bundlewrap/bundles/postfix/items.py
Franziska Kunsmann d44c87e8a7
move SPAM BLOCKLIST check to icinga2 itself
somehow, we tend to get false positives if we run that check on the
node itself.
2021-11-28 07:26:41 +01:00

95 lines
2.2 KiB
Python

if node.has_bundle('postfixadmin'):
repo.libs.tools.require_bundle(node, 'letsencrypt')
mynetworks = {
'127.0.0.0/8',
'[::1]/128',
'[::ffff:127.0.0.0]/104',
}
for identifier in node.metadata.get('postfix/mynetworks', set()):
ips = repo.libs.tools.resolve_identifier(repo, identifier)
for ip in ips['ipv4']:
mynetworks.add(str(ip))
for ip in ips['ipv6']:
ip = str(ip)
if '/' in ip:
ip6, netmask = ip.split('/', 2)
else:
ip6 = ip
netmask = '128'
mynetworks.add(f'[{ip6}]/{netmask}')
my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'
files = {
'/etc/mailname': {
'content': node.metadata.get('postfix/myhostname', node.metadata['hostname']),
'triggers': {
'svc_systemd:postfix:restart',
},
},
'/etc/aliases': {
'content_type': 'mako',
'triggers': {
'action:postfix_newaliases',
},
},
'/etc/postfix/master.cf': {
'content_type': 'mako',
'triggers': {
'svc_systemd:postfix:restart',
},
},
'/etc/postfix/main.cf': {
'content_type': 'mako',
'context': {
'mynetworks': mynetworks,
},
'triggers': {
'svc_systemd:postfix:restart',
},
},
'/etc/postfix/submission_header_cleanup': {
'triggers': {
'svc_systemd:postfix:restart',
},
},
'/usr/local/bin/postfix-telegraf-queue': {
'mode': '0755',
},
'/usr/local/share/icinga/plugins/check_postfix_queue': {
'mode': '0755',
},
}
actions = {
'postfix_newaliases': {
'command': 'newaliases',
'triggered': True,
'needs': {
my_package,
},
},
}
svc_systemd = {
'postfix': {
'needs': {
'file:/etc/postfix/master.cf',
'file:/etc/postfix/main.cf',
my_package,
},
},
}
if node.os == 'arch':
files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = {
'source': 'arch-override.conf',
'content_type': 'mako',
'triggers': {
'action:systemd-reload',
'svc_systemd:postfix:restart',
},
}