diff --git a/bundles/postfix/files/main.cf b/bundles/postfix/files/main.cf new file mode 100644 index 0000000..70904cb --- /dev/null +++ b/bundles/postfix/files/main.cf @@ -0,0 +1,12 @@ +smtpd_banner = $myhostname ESMTP + +disable_vrfy_command = yes +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination + +smtp_use_tls = yes +smtp_tls_CApath = /etc/ssl/certs +smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt +smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 +smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 +smtp_tls_security_level = may +smtp_tls_mandatory_ciphers = high diff --git a/bundles/postfix/items.py b/bundles/postfix/items.py new file mode 100644 index 0000000..db856d0 --- /dev/null +++ b/bundles/postfix/items.py @@ -0,0 +1,28 @@ +svc_systemd = { + 'postfix': { + 'needs': [ + 'pkg_apt:postfix', + 'file:/etc/postfix/main.cf', + ], + } +} + +files = { + '/etc/postfix/main.cf': { + 'content_type': 'mako', + 'needs': ['pkg_apt:postfix'], + 'triggers': [ + 'svc_systemd:postfix:restart', + ], + }, +} + +directories = { + '/etc/postfix': { + 'owner': 'root', + 'mode': '1755', + 'needs': [ + 'pkg_apt:postfix', + ], + }, +} diff --git a/bundles/postfix/metadata.py b/bundles/postfix/metadata.py new file mode 100644 index 0000000..266fcb1 --- /dev/null +++ b/bundles/postfix/metadata.py @@ -0,0 +1,7 @@ +defaults = { + 'apt': { + 'packages': { + 'postfix': {}, + }, + }, +} \ No newline at end of file diff --git a/data/openldap/files/qzwiperson.schema b/data/openldap/files/qzwiperson.schema new file mode 100644 index 0000000..26d45ba --- /dev/null +++ b/data/openldap/files/qzwiperson.schema @@ -0,0 +1,21 @@ +attributetype ( 1.3.6.1.4.1.0.1 + NAME 'externalMail' + DESC 'external mail address for communication outside the org' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} + SINGLE-VALUE ) + +objectclass ( 1.3.6.1.4.1.0.2 + NAME 'qzwiperson' + DESC 'own object schema to add custom values' + SUP top + AUXILIARY + MUST (cn $ sn $ uid $ externalMail) + MAY + ( displayName $ givenName $ homePhone $ homePostalAddress $ + mail $ mobile $ o $ photo $ userCertificate $ + x500uniqueIdentifier $ preferredLanguage $ + userSMIMECertificate $ userPKCS12 $ userPassword $ + telephoneNumber $ description ) ) + diff --git a/nodes/qzwi.toml b/nodes/qzwi.toml index 722318b..a580fc1 100644 --- a/nodes/qzwi.toml +++ b/nodes/qzwi.toml @@ -6,6 +6,7 @@ bundles = [ "nginx", "nextcloud", "openldap", + "postfix", "php", "postgresql", "redis", @@ -52,8 +53,15 @@ backup = [ ] schemas = [ "openssh-lpk_openldap", + "qzwiperson", ] +[metadata.ldap-frontend.template] +"group_admin" = "(&(objectclass=qzwiperson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))" +"group_members" = "(&(objectclass=qzwiperson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))" +"group_nonmembers" = "(&(objectclass=qzwiperson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))" +"user_search" = "(&(objectclass=qzwiperson)(uid={}))" + [metadata.openldap.access."ou=Users,dc=qzwi,dc=de"] manage = [ "uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",