From ab3f0350ab4725c919197fb8f217dd5302a7b3e6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 20 May 2017 10:27:28 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 215e58cc..c6a0c1ad 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -698,9 +698,22 @@ dkimInstalled = go `onChange` Service.restarted "opendkim" domainKey :: (BindDomain, Record) domainKey = (RelDomain "mail._domainkey", TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCc+/rfzNdt5DseBBmfB3C6sVM7FgVvf4h1FeCfyfwPpVcmPdW6M2I+NtJsbRkNbEICxiP6QY2UM0uoo9TmPqLgiCCG2vtuiG6XMsS0Y/gGwqKM7ntg/7vT1Go9vcquOFFuLa5PnzpVf8hB9+PMFdS4NPTvWL2c5xxshl/RJzICnQIDAQAB") -hasJoeyCAChain :: Property (HasInfo + UnixLike) -hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed` - Context "joeyca.pem" +postfixSaslPasswordClient :: Property (HasInfo + DebianLike) +postfixSaslPasswordClient = combineProperties "postfix uses SASL password to authenticate with smarthost" $ props + & Postfix.satellite + & Postfix.mappedFile "/etc/postfix/sasl_passwd" + (`File.hasPrivContent` (Context "kitenet.net")) + & Postfix.mainCfFile `File.containsLines` + [ "# TLS setup for SASL auth to kite" + , "smtp_sasl_auth_enable = yes" + , "smtp_tls_security_level = encrypt" + , "smtp_sasl_tls_security_options = noanonymous" + , "relayhost = [kitenet.net]" + , "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" + , "# kite's fingerprint" + , "smtp_tls_fingerprint_cert_match = 13:B0:0C:F3:11:83:A5:EB:A9:37:C6:C5:ED:16:60:86" + ] + `onChange` Postfix.reloaded hasPostfixCert :: Context -> Property (HasInfo + UnixLike) hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props -- cgit v1.2.3