bundles/postfix: add iptables config

2021-03-21 11:11:49 +01:00 · 2021-03-21 11:11:49 +01:00 · 5775001301
commit 5775001301
parent c9f008ad82
3 changed files with 27 additions and 11 deletions
--- a/bundles/postfix/metadata.py
+++ b/bundles/postfix/metadata.py
@ -1,3 +1,5 @@
+from bundlewrap.metadata import atomic
+
 defaults = {
    'apt': {
        'packages': {
@ -16,13 +18,6 @@ defaults = {
            },
        },
    },
-    'postfix': {
-        'mynetworks': {
-            '127.0.0.0/8',
-            '[::ffff:127.0.0.0]/104',
-            '[::1]/128',
-        },
-    },
 }

 if node.has_bundle('postfixadmin'):
@ -72,3 +67,27 @@ def letsencrypt(metadata):
    return {
        'letsencrypt': result,
    }
+
+
+@metadata_reactor.provides(
+    'iptables/port_rules/25',
+    'iptables/port_rules/587',
+)
+def iptables(metadata):
+    if node.has_bundle('postfixadmin'):
+        default = set('*')
+    else:
+        default = metadata.get('postfix/mynetworks', set())
+
+    rules = {
+        '25': atomic(metadata.get('postfix/restrict-to', default)),
+    }
+
+    if node.has_bundle('postfixadmin'):
+        rules['587'] = atomic(metadata.get('postfix/restrict-to', default))
+
+    return {
+        'iptables': {
+            'port_rules': rules,
+        },
+    }