ldap_scheme_postfix #3
5 changed files with 76 additions and 0 deletions
12
bundles/postfix/files/main.cf
Normal file
12
bundles/postfix/files/main.cf
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
smtpd_banner = $myhostname ESMTP
|
||||||
|
|
||||||
|
disable_vrfy_command = yes
|
||||||
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
|
||||||
|
|
||||||
|
smtp_use_tls = yes
|
||||||
|
smtp_tls_CApath = /etc/ssl/certs
|
||||||
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
|
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
|
||||||
|
smtp_tls_security_level = may
|
||||||
|
smtp_tls_mandatory_ciphers = high
|
28
bundles/postfix/items.py
Normal file
28
bundles/postfix/items.py
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
svc_systemd = {
|
||||||
|
'postfix': {
|
||||||
stillbeben marked this conversation as resolved
|
|||||||
|
'needs': [
|
||||||
|
'pkg_apt:postfix',
|
||||||
|
'file:/etc/postfix/main.cf',
|
||||||
|
],
|
||||||
|
}
|
||||||
stillbeben marked this conversation as resolved
kunsi
commented
Please use sets here and below. I'd recommend we stick to the PEP8 style guide. Please use sets here and below.
Please use one line per item in a set/list, and please add a trailing comma to the last item.
I'd recommend we stick to the [PEP8 style guide](https://www.python.org/dev/peps/pep-0008/#when-to-use-trailing-commas).
|
|||||||
|
}
|
||||||
|
|
||||||
|
files = {
|
||||||
|
'/etc/postfix/main.cf': {
|
||||||
|
'content_type': 'mako',
|
||||||
|
'needs': ['pkg_apt:postfix'],
|
||||||
|
'triggers': [
|
||||||
|
'svc_systemd:postfix:restart',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
directories = {
|
||||||
|
'/etc/postfix': {
|
||||||
|
'owner': 'root',
|
||||||
|
'mode': '1755',
|
||||||
|
'needs': [
|
||||||
|
'pkg_apt:postfix',
|
||||||
|
],
|
||||||
|
},
|
||||||
|
}
|
7
bundles/postfix/metadata.py
Normal file
7
bundles/postfix/metadata.py
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
defaults = {
|
||||||
|
'apt': {
|
||||||
|
'packages': {
|
||||||
|
'postfix': {},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
21
data/openldap/files/qzwiperson.schema
Normal file
21
data/openldap/files/qzwiperson.schema
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
attributetype ( 1.3.6.1.4.1.0.1
|
||||||
|
NAME 'externalMail'
|
||||||
|
DESC 'external mail address for communication outside the org'
|
||||||
|
EQUALITY caseIgnoreIA5Match
|
||||||
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
||||||
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
|
||||||
|
SINGLE-VALUE )
|
||||||
|
|
||||||
|
objectclass ( 1.3.6.1.4.1.0.2
|
||||||
|
NAME 'qzwiperson'
|
||||||
|
DESC 'own object schema to add custom values'
|
||||||
|
SUP top
|
||||||
|
AUXILIARY
|
||||||
|
MUST (cn $ sn $ uid $ externalMail)
|
||||||
|
MAY
|
||||||
|
( displayName $ givenName $ homePhone $ homePostalAddress $
|
||||||
|
mail $ mobile $ o $ photo $ userCertificate $
|
||||||
|
x500uniqueIdentifier $ preferredLanguage $
|
||||||
|
userSMIMECertificate $ userPKCS12 $ userPassword $
|
||||||
|
telephoneNumber $ description ) )
|
||||||
|
|
|
@ -6,6 +6,7 @@ bundles = [
|
||||||
"nginx",
|
"nginx",
|
||||||
"nextcloud",
|
"nextcloud",
|
||||||
"openldap",
|
"openldap",
|
||||||
|
"postfix",
|
||||||
"php",
|
"php",
|
||||||
"postgresql",
|
"postgresql",
|
||||||
"redis",
|
"redis",
|
||||||
|
@ -52,8 +53,15 @@ backup = [
|
||||||
]
|
]
|
||||||
schemas = [
|
schemas = [
|
||||||
"openssh-lpk_openldap",
|
"openssh-lpk_openldap",
|
||||||
|
"qzwiperson",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[metadata.ldap-frontend.template]
|
||||||
|
"group_admin" = "(&(objectclass=qzwiperson)(uid={})(memberOf=ou=qzwi-admins,ou=Groups,dc=qzwi,dc=de))"
|
||||||
|
"group_members" = "(&(objectclass=qzwiperson)(memberOf=ou={},ou=Groups,dc=qzwi,dc=de))"
|
||||||
|
"group_nonmembers" = "(&(objectclass=qzwiperson)(!(memberOf=ou={},ou=Groups,dc=qzwi,dc=de)))"
|
||||||
|
"user_search" = "(&(objectclass=qzwiperson)(uid={}))"
|
||||||
|
|
||||||
[metadata.openldap.access."ou=Users,dc=qzwi,dc=de"]
|
[metadata.openldap.access."ou=Users,dc=qzwi,dc=de"]
|
||||||
manage = [
|
manage = [
|
||||||
"uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
|
"uid=ldap-frontend,ou=Applications,dc=qzwi,dc=de",
|
||||||
|
|
Loading…
Reference in a new issue
Please install all apt packages via metadata defaults. Bundlewrap can't handle multiple equal item definitions in a repo, so we should stick with only one way of installing packages.