bundlewrap/bundles/postfix/metadata.py

126 lines
3.2 KiB
Python
Raw Normal View History

2021-03-21 10:11:49 +00:00
from bundlewrap.metadata import atomic
2020-11-07 21:31:18 +00:00
defaults = {
'apt': {
'packages': {
'postfix': {},
'python3-dnsq': {},
2020-11-07 21:31:18 +00:00
},
},
2020-11-10 09:21:37 +00:00
'icinga2_api': {
'postfix': {
'services': {
'POSTFIX PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit postfix@-',
},
'POSTFIX QUEUE': {
'command_on_monitored_host': 'sudo /usr/local/share/icinga/plugins/check_postfix_queue -w 20 -c 40 -d 50',
},
},
},
},
2020-11-07 21:31:18 +00:00
}
2020-11-10 09:21:37 +00:00
if node.has_bundle('postfixadmin'):
2020-11-13 11:37:26 +00:00
defaults['backups'] = {
'paths': {
'/var/mail',
},
}
2020-11-10 09:21:37 +00:00
defaults['icinga2_api']['postfix']['services'].update({
'SMTP CONNECT': {
'check_command': 'check_smtp',
'vars.notification.sms': True,
2020-11-10 09:21:37 +00:00
},
'SMTP SUBMISSION CONNECT': {
'check_command': 'check_smtp',
'vars.port': '587',
2021-01-02 11:26:37 +00:00
'vars.notification.sms': True,
2020-11-10 09:21:37 +00:00
},
})
else:
defaults['icinga2_api']['postfix']['services'].update({
'SMTP CONNECT': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_smtp -H localhost',
},
})
@metadata_reactor.provides(
'letsencrypt/domains',
'letsencrypt/reload_after',
)
2020-11-07 21:31:18 +00:00
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt') or not node.has_bundle('postfixadmin'):
2020-11-07 21:31:18 +00:00
raise DoNotRunAgain
result = {
'reload_after': {
'postfix',
},
}
result['domains'] = {
metadata.get('postfix/myhostname', metadata.get('hostname')): set(),
}
2020-11-07 21:31:18 +00:00
return {
'letsencrypt': result,
}
2021-03-21 10:11:49 +00:00
@metadata_reactor.provides(
'iptables/port_rules/25',
'iptables/port_rules/587',
'iptables/port_rules/2525',
2021-03-21 10:11:49 +00:00
)
def iptables(metadata):
if node.has_bundle('postfixadmin'):
2021-04-04 08:34:55 +00:00
default = {'*'}
2021-03-21 10:11:49 +00:00
else:
default = metadata.get('postfix/mynetworks', set())
rules = {
'25': atomic(metadata.get('postfix/restrict-to', default)),
}
if node.has_bundle('postfixadmin'):
rules['587'] = atomic(metadata.get('postfix/restrict-to', default))
rules['2525'] = atomic(metadata.get('postfix/restrict-to', default))
2021-03-21 10:11:49 +00:00
return {
'iptables': {
'port_rules': rules,
},
}
@metadata_reactor.provides(
'icinga2_api/postfix/services',
)
def icinga2(metadata):
if metadata.get('postfix/relayhost', ''):
# The system does not send mail on its own. There is no point in
# checking it for any listings.
return {}
services = {}
for ip_type in repo.libs.tools.resolve_identifier(repo, node.name).values():
for ip in ip_type:
if not ip.is_private:
services[f'SPAM BLOCKLIST {ip}'] = {
'command_on_monitored_host': f'/usr/local/share/icinga/plugins/check_spam_blocklist {ip}',
'vars.sshmon_timeout': 15,
'check_interval': '15m',
'retry_interval': '5m',
}
return {
'icinga2_api': {
'postfix': {
'services': services,
},
},
}