner = {{vars.postfix.mail_owner}}
# #
#mydomain = domain.tld #mydomain = domain.tld
#
# CFengine Raw
#
{{vars.postfix.cfg.main_raw}}
#
# CFengine Raw End
#
# SENDING MAIL # SENDING MAIL
# #
# The myorigin parameter specifies the domain that locally-posted # The myorigin parameter specifies the domain that locally-posted
@ -190,7 +199,7 @@ mail_owner = {{vars.postfix.mail_owner}}
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain # mail.$mydomain, www.$mydomain, ftp.$mydomain
mydestination = {{#vars.postfix.cfg.mydestination}} {{.}} {{/vars.postfix.cfg.mydestination}} # mydestination =
# REJECTING MAIL FOR UNKNOWN LOCAL USERS # REJECTING MAIL FOR UNKNOWN LOCAL USERS
# #
@ -688,7 +697,7 @@ setgid_group = {{vars.postfix.mail_group}}
# readme_directory: The location of the Postfix README files. # readme_directory: The location of the Postfix README files.
# #
#readme_directory = /usr/local/share/doc/postfix #readme_directory = /usr/local/share/doc/postfix
inet_protocols = all #inet_protocols = all
# smtp CA path (default to system-wide location) # smtp CA path (default to system-wide location)
smtp_tls_CApath = /etc/ssl/certs smtp_tls_CApath = /etc/ssl/certs
@ -705,5 +714,4 @@ milter_default_action = reject
# #
non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}} non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}}
{{vars.postfix.cfg.main_raw}}

View File

@ -51,10 +51,13 @@ postlog unix-dgram n - n - 1 postlogd
# #
# {{comment}} # {{comment}}
# #
{{@}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}} {{#enable}}
{{#args}} {{co}}{{name}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}}
{{{.}}} {{#args}}
{{/args}} {{co}} {{{.}}}
{{/args}}
{{/enable}}
{{/vars.postfix.cfg.services}} {{/vars.postfix.cfg.services}}
# CFEngine Raw Start # CFEngine Raw Start