Compare commits
9 Commits
1aed9ae685
...
30300d06d9
Author | SHA1 | Date |
---|---|---|
Tobias Herre | 30300d06d9 | |
Tobias Herre | 7d3d409c55 | |
Tobias Herre | bbe634e574 | |
Tobias Herre | 39141f1c03 | |
Tobias Herre | 5edbe76402 | |
Tobias Herre | 2733ab9e7e | |
Tobias Herre | b664604535 | |
Tobias Herre | ba5b0e2ed5 | |
Tobias Herre | fc5c2ca129 |
36
certbot.cf
36
certbot.cf
|
@ -62,12 +62,15 @@ bundle agent certbot_cert(site,webroot)
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
|
|
||||||
|
|
||||||
"domain" string => "$(site[domain])";
|
"domain" string => "$(site[domain])";
|
||||||
"keytype" string => "rsa";
|
"keytype" string => "rsa";
|
||||||
|
|
||||||
"ds" slist => {"$(site[domain])"};
|
"ds" slist => {"$(site[domain])"};
|
||||||
|
|
||||||
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
|
"domains" slist => sort(mergedata(@(ds),getvalues(@(site[aliases]))));
|
||||||
|
"domains_txt" string => string_mustache("{{#-top-}}{{.}} {{/-top-}}",@(domains));
|
||||||
|
|
||||||
|
|
||||||
"site_json" string => storejson(@(site));
|
"site_json" string => storejson(@(site));
|
||||||
"args" string => string_mustache(
|
"args" string => string_mustache(
|
||||||
|
@ -79,19 +82,27 @@ vars:
|
||||||
"--standalone",
|
"--standalone",
|
||||||
"--webroot -w $(webroot)");
|
"--webroot -w $(webroot)");
|
||||||
|
|
||||||
|
"cert_test_cmd" string => "$(def.wmde_lib)/scripts/get-domains-from-cert.sh $(certbot.certbot_dir)/live/$(site[domain])/cert.pem";
|
||||||
|
|
||||||
|
"current_domains_txt" string => execresult("/bin/sh $(cert_test_cmd)","useshell"),
|
||||||
|
if => isvariable ("site[domain]");
|
||||||
|
|
||||||
files:
|
files:
|
||||||
"$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created"
|
# "$(sys.workdir)/data/agent/certbot/$(site[domain])-cert-created"
|
||||||
create => "true",
|
# create => "true",
|
||||||
content => "$(args)",
|
# content => "$(args)",
|
||||||
classes => if_repaired(certbot_repaired);
|
# classes => if_repaired(certbot_repaired);
|
||||||
|
|
||||||
classes:
|
classes:
|
||||||
"no_cert_file"
|
# "no_cert_file"
|
||||||
comment => "run certbot because no cert dir exists",
|
# comment => "run certbot because no cert dir exists",
|
||||||
not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
|
# not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
|
||||||
|
|
||||||
|
# "run_certbot"
|
||||||
|
# or => {no_cert_file, certbot_repaired};
|
||||||
|
|
||||||
"run_certbot"
|
"run_certbot"
|
||||||
or => {no_cert_file, certbot_repaired};
|
expression => not (strcmp("$(current_domains_txt) ","$(domains_txt)"));
|
||||||
|
|
||||||
defaults:
|
defaults:
|
||||||
"webroot" string => "standalone";
|
"webroot" string => "standalone";
|
||||||
|
@ -113,6 +124,15 @@ commands:
|
||||||
args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
|
args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
|
||||||
|
|
||||||
reports:
|
reports:
|
||||||
|
# "CURRENT DOMAINS FOR $(site[domain]) : $(current_domains)";
|
||||||
|
# "EXEC IST: $(cert_test_cmd)";
|
||||||
|
|
||||||
|
# "IS '$(domains_txt)' == '$(current_domains_txt) ' ?";
|
||||||
|
|
||||||
|
# run_certbot_new::
|
||||||
|
# "WE MUST RUN CERTBOT FOR $(domains_txt)";
|
||||||
|
# !run_certbot_new::
|
||||||
|
# "WE SHOULD NOT RUN CERTBOT FOR $(domains_txt)";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
39
dovecot.cf
39
dovecot.cf
|
@ -4,6 +4,8 @@
|
||||||
|
|
||||||
bundle agent dovecot(cfg)
|
bundle agent dovecot(cfg)
|
||||||
{
|
{
|
||||||
|
classes:
|
||||||
|
"use_ssl" expression => strcmp("$(cfg[ssl])","true");
|
||||||
vars:
|
vars:
|
||||||
freebsd::
|
freebsd::
|
||||||
"cfg_dir" string => "/usr/local/etc/dovecot";
|
"cfg_dir" string => "/usr/local/etc/dovecot";
|
||||||
|
@ -49,13 +51,8 @@ vars:
|
||||||
"submission_cert" string => "$(cfg_dir)/private/submission.crt";
|
"submission_cert" string => "$(cfg_dir)/private/submission.crt";
|
||||||
"service_name" string => "dovecot";
|
"service_name" string => "dovecot";
|
||||||
|
|
||||||
|
use_ssl::
|
||||||
|
"service_deps" slist => {
|
||||||
|
|
||||||
methods:
|
|
||||||
"any" usebundle => wmde_install_packages(@(pkgs),"dovecot");
|
|
||||||
"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
|
|
||||||
depends_on => {
|
|
||||||
"dovecot_pkgs_installed",
|
"dovecot_pkgs_installed",
|
||||||
"dovecot_cfg_created",
|
"dovecot_cfg_created",
|
||||||
"dovecot_imap_key_installed",
|
"dovecot_imap_key_installed",
|
||||||
|
@ -63,7 +60,19 @@ methods:
|
||||||
"dovecot_submission_key_installed",
|
"dovecot_submission_key_installed",
|
||||||
"dovecot_submission_cert_installed",
|
"dovecot_submission_cert_installed",
|
||||||
};
|
};
|
||||||
services:
|
!use_ssl::
|
||||||
|
"service_deps" slist => {
|
||||||
|
"dovecot_pkgs_installed",
|
||||||
|
"dovecot_cfg_created",
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
methods:
|
||||||
|
"any" usebundle => wmde_install_packages(@(pkgs),"dovecot");
|
||||||
|
"any" usebundle => wmde_service("$(service_name)","dovecot_kept","dovecot_repaired"),
|
||||||
|
depends_on => @(service_deps);
|
||||||
|
|
||||||
files:
|
files:
|
||||||
"$(cfg_dir)/."
|
"$(cfg_dir)/."
|
||||||
|
@ -81,6 +90,8 @@ files:
|
||||||
handle => "dovecot_cfg_created",
|
handle => "dovecot_cfg_created",
|
||||||
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/dovecot/dovecot.conf.mustache";
|
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/dovecot/dovecot.conf.mustache";
|
||||||
|
|
||||||
|
use_ssl::
|
||||||
|
|
||||||
"$(imap_cert)"
|
"$(imap_cert)"
|
||||||
handle => "dovecot_imap_cert_installed",
|
handle => "dovecot_imap_cert_installed",
|
||||||
classes => if_repaired(dovecot_repaired),
|
classes => if_repaired(dovecot_repaired),
|
||||||
|
@ -109,6 +120,11 @@ files:
|
||||||
|
|
||||||
|
|
||||||
reports:
|
reports:
|
||||||
|
use_ssl::
|
||||||
|
"USE_SSL: TRUE";
|
||||||
|
!use_ssl::
|
||||||
|
"USE_SSL: FALSE";
|
||||||
|
|
||||||
# "IMAP_CERT: $(imap_cert)";
|
# "IMAP_CERT: $(imap_cert)";
|
||||||
#
|
#
|
||||||
# dovecot_kept::
|
# dovecot_kept::
|
||||||
|
@ -135,3 +151,10 @@ files:
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bundle agent install_dovecot_pkgs
|
||||||
|
{
|
||||||
|
methods:
|
||||||
|
"any" usebundle => wmde_install_packages(@(dovecot.pkgs),"dovecot");
|
||||||
|
}
|
||||||
|
|
13
postfix.cf
13
postfix.cf
|
@ -81,7 +81,8 @@ users:
|
||||||
classes => if_repaired(postfix_repaired);
|
classes => if_repaired(postfix_repaired);
|
||||||
|
|
||||||
methods:
|
methods:
|
||||||
"any" usebundle => wmde_install_packages(@(pkgs),"postfix");
|
# "any" usebundle => wmde_install_packages(@(pkgs),"postfix");
|
||||||
|
"any" usebundle => install_postfix_pkgs;
|
||||||
"any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"),
|
"any" usebundle => wmde_service("$(service_name)","postfix_kept","postfix_repaired"),
|
||||||
depends_on => {
|
depends_on => {
|
||||||
"postfix_pkgs_installed",
|
"postfix_pkgs_installed",
|
||||||
|
@ -246,3 +247,13 @@ reports:
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Install postfix pacgages as they come from repos
|
||||||
|
# This sould also create the postfix user
|
||||||
|
#
|
||||||
|
bundle agent install_postfix_pkgs
|
||||||
|
{
|
||||||
|
methods:
|
||||||
|
"any" usebundle => wmde_install_packages(@(postfix.pkgs),"postfix");
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -76,7 +76,7 @@ classes:
|
||||||
commands:
|
commands:
|
||||||
install_yum_repo::
|
install_yum_repo::
|
||||||
"wget"
|
"wget"
|
||||||
args => "-qO /etc/yum.repos.d/rspamd.repo https://rspamd.com/rpm-stable/centos-8/rspamd.repo && rpm --import https://rspamd.com/rpm-stable/gpg.key && yum update -y",
|
args => "-qO /etc/yum.repos.d/rspamd.repo https://rspamd.com/rpm-stable/centos-$(sys.os_version_major)/rspamd.repo && rpm --import https://rspamd.com/rpm-stable/gpg.key && yum update -y",
|
||||||
contain => wmde_cmd_useshell;
|
contain => wmde_cmd_useshell;
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -42,9 +42,9 @@ vars:
|
||||||
|
|
||||||
|
|
||||||
methods:
|
methods:
|
||||||
"any" usebundle => install_system_repos;
|
"any" usebundle => install_system_repos, handle => "system_repos_installed";
|
||||||
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan"),
|
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan"),
|
||||||
depends_on => {"system_repos_pkgs_installed"};
|
depends_on => {"system_repos_installed"};
|
||||||
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
|
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
|
||||||
depends_on => @(service_deps);
|
depends_on => @(service_deps);
|
||||||
files:
|
files:
|
||||||
|
|
33
sympa.cf
33
sympa.cf
|
@ -8,6 +8,10 @@ classes:
|
||||||
"sympa_b";
|
"sympa_b";
|
||||||
|
|
||||||
vars:
|
vars:
|
||||||
|
"user" string => "sympa";
|
||||||
|
"group" string => "sympa";
|
||||||
|
|
||||||
|
|
||||||
debian::
|
debian::
|
||||||
"lib_dir" string => "/usr/lib/sympa";
|
"lib_dir" string => "/usr/lib/sympa";
|
||||||
"var_lib_dir" string => "/var/lib/sympa";
|
"var_lib_dir" string => "/var/lib/sympa";
|
||||||
|
@ -126,6 +130,20 @@ commands:
|
||||||
depends_on => {"sympa_config_updated"};
|
depends_on => {"sympa_config_updated"};
|
||||||
|
|
||||||
|
|
||||||
|
# Configure Backup stuff
|
||||||
|
files:
|
||||||
|
run_backups::
|
||||||
|
"$(cfg[backup_dir])/."
|
||||||
|
create => "true";
|
||||||
|
methods:
|
||||||
|
run_backups::
|
||||||
|
"any" usebundle => create_mysql_backup_cron_job(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql","user_table","true");
|
||||||
|
!run_backups::
|
||||||
|
"any" usebundle => create_mysql_backup_cron_job(@(cfg[db_settings]),"$(cfg[backup_dir])/sympa.sql","user_table","false");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -313,7 +331,16 @@ methods:
|
||||||
reports:
|
reports:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bundle agent sympa_create_mailname(cfg)
|
||||||
|
{
|
||||||
|
files:
|
||||||
|
debian::
|
||||||
|
"/etc/mailname"
|
||||||
|
create => "true",
|
||||||
|
perms => m("644"),
|
||||||
|
content=>"$(cfg[settings][domain])";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -324,6 +351,7 @@ vars:
|
||||||
"domains_idx" slist => getindices(@(cfg[domains]));
|
"domains_idx" slist => getindices(@(cfg[domains]));
|
||||||
# "cfg_domains" slist => {"a","b","c"};
|
# "cfg_domains" slist => {"a","b","c"};
|
||||||
methods:
|
methods:
|
||||||
|
"any" usebundle => sympa_create_mailname(@(cfg));
|
||||||
"any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa");
|
"any" usebundle => wmde_install_packages(@(sympa.pkgs),"sympa");
|
||||||
"any" usebundle => sympa_update_config(@(cfg));
|
"any" usebundle => sympa_update_config(@(cfg));
|
||||||
"any" usebundle => sympa_init_db(@(cfg));
|
"any" usebundle => sympa_init_db(@(cfg));
|
||||||
|
@ -553,5 +581,10 @@ methods:
|
||||||
|
|
||||||
|
|
||||||
reports:
|
reports:
|
||||||
|
run_backup::
|
||||||
|
"SYMPA IS RUN BACKUP";
|
||||||
|
|
||||||
|
!run_backup::
|
||||||
|
"SYMPA DOES NOT RUN BACKUP";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,14 +4,17 @@
|
||||||
|
|
||||||
protocols = {{#vars.dovecot.cfg.protocols}} {{.}} {{/vars.dovecot.cfg.protocols}}
|
protocols = {{#vars.dovecot.cfg.protocols}} {{.}} {{/vars.dovecot.cfg.protocols}}
|
||||||
|
|
||||||
service imap-login {
|
#service imap-login {
|
||||||
inet_listener imap {
|
# inet_listener imap {
|
||||||
#port = 143
|
# #port = 143
|
||||||
}
|
# }
|
||||||
inet_listener imaps {
|
#
|
||||||
port = 993
|
#{{#vars.dovecot.cfg.ssl}}
|
||||||
ssl = yes
|
# inet_listener imaps {
|
||||||
}
|
# port = 993
|
||||||
|
# ssl = yes
|
||||||
|
# }
|
||||||
|
#{{/vars.dovecot.cfg.ssl}}
|
||||||
|
|
||||||
# Number of connections to handle before starting a new process. Typically
|
# Number of connections to handle before starting a new process. Typically
|
||||||
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
@ -23,12 +26,14 @@ service imap-login {
|
||||||
|
|
||||||
# If you set service_count=0, you probably need to grow this.
|
# If you set service_count=0, you probably need to grow this.
|
||||||
#vsz_limit = $default_vsz_limit
|
#vsz_limit = $default_vsz_limit
|
||||||
}
|
#}
|
||||||
|
|
||||||
protocol imap {
|
protocol imap {
|
||||||
|
|
||||||
|
{{#vars.dovecot.cfg.ssl}}
|
||||||
ssl_cert = <{{vars.dovecot.imap_cert}}
|
ssl_cert = <{{vars.dovecot.imap_cert}}
|
||||||
ssl_key = <{{vars.dovecot.imap_key}}
|
ssl_key = <{{vars.dovecot.imap_key}}
|
||||||
|
{{/vars.dovecot.cfg.ssl}}
|
||||||
|
|
||||||
# Space separated list of plugins to load (default is global mail_plugins).
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
#mail_plugins = $mail_plugins
|
#mail_plugins = $mail_plugins
|
||||||
|
@ -40,8 +45,10 @@ protocol imap {
|
||||||
|
|
||||||
protocol submission {
|
protocol submission {
|
||||||
|
|
||||||
|
{{#vars.dovecot.cfg.ssl}}
|
||||||
ssl_cert = <{{vars.dovecot.submission_cert}}
|
ssl_cert = <{{vars.dovecot.submission_cert}}
|
||||||
ssl_key = <{{vars.dovecot.submission_key}}
|
ssl_key = <{{vars.dovecot.submission_key}}
|
||||||
|
{{/vars.dovecot.cfg.ssl}}
|
||||||
|
|
||||||
# Space separated list of plugins to load (default is global mail_plugins).
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
#mail_plugins = $mail_plugins
|
#mail_plugins = $mail_plugins
|
||||||
|
@ -51,6 +58,15 @@ protocol submission {
|
||||||
#mail_max_userip_connections = 10
|
#mail_max_userip_connections = 10
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
}
|
||||||
|
protocol lmtp {
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
{{#vars.dovecot.cfg.userdbs}}
|
{{#vars.dovecot.cfg.userdbs}}
|
||||||
userdb {
|
userdb {
|
||||||
|
|
|
@ -110,6 +110,15 @@ mail_owner = {{vars.postfix.mail_owner}}
|
||||||
#
|
#
|
||||||
#mydomain = domain.tld
|
#mydomain = domain.tld
|
||||||
|
|
||||||
|
#
|
||||||
|
# CFengine Raw
|
||||||
|
#
|
||||||
|
{{vars.postfix.cfg.main_raw}}
|
||||||
|
#
|
||||||
|
# CFengine Raw End
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
# SENDING MAIL
|
# SENDING MAIL
|
||||||
#
|
#
|
||||||
# The myorigin parameter specifies the domain that locally-posted
|
# The myorigin parameter specifies the domain that locally-posted
|
||||||
|
@ -190,7 +199,7 @@ mail_owner = {{vars.postfix.mail_owner}}
|
||||||
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
|
||||||
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
# mail.$mydomain, www.$mydomain, ftp.$mydomain
|
||||||
|
|
||||||
mydestination = {{#vars.postfix.cfg.mydestination}} {{.}} {{/vars.postfix.cfg.mydestination}}
|
# mydestination =
|
||||||
|
|
||||||
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
# REJECTING MAIL FOR UNKNOWN LOCAL USERS
|
||||||
#
|
#
|
||||||
|
@ -688,7 +697,7 @@ setgid_group = {{vars.postfix.mail_group}}
|
||||||
# readme_directory: The location of the Postfix README files.
|
# readme_directory: The location of the Postfix README files.
|
||||||
#
|
#
|
||||||
#readme_directory = /usr/local/share/doc/postfix
|
#readme_directory = /usr/local/share/doc/postfix
|
||||||
inet_protocols = all
|
#inet_protocols = all
|
||||||
|
|
||||||
# smtp CA path (default to system-wide location)
|
# smtp CA path (default to system-wide location)
|
||||||
smtp_tls_CApath = /etc/ssl/certs
|
smtp_tls_CApath = /etc/ssl/certs
|
||||||
|
@ -705,5 +714,4 @@ milter_default_action = reject
|
||||||
#
|
#
|
||||||
non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}}
|
non_smtpd_milters = {{#vars.postfix.cfg.non_smtpd_milters}} {{.}}{{/vars.postfix.cfg.non_smtpd_milters}}
|
||||||
|
|
||||||
{{vars.postfix.cfg.main_raw}}
|
|
||||||
|
|
||||||
|
|
|
@ -51,10 +51,13 @@ postlog unix-dgram n - n - 1 postlogd
|
||||||
#
|
#
|
||||||
# {{comment}}
|
# {{comment}}
|
||||||
#
|
#
|
||||||
{{@}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}}
|
{{#enable}}
|
||||||
{{#args}}
|
{{co}}{{name}} {{type}} {{private}} {{unpriv}} {{chroot}} {{wakeup}} {{maxproc}} {{command}}
|
||||||
{{{.}}}
|
{{#args}}
|
||||||
{{/args}}
|
{{co}} {{{.}}}
|
||||||
|
{{/args}}
|
||||||
|
{{/enable}}
|
||||||
|
|
||||||
{{/vars.postfix.cfg.services}}
|
{{/vars.postfix.cfg.services}}
|
||||||
|
|
||||||
# CFEngine Raw Start
|
# CFEngine Raw Start
|
||||||
|
|
Loading…
Reference in New Issue