bundlewrap/bundles/postfix/metadata.py

87 lines
2.1 KiB
Python

defaults = {
'apt': {
'packages': {
'postfix': {},
},
},
'icinga2_api': {
'postfix': {
'services': {
'POSTFIX PROCESS': {
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit postfix@-',
},
'POSTFIX QUEUE': {
'command_on_monitored_host': 'sudo /usr/local/share/icinga/plugins/check_postfix_queue -w 20 -c 40 -d 50',
},
},
},
},
}
if node.has_bundle('postfixadmin'):
defaults['backups'] = {
'paths': {
'/var/mail',
},
}
defaults['icinga2_api']['postfix']['services'].update({
'SMTP CONNECT': {
'check_command': 'check_smtp',
},
'SMTP SUBMISSION CONNECT': {
'check_command': 'check_smtp',
'vars.port': '587',
},
})
else:
defaults['icinga2_api']['postfix']['services'].update({
'SMTP CONNECT': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_smtp -H localhost',
},
})
# FIXME find a working, non-shitty check for that
#@metadata_reactor
def fill_icinga_spam_blocklist_check_with_hostname(metadata):
checks = {}
for variant, ips in repo.libs.tools.resolve_identifier(repo, node.name).items():
for ip in ips:
if not ip.is_private:
checks[f'SPAM BLOCKLIST {ip}'] = {
'check_command': 'check_rbl',
'vars.ip': str(ip),
}
return {
'icinga2_api': {
'postfix': {
'services': checks,
},
},
}
@metadata_reactor
def letsencrypt(metadata):
if not node.has_bundle('letsencrypt'):
raise DoNotRunAgain
result = {
'reload_after': {
'postfix',
},
}
myhostname = metadata.get('postfix/myhostname', None)
if myhostname and myhostname != metadata.get('hostname'):
result['domains'] = {
myhostname: set(),
}
return {
'letsencrypt': result,
}