propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 1e06e11264a736fbc2bdc6171b3b9d4560a4226f
parent 866cf62d11b54ce947ccea6ced95c8a0dc3fcd60
Author: rsiddharth <s@ricketyspace.net>
Date:   Tue,  8 May 2018 04:39:12 +0000

propellor spin

Diffstat:
config.hs | 79+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 79 insertions(+), 0 deletions(-)

diff --git a/config.hs b/config.hs @@ -50,6 +50,7 @@ import qualified Propellor.Property.Fail2Ban as Fail2Ban import qualified Propellor.Property.File as File import qualified Propellor.Property.Locale as Locale import qualified Propellor.Property.Nginx as Nginx +import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Ssh as Ssh import qualified Propellor.Property.Sudo as Sudo import qualified Propellor.Property.Systemd as Systemd @@ -699,6 +700,7 @@ lyra = host "lyra.ricketyspace.net" $props -- postfix & File.hasContent "/etc/postfix/header_checks" rsPostfixHeaderChecks & File.hasContent "/etc/postfix/main.cf" rsPostfixMainCf + & File.hasContent "/etc/postfix/master.cf" rsPostfixMasterCf `onChange` Postfix.reloaded -- bind & Dns.primary publicHosts "ricketyspace.net" (Dns.mkSOA "lyra.ricketyspace.net" 20180129) @@ -986,6 +988,83 @@ rsPostfixMainCf = [ , "local_recipient_maps = proxy:unix:passwd.byname $alias_maps" ] +rsPostfixMasterCf :: [File.Line] +rsPostfixMasterCf = [ + "# Do not forget to execute `postfix reload` after editing this file." + , "#" + , "# ==========================================================================" + , "# service type private unpriv chroot wakeup maxproc command + args" + , "# (yes) (yes) (no) (never) (100)" + , "# ==========================================================================" + , "smtp inet n - y - - smtpd" + , "submission inet n - y - - smtpd" + , " -o syslog_name=postfix/submission" + , " -o smtpd_tls_security_level=encrypt" + , " -o smtpd_sasl_auth_enable=yes" + , " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" + , " -o milter_macro_daemon_name=ORIGINATING" + , "smtps inet n - y - - smtpd -v" + , " -o syslog_name=postfix/smtps" + , " -o smtpd_tls_wrappermode=yes" + , " -o smtpd_sasl_auth_enable=yes" + , " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" + , " -o milter_macro_daemon_name=ORIGINATING" + , "pickup unix n - y 60 1 pickup" + , "cleanup unix n - y - 0 cleanup" + , "qmgr unix n - n 300 1 qmgr" + , "tlsmgr unix - - y 1000? 1 tlsmgr" + , "rewrite unix - - y - - trivial-rewrite" + , "bounce unix - - y - 0 bounce" + , "defer unix - - y - 0 bounce" + , "trace unix - - y - 0 bounce" + , "verify unix - - y - 1 verify" + , "flush unix n - y 1000? 0 flush" + , "proxymap unix - - n - - proxymap" + , "proxywrite unix - - n - 1 proxymap" + , "smtp unix - - y - - smtp" + , "relay unix - - y - - smtp" + , "showq unix n - y - - showq" + , "error unix - - y - - error" + , "retry unix - - y - - error" + , "discard unix - - y - - discard" + , "local unix - n n - - local" + , "virtual unix - n n - - virtual" + , "lmtp unix - - y - - lmtp" + , "anvil unix - - y - 1 anvil" + , "scache unix - - y - 1 scache" + , "#" + , "# ====================================================================" + , "# Interfaces to non-Postfix software." + , "#" + , "maildrop unix - n n - - pipe" + , " flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}" + , "#" + , "# See the Postfix UUCP_README file for configuration details." + , "#" + , "uucp unix - n n - - pipe" + , " flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)" + , "#" + , "# Other external delivery methods." + , "#" + , "ifmail unix - n n - - pipe" + , " flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)" + , "bsmtp unix - n n - - pipe" + , " flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient" + , "scalemail-backend unix - n n - 2 pipe" + , "flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}" + , "mailman unix - n n - - pipe" + , " flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py" + , " ${nexthop} ${user}" + , "" + , "# For Dovecot." + , "dovecot unix - n n - - pipe" + , " flags=DRhu user=email:email argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}" + , "" + , "# SPF snafu (from https://help.ubuntu.com/community/Postfix/SPF)" + , "policy-spf unix - n n - - spawn" + , " user=nobody argv=/usr/bin/policyd-spf" + ] + -- common --- tmux conf