summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2015-01-08 22:44:36 -0400
committerJoey Hess2015-01-08 22:44:36 -0400
commit8e6e40abc4944c1fc3cf7a0b06d8158c0820c1b7 (patch)
treed95ed427dcff98051fe093bc20ab31a0d697c0b4 /src/Propellor
parentad8e318c34aa866b9807048e3606101f785b8c28 (diff)
propellor spin
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs39
1 files changed, 37 insertions, 2 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 9d84716a..cb80a21b 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -465,8 +465,7 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "/etc/aliases" `File.hasPrivContentExposed` ctx
`onChange` Postfix.newaliases
, hasJoeyCAChain
- , "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
- , "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
+ , hasPostfixCert ctx
, "/etc/postfix/mydomain" `File.containsLines`
[ "/.*\\.kitenet\\.net/\tOK"
@@ -589,6 +588,25 @@ kiteMailServer = propertyList "kitenet.net mail server"
pinescript = "/usr/local/bin/pine"
dovecotusers = "/etc/dovecot/users"
+-- Configures postfix to relay outgoing mail to kitenet.net, with
+-- verification via tls cert.
+postfixClientRelay :: Context -> Property
+postfixClientRelay ctx = Postfix.mainCfFile `File.containsLines`
+ [ "relayhost = kitenet.net"
+ , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
+ , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
+ , "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
+ , "smtp_tls_loglevel = 0"
+ , "smtp_use_tls = yes"
+ ]
+ `describe` "postfix client relay"
+ `onChange` Postfix.dedupMainCf
+ `onChange` Postfix.reloaded
+ `requires` hasJoeyCAChain
+ `requires` hasPostfixCert ctx
+
+-- This does not configure postfix to use the dkim milter,
+-- nor does it set up domainkey DNS.
dkimInstalled :: Property
dkimInstalled = propertyList "opendkim installed"
[ Apt.serviceInstalledRunning "opendkim"
@@ -605,6 +623,17 @@ dkimInstalled = propertyList "opendkim installed"
]
`onChange` Service.restarted "opendkim"
+-- Configures postfix to have the dkim milter, and no other milters.
+dkimMilter :: Property
+dkimMilter = Postfix.mainCfFile `File.containsLines`
+ [ "inet:localhost:8891"
+ , "non_smtpd_milters = inet:localhost:8891"
+ , "milter_default_action = accept"
+ ]
+ `describe` "postfix dkim milter"
+ `onChange` Postfix.dedupMainCf
+ `onChange` Postfix.reloaded
+
-- This is the dkim public key, corresponding with /etc/mail/dkim.key
-- This value can be included in a domain's additional records to make
-- it use this domainkey.
@@ -615,6 +644,12 @@ hasJoeyCAChain :: Property
hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`
Context "joeyca.pem"
+hasPostfixCert :: Context -> Property
+hasPostfixCert ctx = combineProperties "postfix tls cert installed"
+ [ "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
+ , "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
+ ]
+
kitenetHttps :: Property
kitenetHttps = propertyList "kitenet.net https certs"
[ File.hasPrivContent "/etc/ssl/certs/web.pem" ctx