postfix: Set up the postfix mail server. This also aliases 'mail' to 'mutt' for root.postfix::config: Configuration class called from postfix. * Configures settings in the main.cf file. * Builds the alias database so most system users mail wipostfix::config::aliases: aliases configuration class called from postfix::config.postfix::config::main_cf: main.cf configuration class called from postfix::config. Set settings in /etc/postfix/main.cf based on postfix:: main_cf_hash and postfix::ipostfix::config::root: root user postfix Configuration class called from postfix::config.postfix::install: Install the packages, users and groups needed for the postfix server.postfix::server: This sets up an outward facing Postfix server Any configuration settings not set below can be set using the postfix_main_cf type.postfix::service: Service class called from postfix
postfix::alias: Add an alias to the postalias file. See aliases(5) for details of the internal format.
postfix_main_cf: Modifies settings in the postfix main.cf configuration file.
Postfix::InetProtocols: Allowed inet protocol settingsPostfix::ManCiphers: Allowed mandatory ciphers
Set up the postfix mail server. This also aliases 'mail' to 'mutt' for root.
The following parameters are available in the postfix class:
Data type: Hash
Hash of main.cf configuration parameters
- Is a deep merge of hieradata and data-in-module settings.
- For backward compatibility, all main.cf settings already set
from other sources in this module (
$inet_procotolsand numerouspostfix::server parameters) CANNOT be also set in$main_cf_hash. Otherwise, the catalog will fail to compile because of duplicatepostfix_main_cfresource declarations.
Data type: Boolean
Whether or not to enable the externally facing server.
Default value: false
Data type: String
String to pass to the postfix package ensure attribute
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
Data type: String
String to pass to the mutt package ensure attribute
Default value: simplib::lookup('simp_options::package_ensure', { 'default_value' => 'installed' })
Data type: Postfix::InetProtocols
The protocols to use when enabling the service
Default value: fact('ipv6_enabled') ? { true => ['all'], default => ['ipv4']
Data type: Optional[Hash]
postfix::aliases: 'root': '[email protected]' 'foo.bar': 'fbar, [email protected]'
Configuration class called from postfix.
- Configures settings in the main.cf file.
- Builds the alias database so most system users mail will get sent to the root mailbox.
- Setup root's mail alias to be mutt and set up the mutt configuration to read the Maildir in root's home directory.
- Sets permissions on other postfix configuration files.
- Creates postfix processing directories.
aliases configuration class called from postfix::config.
main.cf configuration class called from postfix::config.
Set settings in /etc/postfix/main.cf based on postfix:: main_cf_hash and postfix::inet_protocols.
IMPORTANT:
- postfix::main_cf_hash value is a deep merge of hieradata and data-in-module settings.
- For backward compatibility, all main.cf settings already set
from other sources in this module (postfix::inet_procotols
and numerous postfix::server parameters) CANNOT be
also set in postfix::main_cf_hash. Otherwise, the catalog
will fail to compile because of duplicate
postfix_main_cfresource declarations.
root user postfix Configuration class called from postfix::config.
Install the packages, users and groups needed for the postfix server.
This sets up an outward facing Postfix server
Any configuration settings not set below can be set using the postfix_main_cf type.
The following parameters are available in the postfix::server class:
inet_interfacesfirewalltrusted_netsenable_user_connectenable_tlsenforce_tlsmandatory_ciphershavegedpkiapp_pki_external_sourceapp_pki_dirapp_pki_keyapp_pki_certapp_pki_ca_dir
Data type: Array[String[1]]
The interfaces upon which to listen per the inet_interfaces option in main.cf.
- This defaults to
allsince it is assumed that you would not be using this class if you didn't want an externally listening server.
Default value: ['all']
Data type: Boolean
If the externally facing server is enabled, whether or not to use the SIMP iptables class.
Default value: simplib::lookup('simp_options::firewall', { 'default_value' => false })
Data type: Simplib::Netlist
The list of clients to allow through IPTables
Default value: simplib::lookup('simp_options::trusted_nets', { 'default_value' => ['127.0.0.1'] })
Data type: Boolean
If set to 'true', allows users to connect on port 587 directly. This probably is what you want for an internal server, but not what you want for an externally facing bastion server.
Default value: true
Data type: Boolean
Whether or not to enable TLS.
Default value: true
Data type: Boolean
Whether or not to enforce the use of TLS, even over port 25.
Default value: true
Data type: Postfix::ManCiphers
The ciphers that must be used for TLS connections.
Default value: 'high'
Data type: Boolean
If true, include haveged to assist with entropy generation.
Default value: simplib::lookup('simp_options::haveged', { 'default_value' => false })
Data type: Variant[Enum['simp'],Boolean]
- If 'simp', include SIMP's pki module and use pki::copy to manage application certs in /etc/pki/simp_apps/postfix/x509
- If true, do not include SIMP's pki module, but still use pki::copy to manage certs in /etc/pki/simp_apps/postfix/x509
- If false, do not include SIMP's pki module and do not use pki::copy
to manage certs. You will need to appropriately assign a subset of:
- app_pki_dir
- app_pki_key
- app_pki_cert
- app_pki_ca
- app_pki_ca_dir
Default value: simplib::lookup('simp_options::pki', { 'default_value' => false })
Data type: String
-
If pki = 'simp' or true, this is the directory from which certs will be copied, via pki::copy. Defaults to /etc/pki/simp/x509.
-
If pki = false, this variable has no effect.
Default value: simplib::lookup('simp_options::pki::source', { 'default_value' => '/etc/pki/simp/x509' })
Data type: Stdlib::Absolutepath
This variable controls the basepath of $app_pki_key, $app_pki_cert, $app_pki_ca, $app_pki_ca_dir, and $app_pki_crl. It defaults to /etc/pki/simp_apps/postfix/pki.
Default value: '/etc/pki/simp_apps/postfix/x509'
Data type: Stdlib::Absolutepath
Path and name of the private SSL key file
Default value: "${app_pki_dir}/private/${facts['fqdn']}.pem"
Data type: Stdlib::Absolutepath
Path and name of the public SSL certificate
Default value: "${app_pki_dir}/public/${facts['fqdn']}.pub"
Data type: Stdlib::Absolutepath
Path to the CA.
Default value: "${app_pki_dir}/cacerts"
Service class called from postfix
Add an alias to the postalias file. See aliases(5) for details of the internal format.
The following parameters are available in the postfix::alias defined type:
The account to receive the alias.
Data type: String[1]
The RHS values of the postalias file in accordance with aliases(5).
Modifies settings in the postfix main.cf configuration file.
The following properties are available in the postfix_main_cf type.
The value to which to set the named parameter.
The following parameters are available in the postfix_main_cf type.
namevar
The parameter to modify.
The specific backend to use for this postfix_main_cf resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
Allowed inet protocol settings
Alias of Array[Enum['all','ipv4','ipv6']]
Allowed mandatory ciphers
Alias of Enum['export', 'low', 'medium', 'high', 'null']