bundlewrap/bundles/postfix/items.py

if node.has_bundle('postfixadmin'):
    repo.libs.tools.require_bundle(node, 'letsencrypt')

mynetworks = {
    '127.0.0.0/8',
    '[::1]/128',
    '[::ffff:127.0.0.0]/104',
}
for identifier in node.metadata.get('postfix/mynetworks', set()):
    ips = repo.libs.tools.resolve_identifier(repo, identifier)

    for ip in ips['ipv4']:
        mynetworks.add(str(ip))

    for ip in ips['ipv6']:
        ip = str(ip)
        if '/' in ip:
            ip6, netmask = ip.split('/', 2)
        else:
            ip6 = ip
            netmask = '128'
        mynetworks.add(f'[{ip6}]/{netmask}')

my_package = 'pkg_pacman:postfix' if node.os == 'arch' else 'pkg_apt:postfix'

files = {
    '/etc/mailname': {
        'content': node.metadata.get('postfix/myhostname'),
        'before': {
            my_package,
        },
        'triggers': {
            'svc_systemd:postfix:restart',
        },
    },
    '/etc/aliases': {
        'content_type': 'mako',
        'triggers': {
            'action:postfix_newaliases',
        },
    },
    '/etc/postfix/blocked_recipients': {
        'content_type': 'mako',
        'context': {
            'blocked': node.metadata.get('postfix/blocked_recipients', set()),
        },
        'triggers': {
            'action:postfix_postmap_blocked_recipients',
            'svc_systemd:postfix:restart',
        },
    },
    '/etc/postfix/master.cf': {
        'content_type': 'mako',
        'triggers': {
            'svc_systemd:postfix:restart',
        },
    },
    '/etc/postfix/main.cf': {
        'content_type': 'mako',
        'context': {
            'mynetworks': mynetworks,
        },
        'triggers': {
            'svc_systemd:postfix:restart',
        },
    },
    '/etc/postfix/submission_header_cleanup': {
        'triggers': {
            'svc_systemd:postfix:restart',
        },
    },
    '/usr/local/bin/postfix-telegraf-queue': {
        'mode': '0755',
    },
    '/usr/local/share/icinga/plugins/check_postfix_queue': {
        'mode': '0755',
    },
}

actions = {
    'postfix_newaliases': {
        'command': 'newaliases',
        'triggered': True,
        'needs': {
            my_package,
        },
        'before': {
            'svc_systemd:postfix',
        },
    },
    'postfix_postmap_blocked_recipients': {
        'command': 'postmap hash:/etc/postfix/blocked_recipients',
        'triggered': True,
        'needs': {
            my_package,
        },
        'before': {
            'svc_systemd:postfix',
        },
    },
}

svc_systemd = {
    'postfix': {
        'needs': {
            'file:/etc/postfix/master.cf',
            'file:/etc/postfix/main.cf',
            my_package,
        },
    },
}

if node.os == 'arch':
    files['/etc/systemd/system/postfix.service.d/bundlewrap.conf'] = {
        'source': 'arch-override.conf',
        'content_type': 'mako',
        'triggers': {
            'action:systemd-reload',
            'svc_systemd:postfix:restart',
        },
    }