From: Frank Brehm Date: Wed, 8 Aug 2018 12:56:54 +0000 (+0200) Subject: Moving test-mail02.pixelpark.net to customer pixelpark-mail-test X-Git-Tag: v0.1.0~440^2~2 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=40a8b550ba0eac5d29ffefe22a485aa3d17fb7b4;p=pixelpark%2Fhiera.git Moving test-mail02.pixelpark.net to customer pixelpark-mail-test --- diff --git a/customer/pixelpark-mail-test/common.yaml b/customer/pixelpark-mail-test/common.yaml new file mode 100644 index 00000000..dcf383eb --- /dev/null +++ b/customer/pixelpark-mail-test/common.yaml @@ -0,0 +1,213 @@ +--- +infra::additional_classes: + - infra::profile::sasl + - infra::profile::postfix + +# Necessary, because the host has a local caching only DNS resolver +#puppetconf::server: puppetmaster01.pixelpark.com + +##################################################### +# Logrotation + +infra::profile::logrotate::rules: + named: + path: '/var/log/named/*.log' + rotate_every: 'day' + rotate: 10 + missingok: true + minsize: '4M' + su_owner: 'named' + su_group: 'named' + create: true + create_mode: '0644' + create_owner: 'named' + create_group: 'named' + dateext: true + dateformat: '-%Y-%m-%d' + compress: true + delaycompress: true + missingok: true + sharedscripts: true + postrotate: '/usr/sbin/rndc reload >/dev/null' + named_run: + path: '/var/named/data/named.run' + missingok: true + su_owner: 'named' + su_group: 'named' + create: true + create_mode: '0644' + create_owner: 'named' + create_group: 'named' + postrotate: | + /usr/bin/systemctl reload named.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true + +##################################################### +# Options for /etc/resolv.conf +resolv_conf::nameservers: + - '127.0.0.1' + - '217.66.52.10' + - '212.91.225.75' + +##################################################### +# BIND configuration +bind::version2show: 'none' +bind::querylog: false +bind::forwarders: + - '217.66.52.10' + - '212.91.225.75' +bind::deploy::has_deploy: false + +##################################################### +# SASL configuration +sasl::authd::mechanism: 'ldap' +sasl::authd::bind: 'ldap' +sasl::authd::ldap_auth_method: 'bind' +sasl::authd::ldap_search_base: 'o=isp' +sasl::authd::ldap_servers: + - 'ldap://ldap.pixelpark.com' +#sasl::authd::ldap_start_tls: false +sasl::authd::bind_dn: 'cn=admin' +sasl::authd::ldap_bind_dn: 'cn=admin' +sasl::authd::ldap_password: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] +sasl::authd::ldap_bind_pw: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] +sasl::authd::threads: 5 +sasl::authd::ldap_version: 3 +sasl::authd::caching: true +sasl::authd::combine_realm: true +sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u)))' + +infra::profile::sasl::enable_authd: true +infra::profile::sasl::application: + smtpd: + mech_list: + - plain + - login + pwcheck_method: 'saslauthd' + + +##################################################### +# Postfix configuration: + +# Global configurations +postfix::alias_maps: "hash:/etc/postfix/maps/aliases ldap:/etc/postfix/ldap/alias.cf" +postfix::inet_interfaces: 'all' +postfix::manage_mailx: false +postfix::mastercf_source: 'puppet:///postfix_dir/master.cf' +postfix::myorigin: 'pixelpark.com' + +#infra::profile::postfix::config_directory: '/etc/postfix' +infra::profile::postfix::aliases_file: '/etc/postfix/maps/aliases' +infra::profile::postfix::aliases_source: 'puppet:///postfix_dir/maps/aliases' +#infra::profile::postfix::myorigin: "%{hiera('postfix::myorigin')}" +#infra::profile::postfix::relayhost: ~ +#infra::profile::postfix::tls: true +#infra::profile::postfix::tls_cert: ~ +#infra::profile::postfix::tls_key: ~ +#infra::profile::postfix::tls_chain: ~ +#infra::profile::postfix::tls_loglevel: 1 +#infra::profile::postfix::tls_received_header: true +#infra::profile::postfix::tls_security_level: 'may' +#infra::profile::postfix::tls_auth_only: false +#infra::profile::postfix::cert_servername: 'wildcard.pixelpark.com' +#infra::profile::postfix::cert_customer: 'pixelpark' +infra::profile::postfix::has_map_smtp_tls_peers: true +#infra::profile::postfix::map_smtp_tls_peers: '/etc/postfix/maps/smtp-tls-peers' +infra::profile::postfix::is_relay: true +#infra::profile::postfix::unverified_recipient_reject_code: '550' +#infra::profile::postfix::transport_maps_source: ~ +infra::profile::postfix::virtual_aliases_source: ~ +infra::profile::postfix::has_default_generic: false +#infra::profile::postfix::virtual_regex: ~ + +#infra::profile::postfix::ldap_server: 'ldap.pixelpark.com' +#infra::profile::postfix::ldap_port: '389' +#infra::profile::postfix::ldap_timeout: '5' +#infra::profile::postfix::ldap_search_base: 'o=isp' +#infra::profile::postfix::ldap_bind_dn: 'cn=admin' +infra::profile::postfix::ldap_bind_pw: > + ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEw + DQYJKoZIhvcNAQEBBQAEggEAkGouEnyjTBA40/lpw1BEHsDx2b2I3L2HHnm9 + U9gHYhz1BrPTsyCklW8CC3BiE0W9NRS0Rod+cm6M+7OMzciXbgQMFO6Ko98V + tzoTyL8yeWr4ZXNpov/gVD+WTfcKo2A0w+egenTdErN4dclnwzAoSR9QOHNT + LUxHa6sTT191+79mjw0CnG1BwDKBnZRyO+fzgACFn0dUIasz7danBbZMPn/n + wOuOrXXq/PVNPW9GSeKkbimYCAn7KDwTvJNTJCR7dh29+aq0xoSSsGrN+L+f + OZrj3dG58D8lspbxNb4iFMswtOcihByp6n5fRmvnEFXw/Dn507UCTxURoLpp + EPXIdDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBD/aCWYpB6KwUIcLp1T + EKskgBArkfXhMZNEUfrTvFILs4Ig] + +##################################################### +# Rsyslog configuration +rsyslog::client::log_local_custom: + - 'auth.* /var/log/auth.log' + - 'local6.* /var/log/freshclam.log' + +##################################################### +# Logrotation + +infra::profile::logrotate::config: + dateformat: '-%Y-%m-%d' + +infra::profile::logrotate::rules: + wtmp: + dateformat: '-%Y-%m-%d' + btmp: + dateformat: '-%Y-%m-%d' + named: + path: '/var/log/named/*.log' + rotate_every: 'day' + rotate: 10 + missingok: true + minsize: '4M' + su_owner: 'named' + su_group: 'named' + create: true + create_mode: '0644' + create_owner: 'named' + create_group: 'named' + dateext: true + dateformat: '-%Y-%m-%d' + compress: true + delaycompress: true + missingok: true + sharedscripts: true + postrotate: | + /usr/sbin/rndc reload >/dev/null + named_run: + path: '/var/named/data/named.run' + missingok: true + su_owner: 'named' + su_group: 'named' + create: true + create_mode: '0644' + create_owner: 'named' + create_group: 'named' + postrotate: | + /usr/bin/systemctl reload named.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-chroot.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-sdb.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-sdb-chroot.service > /dev/null 2>&1 || true + /usr/bin/systemctl reload named-pkcs11.service > /dev/null 2>&1 || true + +# vim: et list diff --git a/customer/pixelpark-mail-test/test-mail02.pixelpark.net.yaml b/customer/pixelpark-mail-test/test-mail02.pixelpark.net.yaml new file mode 100644 index 00000000..319f6ed3 --- /dev/null +++ b/customer/pixelpark-mail-test/test-mail02.pixelpark.net.yaml @@ -0,0 +1,82 @@ +--- +infra::role: base + +infra::additional_classes: + - infra::profile::sasl + - infra::profile::postfix + - rsyslog::client + - infra::profile::logrotate + - resolv_conf + - bind + - chrony +# - logstash + +# For testing the accounts module +#accounts::users: +# web: +# apply: false +# sudo: false +# uid: 60300 +# comment: 'Test Webuser' +# group: 'web' +# groups: +# - 'apache' +# - 'wheel' +# shell: 'bash' +# annika.wenzel: +# apply: false +# groups: +# - apache +# dennis.klein: +# apply: false +# group: apache +# groups: +# - users +# - wheel + +# Necessary, because the host has a local caching only DNS resolver +puppetconf::server: puppetmaster01.pixelpark.com + +##################################################### +# Options for /etc/resolv.conf +resolv_conf::nameservers: + - '127.0.0.1' + +##################################################### +# SASL configuration +#sasl::authd::mechanism: 'rimap' + +#sasl::authd::ldap_filter: > +# (&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u))) +#sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(mail=%u@%r))' +sasl::authd::imap_server: 'mail-brln-store02.pixelpark.com' +sasl::authd::threads: 2 +sasl::authd::ldap_version: 3 +sasl::authd::caching: true +sasl::authd::combine_realm: true + +infra::profile::sasl::application: + smtpd: + mech_list: + - plain + - login + pwcheck_method: 'saslauthd' + +##################################################### +# Postfix configuration: + +##################################################### +# Rsyslog configuration + +# Logrotation +infra::profile::logrotate::rules: + samba: + path: '/var/log/samba/*' + ifempty: false + olddir: '/var/log/samba/old' + missingok: true + dateext: true + dateformat: '-%Y-%m-%d' + copytruncate: true + sharedscripts: true + diff --git a/customer/pixelpark-mail/test-mail02.pixelpark.net.yaml b/customer/pixelpark-mail/test-mail02.pixelpark.net.yaml deleted file mode 100644 index 319f6ed3..00000000 --- a/customer/pixelpark-mail/test-mail02.pixelpark.net.yaml +++ /dev/null @@ -1,82 +0,0 @@ ---- -infra::role: base - -infra::additional_classes: - - infra::profile::sasl - - infra::profile::postfix - - rsyslog::client - - infra::profile::logrotate - - resolv_conf - - bind - - chrony -# - logstash - -# For testing the accounts module -#accounts::users: -# web: -# apply: false -# sudo: false -# uid: 60300 -# comment: 'Test Webuser' -# group: 'web' -# groups: -# - 'apache' -# - 'wheel' -# shell: 'bash' -# annika.wenzel: -# apply: false -# groups: -# - apache -# dennis.klein: -# apply: false -# group: apache -# groups: -# - users -# - wheel - -# Necessary, because the host has a local caching only DNS resolver -puppetconf::server: puppetmaster01.pixelpark.com - -##################################################### -# Options for /etc/resolv.conf -resolv_conf::nameservers: - - '127.0.0.1' - -##################################################### -# SASL configuration -#sasl::authd::mechanism: 'rimap' - -#sasl::authd::ldap_filter: > -# (&(objectclass=inetlocalmailrecipient)(|(uid=%u)(mail=%u))) -#sasl::authd::ldap_filter: '(&(objectclass=inetlocalmailrecipient)(mail=%u@%r))' -sasl::authd::imap_server: 'mail-brln-store02.pixelpark.com' -sasl::authd::threads: 2 -sasl::authd::ldap_version: 3 -sasl::authd::caching: true -sasl::authd::combine_realm: true - -infra::profile::sasl::application: - smtpd: - mech_list: - - plain - - login - pwcheck_method: 'saslauthd' - -##################################################### -# Postfix configuration: - -##################################################### -# Rsyslog configuration - -# Logrotation -infra::profile::logrotate::rules: - samba: - path: '/var/log/samba/*' - ifempty: false - olddir: '/var/log/samba/old' - missingok: true - dateext: true - dateformat: '-%Y-%m-%d' - copytruncate: true - sharedscripts: true -