if node.has_bundle('postfixadmin'): repo.libs.tools.require_bundle(node, 'letsencrypt') mynetworks = { '127.0.0.0/8', '[::1]/128', '[::ffff:127.0.0.0]/104', } for identifier in node.metadata.get('postfix/mynetworks', set()): ips = repo.libs.tools.resolve_identifier(repo, identifier) for ip in ips['ipv4']: mynetworks.add(str(ip)) for ip in ips['ipv6']: ip = str(ip) if '/' in ip: ip6, netmask = ip.split('/', 2) else: ip6 = ip netmask = '128' mynetworks.add(f'[{ip6}]/{netmask}') files = { '/etc/mailname': { 'content': node.metadata.get('postfix/myhostname'), 'before': { 'pkg_apt:postfix', }, 'triggers': { 'svc_systemd:postfix:restart', }, }, '/etc/aliases': { 'content_type': 'mako', 'triggers': { 'action:postfix_newaliases', }, }, '/etc/postfix/blocked_recipients': { 'content_type': 'mako', 'context': { 'blocked': node.metadata.get('postfix/blocked_recipients', set()), }, 'triggers': { 'action:postfix_postmap_blocked_recipients', 'svc_systemd:postfix:restart', }, }, '/etc/postfix/master.cf': { 'content_type': 'mako', 'triggers': { 'svc_systemd:postfix:restart', }, }, '/etc/postfix/main.cf': { 'content_type': 'mako', 'context': { 'mynetworks': mynetworks, }, 'triggers': { 'svc_systemd:postfix:restart', }, }, '/etc/postfix/submission_header_cleanup': { 'triggers': { 'svc_systemd:postfix:restart', }, }, '/usr/local/bin/postfix-telegraf-queue': { 'mode': '0755', }, '/usr/local/share/icinga/plugins/check_postfix_queue': { 'mode': '0755', }, } actions = { 'postfix_newaliases': { 'command': 'newaliases', 'triggered': True, 'needs': { 'pkg_apt:postfix', }, 'before': { 'svc_systemd:postfix', }, }, 'postfix_postmap_blocked_recipients': { 'command': 'postmap hash:/etc/postfix/blocked_recipients', 'triggered': True, 'needs': { 'pkg_apt:postfix', }, 'before': { 'svc_systemd:postfix', }, }, } svc_systemd = { 'postfix': { 'needs': { 'file:/etc/postfix/master.cf', 'file:/etc/postfix/main.cf', 'pkg_apt:postfix', }, }, }