defaults = { 'apt': { 'packages': { 'postfix': {}, }, }, 'icinga2_api': { 'postfix': { 'services': { 'POSTFIX PROCESS': { 'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit postfix@-', }, 'POSTFIX QUEUE': { 'command_on_monitored_host': 'sudo /usr/local/share/icinga/plugins/check_postfix_queue -w 20 -c 40 -d 50', }, }, }, }, } if node.has_bundle('postfixadmin'): defaults['backups'] = { 'paths': { '/var/mail', }, } defaults['icinga2_api']['postfix']['services'].update({ 'SMTP CONNECT': { 'check_command': 'check_smtp', }, 'SMTP SUBMISSION CONNECT': { 'check_command': 'check_smtp', 'vars.port': '587', }, }) else: defaults['icinga2_api']['postfix']['services'].update({ 'SMTP CONNECT': { 'command_on_monitored_host': '/usr/lib/nagios/plugins/check_smtp -H localhost', }, }) # FIXME find a working, non-shitty check for that #@metadata_reactor def fill_icinga_spam_blocklist_check_with_hostname(metadata): checks = {} for variant, ips in repo.libs.tools.resolve_identifier(repo, node.name).items(): for ip in ips: if not ip.is_private: checks[f'SPAM BLOCKLIST {ip}'] = { 'check_command': 'check_rbl', 'vars.ip': str(ip), } return { 'icinga2_api': { 'postfix': { 'services': checks, }, }, } @metadata_reactor def letsencrypt(metadata): if not node.has_bundle('letsencrypt'): raise DoNotRunAgain result = { 'reload_after': { 'postfix', }, } myhostname = metadata.get('postfix/myhostname', None) if myhostname and myhostname != metadata.get('hostname'): result['domains'] = { myhostname: set(), } return { 'letsencrypt': result, }