bundles/postfix: mynetworks now supports identifiers

2021-04-01 16:59:49 +02:00 · 2021-04-01 16:59:49 +02:00 · 61c6188454
parent b7222e2cd1
commit 61c6188454
2 changed files with 25 additions and 1 deletions
--- a/bundles/postfix/files/main.cf
+++ b/bundles/postfix/files/main.cf
@ -6,7 +6,7 @@ compatibility_level = 2
 myhostname = ${node.metadata.get('postfix/myhostname', node.metadata['hostname'])}
 myorigin = /etc/mailname
 mydestination = $myhostname, localhost
-mynetworks = 127.0.0.0/8 [::1]/128 [::ffff:127.0.0.0]/104 ${' '.join(sorted(node.metadata.get('postfix/mynetworks', set())))}
+mynetworks = ${' '.join(sorted(mynetworks))}
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_protocols = all
--- a/bundles/postfix/items.py
+++ b/bundles/postfix/items.py
@ -1,6 +1,27 @@
 if node.has_bundle('postfixadmin'):
    assert node.has_bundle('letsencrypt')

+mynetworks = {
+    '127.0.0.0/8',
+    '[::1]/128',
+    '[::ffff:127.0.0.0]/104',
+}
+for identifier in node.metadata.get('postfix/mynetworks', set()):
+    print(identifier)
+    ips = repo.libs.tools.resolve_identifier(repo, identifier)
+
+    for ip in ips['ipv4']:
+        mynetworks.add(str(ip))
+
+    for ip in ips['ipv6']:
+        ip = str(ip)
+        if '/' in ip:
+            ip6, netmask = ip.split('/', 2)
+        else:
+            ip6 = ip
+            netmask = '128'
+        mynetworks.add(f'[{ip6}]/{netmask}')
+
 files = {
    '/etc/mailname': {
        'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
@ -22,6 +43,9 @@ files = {
    },
    '/etc/postfix/main.cf': {
        'content_type': 'mako',
+        'context': {
+            'mynetworks': mynetworks,
+        },
        'triggers': {
            'svc_systemd:postfix:restart',
        },