Merge pull request #105 from Perceptyx/add-tls-poliy-map

feat(maps): adds tls_policy map for smtp delivery
2020-05-23 14:38:44 +01:00 · 2020-05-23 14:38:44 +01:00 · e61eb5a685
commit e61eb5a685
parent c78c421984 d87da4adc4
3 changed files with 43 additions and 0 deletions
--- a/pillar.example
+++ b/pillar.example
@ -156,6 +156,7 @@ postfix:
    smtp_use_tls: 'yes'
    smtp_tls_cert_file: /etc/postfix/ssl/example.com-relay-client-cert.crt
    smtp_tls_key_file: /etc/postfix/ssl/example.com-relay-client-cert.key
+    smtp_tls_policy_maps: hash:/etc/postfix/tls_policy

    smtp_sasl_password_maps: hash:/etc/postfix/sasl_passwd
    sender_canonical_maps: hash:/etc/postfix/sender_canonical
@ -165,6 +166,10 @@ postfix:
  transport:
    DOMAIN_NAME: ':[IP_ADDRESS]'

+  tls_policy:
+    example.com: encrypt
+    .example.com: encrypt
+
  vmail:
    user: postfix_user
    password: DB_PASSWD
--- a/postfix/config.sls
+++ b/postfix/config.sls
@ -101,6 +101,27 @@ run-postmap:
      - file: {{ postfix.config_path }}/transport
 {% endif %}

+{% if 'tls_policy' in pillar.get('postfix', '') %}
+{{ postfix.config_path }}/tls_policy:
+  file.managed:
+    - source: salt://postfix/files/tls_policy
+    - user: root
+    - group: {{ postfix.root_grp }}
+    - mode: 644
+    - require:
+      - pkg: postfix
+    - watch_in:
+      - service: postfix
+    - template: jinja
+
+run-postmap-tls-policy:
+  cmd.wait:
+    - name: {{ postfix.xbin_prefix }}/sbin/postmap {{ postfix.config_path }}/tls_policy
+    - cwd: /
+    - watch:
+      - file: {{ postfix.config_path }}/tls_policy
+{% endif %}
+
 {%- for domain in salt['pillar.get']('postfix:certificates', {}).keys() %}

 postfix_{{ domain }}_ssl_certificate:
--- a/postfix/files/tls_policy
+++ b/postfix/files/tls_policy
@ -0,0 +1,17 @@
+#
+# This file is managed by salt
+#
+
+{% set config = salt['pillar.get']('postfix:tls_policy', {}) -%}
+{% macro set_parameter(parameter, default=None) -%}
+{% set value = config.get(parameter, default) -%}
+{% if value is not none -%}
+{{ parameter }} {{ value }}
+{% endif -%}
+{% endmacro -%}
+
+{# Accept arbitrary parameters -#}
+{% for parameter in config -%}
+{{ set_parameter(parameter) }}
+{% endfor -%}
+