--- /dev/null
+---
+infra::additional_classes:
+ - infra::profile::sasl
+ - infra::profile::postfix
+
+# Necessary, because the host has a local caching only DNS resolver
+#puppetconf::server: puppetmaster01.pixelpark.com
+
+#####################################################
+# Logrotation
+
+infra::profile::logrotate::rules:
+ named:
+ path: '/var/log/named/*.log'
+ rotate_every: 'day'
+ rotate: 10
+ missingok: true
+ minsize: '4M'
+ su_owner: 'named'
+ su_group: 'named'
+ create: true
+ create_mode: '0644'
+ create_owner: 'named'
+ create_group: 'named'
+ dateext: true
+ dateformat: '-%Y-%m-%d'
+ compress: true
+ delaycompress: true
+ missingok: true
+ sharedscripts: true
+ postrotate: '/usr/sbin/rndc reload >/dev/null'
+ named_run:
+ path: '/var/named/data/named.run'
+ missingok: true
+ su_owner: 'named'
+ su_group: 'named'
+ create: true
+ create_mode: '0644'
+ create_owner: 'named'
+ create_group: 'named'
+ postrotate: |
+ /usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
+
+#####################################################
+# Options for /etc/resolv.conf
+resolv_conf::nameservers:
+ - '127.0.0.1'
+ - '217.66.52.10'
+ - '212.91.225.75'
+
+#####################################################
+# BIND configuration
+bind::version2show: 'none'
+bind::querylog: false
+bind::forwarders:
+ - '217.66.52.10'
+ - '212.91.225.75'
+bind::deploy::has_deploy: false
+
+#####################################################
+# SASL configuration
+sasl::authd::mechanism: 'ldap'
+sasl::authd::bind: 'ldap'
+sasl::authd::ldap_auth_method: 'bind'
+sasl::authd::ldap_search_base: 'o=isp'
+sasl::authd::ldap_servers:
+ - 'ldap://ldap.pixelpark.com'
+#sasl::authd::ldap_start_tls: false
+sasl::authd::bind_dn: 'cn=admin'
+sasl::authd::ldap_bind_dn: 'cn=admin'
+sasl::authd::ldap_password: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+sasl::authd::ldap_bind_pw: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+sasl::authd::threads: 5
+sasl::authd::ldap_version: 3
+sasl::authd::caching: true
+sasl::authd::combine_realm: true
+sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))'
+
+infra::profile::sasl::enable_authd: true
+infra::profile::sasl::application:
+ smtpd:
+ mech_list:
+ - plain
+ - login
+ pwcheck_method: 'saslauthd'
+
+
+#####################################################
+# Postfix configuration:
+
+# Global configurations
+postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf"
+postfix::inet_interfaces: 'all'
+postfix::manage_mailx: false
+postfix::mastercf_source: 'puppet:///postfix_dir/master.cf'
+postfix::myorigin: 'pixelpark.com'
+
+#infra::profile::postfix::config_directory: '/etc/postfix'
+infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases'
+infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases'
+#infra::profile::postfix::myorigin: "%{hiera('postfix::myorigin')}"
+#infra::profile::postfix::relayhost: ~
+#infra::profile::postfix::tls: true
+#infra::profile::postfix::tls_cert: ~
+#infra::profile::postfix::tls_key: ~
+#infra::profile::postfix::tls_chain: ~
+#infra::profile::postfix::tls_loglevel: 1
+#infra::profile::postfix::tls_received_header: true
+#infra::profile::postfix::tls_security_level: 'may'
+#infra::profile::postfix::tls_auth_only: false
+#infra::profile::postfix::cert_servername: 'wildcard.pixelpark.com'
+#infra::profile::postfix::cert_customer: 'pixelpark'
+infra::profile::postfix::has_map_smtp_tls_peers: true
+#infra::profile::postfix::map_smtp_tls_peers: '/etc/postfix/maps/smtp-tls-peers'
+infra::profile::postfix::is_relay: true
+#infra::profile::postfix::unverified_recipient_reject_code: '550'
+#infra::profile::postfix::transport_maps_source: ~
+infra::profile::postfix::virtual_aliases_source: ~
+infra::profile::postfix::has_default_generic: false
+#infra::profile::postfix::virtual_regex: ~
+
+#infra::profile::postfix::ldap_server: 'ldap.pixelpark.com'
+#infra::profile::postfix::ldap_port: '389'
+#infra::profile::postfix::ldap_timeout: '5'
+#infra::profile::postfix::ldap_search_base: 'o=isp'
+#infra::profile::postfix::ldap_bind_dn: 'cn=admin'
+infra::profile::postfix::ldap_bind_pw: >
+ ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9
+ U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V
+ tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT
+ LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n
+ wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f
+ OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp
+ EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T
+ EKskgBArkfXhMZNEUfrTvFILs4Ig]
+
+#####################################################
+# Rsyslog configuration
+rsyslog::client::log_local_custom:
+ - 'auth.* /var/log/auth.log'
+ - 'local6.* /var/log/freshclam.log'
+
+#####################################################
+# Logrotation
+
+infra::profile::logrotate::config:
+ dateformat: '-%Y-%m-%d'
+
+infra::profile::logrotate::rules:
+ wtmp:
+ dateformat: '-%Y-%m-%d'
+ btmp:
+ dateformat: '-%Y-%m-%d'
+ named:
+ path: '/var/log/named/*.log'
+ rotate_every: 'day'
+ rotate: 10
+ missingok: true
+ minsize: '4M'
+ su_owner: 'named'
+ su_group: 'named'
+ create: true
+ create_mode: '0644'
+ create_owner: 'named'
+ create_group: 'named'
+ dateext: true
+ dateformat: '-%Y-%m-%d'
+ compress: true
+ delaycompress: true
+ missingok: true
+ sharedscripts: true
+ postrotate: |
+ /usr/sbin/rndc reload >/dev/null
+ named_run:
+ path: '/var/named/data/named.run'
+ missingok: true
+ su_owner: 'named'
+ su_group: 'named'
+ create: true
+ create_mode: '0644'
+ create_owner: 'named'
+ create_group: 'named'
+ postrotate: |
+ /usr/bin/systemctl reload named.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true
+ /usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true
+
+# vim: et list
--- /dev/null
+---
+infra::role: base
+
+infra::additional_classes:
+ - infra::profile::sasl
+ - infra::profile::postfix
+ - rsyslog::client
+ - infra::profile::logrotate
+ - resolv_conf
+ - bind
+ - chrony
+# - logstash
+
+# For testing the accounts module
+#accounts::users:
+# web:
+# apply: false
+# sudo: false
+# uid: 60300
+# comment: 'Test Webuser'
+# group: 'web'
+# groups:
+# - 'apache'
+# - 'wheel'
+# shell: 'bash'
+# annika.wenzel:
+# apply: false
+# groups:
+# - apache
+# dennis.klein:
+# apply: false
+# group: apache
+# groups:
+# - users
+# - wheel
+
+# Necessary, because the host has a local caching only DNS resolver
+puppetconf::server: puppetmaster01.pixelpark.com
+
+#####################################################
+# Options for /etc/resolv.conf
+resolv_conf::nameservers:
+ - '127.0.0.1'
+
+#####################################################
+# SASL configuration
+#sasl::authd::mechanism: 'rimap'
+
+#sasl::authd::ldap_filter: >
+# (&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))
+#sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(mail=%u@%r))'
+sasl::authd::imap_server: 'mail-brln-store02.pixelpark.com'
+sasl::authd::threads: 2
+sasl::authd::ldap_version: 3
+sasl::authd::caching: true
+sasl::authd::combine_realm: true
+
+infra::profile::sasl::application:
+ smtpd:
+ mech_list:
+ - plain
+ - login
+ pwcheck_method: 'saslauthd'
+
+#####################################################
+# Postfix configuration:
+
+#####################################################
+# Rsyslog configuration
+
+# Logrotation
+infra::profile::logrotate::rules:
+ samba:
+ path: '/var/log/samba/*'
+ ifempty: false
+ olddir: '/var/log/samba/old'
+ missingok: true
+ dateext: true
+ dateformat: '-%Y-%m-%d'
+ copytruncate: true
+ sharedscripts: true
+
+++ /dev/null
----
-infra::role: base
-
-infra::additional_classes:
- - infra::profile::sasl
- - infra::profile::postfix
- - rsyslog::client
- - infra::profile::logrotate
- - resolv_conf
- - bind
- - chrony
-# - logstash
-
-# For testing the accounts module
-#accounts::users:
-# web:
-# apply: false
-# sudo: false
-# uid: 60300
-# comment: 'Test Webuser'
-# group: 'web'
-# groups:
-# - 'apache'
-# - 'wheel'
-# shell: 'bash'
-# annika.wenzel:
-# apply: false
-# groups:
-# - apache
-# dennis.klein:
-# apply: false
-# group: apache
-# groups:
-# - users
-# - wheel
-
-# Necessary, because the host has a local caching only DNS resolver
-puppetconf::server: puppetmaster01.pixelpark.com
-
-#####################################################
-# Options for /etc/resolv.conf
-resolv_conf::nameservers:
- - '127.0.0.1'
-
-#####################################################
-# SASL configuration
-#sasl::authd::mechanism: 'rimap'
-
-#sasl::authd::ldap_filter: >
-# (&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))
-#sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(mail=%u@%r))'
-sasl::authd::imap_server: 'mail-brln-store02.pixelpark.com'
-sasl::authd::threads: 2
-sasl::authd::ldap_version: 3
-sasl::authd::caching: true
-sasl::authd::combine_realm: true
-
-infra::profile::sasl::application:
- smtpd:
- mech_list:
- - plain
- - login
- pwcheck_method: 'saslauthd'
-
-#####################################################
-# Postfix configuration:
-
-#####################################################
-# Rsyslog configuration
-
-# Logrotation
-infra::profile::logrotate::rules:
- samba:
- path: '/var/log/samba/*'
- ifempty: false
- olddir: '/var/log/samba/old'
- missingok: true
- dateext: true
- dateformat: '-%Y-%m-%d'
- copytruncate: true
- sharedscripts: true
-
projects / pixelpark / hiera.git / commitdiff