Home Explore Help
Register Sign In
opuppet
/
module-nginx
6
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
module-nginx
/
manifests
/
resource
/
mailhost.pp

mailhost.pp 6.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. # define: nginx::resource::mailhost
    2. 

  2. #
    3. 

  3. # This definition creates a virtual host
    4. 

  4. #
    5. 

  5. # Parameters:
    6. 

  6. #   [*ensure*]              - Enables or disables the specified mailhost (present|absent)
    7. 

  7. #   [*listen_ip*]           - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
    8. 

  8. #   [*listen_port*]         - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
    9. 

  9. #   [*listen_options*]      - Extra options for listen directive like 'default' to catchall. Undef by default.
    10. 

  10. #   [*ipv6_enable*]         - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
    11. 

  11. #                             support exists on your system before enabling.
    12. 

  12. #   [*ipv6_listen_ip*]      - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
    13. 

  13. #   [*ipv6_listen_port*]    - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
    14. 

  14. #   [*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
    15. 

  15. #                             While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
    16. 

  16. #   [*index_files*]         - Default index files for NGINX to read when traversing a directory
    17. 

  17. #   [*ssl*]                 - Indicates whether to setup SSL bindings for this mailhost.
    18. 

  18. #   [*ssl_cert*]            - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
    19. 

  19. #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
    20. 

  20. #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
    21. 

  21. #   [*starttls*]            - enable STARTTLS support: (on|off|only)
    22. 

  22. #   [*protocol*]            - Mail protocol to use: (imap|pop3|smtp)
    23. 

  23. #   [*auth_http*]           - With this directive you can set the URL to the external HTTP-like server for authorization.
    24. 

  24. #   [*xclient*]             - wheter to use xclient for smtp (on|off)
    25. 

  25. #   [*server_name*]         - List of mailhostnames for which this mailhost will respond. Default [$name].
    26. 

  26. #
    27. 

  27. # Actions:
    28. 

  28. #
    29. 

  29. # Requires:
    30. 

  30. #
    31. 

  31. # Sample Usage:
    32. 

  32. #  nginx::resource::mailhost { 'domain1.example':
    33. 

  33. #    ensure      => present,
    34. 

  34. #    auth_http   => 'server2.example/cgi-bin/auth',
    35. 

  35. #    protocol    => 'smtp',
    36. 

  36. #    listen_port => 587,
    37. 

  37. #    ssl_port    => 465,
    38. 

  38. #    starttls    => 'only',
    39. 

  39. #    xclient     => 'off',
    40. 

  40. #    ssl         => true,
    41. 

  41. #    ssl_cert    => '/tmp/server.crt',
    42. 

  42. #    ssl_key     => '/tmp/server.pem',
    43. 

  43. #  }
    44. 

  44. define nginx::resource::mailhost (
    45. 

  45.   $listen_port,
    46. 

  46.   $ensure              = 'present',
    47. 

  47.   $listen_ip           = '*',
    48. 

  48.   $listen_options      = undef,
    49. 

  49.   $ipv6_enable         = false,
    50. 

  50.   $ipv6_listen_ip      = '::',
    51. 

  51.   $ipv6_listen_port    = 80,
    52. 

  52.   $ipv6_listen_options = 'default ipv6only=on',
    53. 

  53.   $ssl                 = false,
    54. 

  54.   $ssl_cert            = undef,
    55. 

  55.   $ssl_key             = undef,
    56. 

  56.   $ssl_port            = undef,
    57. 

  57.   $starttls            = 'off',
    58. 

  58.   $protocol            = undef,
    59. 

  59.   $auth_http           = undef,
    60. 

  60.   $xclient             = 'on',
    61. 

  61.   $server_name         = [$name]
    62. 

  62. ) {
    63. 

  63. 

  64.   $root_group = $::nginx::config::root_group
    65. 

  65. 

  66.   File {
    67. 

  67.     owner => 'root',
    68. 

  68.     group => $root_group,
    69. 

  69.     mode  => '0644',
    70. 

  70.   }
    71. 

  71. 

  72.   if is_string($listen_port) {
    73. 

  73.     warning('DEPRECATION: String $listen_port must be converted to an integer. Integer string support will be removed in a future release.')
    74. 

  74.   }
    75. 

  75.   elsif !is_integer($listen_port) {
    76. 

  76.     fail('$listen_port must be an integer.')
    77. 

  77.   }
    78. 

  78.   validate_re($ensure, '^(present|absent)$',
    79. 

  79.     "${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
    80. 

  80.   if !(is_array($listen_ip) or is_string($listen_ip)) {
    81. 

  81.     fail('$listen_ip must be a string or array.')
    82. 

  82.   }
    83. 

  83.   if ($listen_options != undef) {
    84. 

  84.     validate_string($listen_options)
    85. 

  85.   }
    86. 

  86.   validate_bool($ipv6_enable)
    87. 

  87.   if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
    88. 

  88.     fail('$ipv6_listen_ip must be a string or array.')
    89. 

  89.   }
    90. 

  90.   if is_string($ipv6_listen_port) {
    91. 

  91.     warning('DEPRECATION: String $ipv6_listen_port must be converted to an integer. Integer string support will be removed in a future release.')
    92. 

  92.   }
    93. 

  93.   elsif !is_integer($ipv6_listen_port) {
    94. 

  94.     fail('$ipv6_listen_port must be an integer.')
    95. 

  95.   }
    96. 

  96.   validate_string($ipv6_listen_options)
    97. 

  97.   validate_bool($ssl)
    98. 

  98.   if ($ssl_cert != undef) {
    99. 

  99.     validate_string($ssl_cert)
    100. 

  100.   }
    101. 

  101.   if ($ssl_key != undef) {
    102. 

  102.     validate_string($ssl_key)
    103. 

  103.   }
    104. 

  104.   if $ssl_port != undef {
    105. 

  105.     if is_string($ssl_port) {
    106. 

  106.       warning('DEPRECATION: String $ssl_port must be converted to an integer. Integer string support will be removed in a future release.')
    107. 

  107.     }
    108. 

  108.     elsif !is_integer($ssl_port) {
    109. 

  109.       fail('$ssl_port must be an integer.')
    110. 

  110.     }
    111. 

  111.   }
    112. 

  112.   validate_re($starttls, '^(on|only|off)$',
    113. 

  113.     "${starttls} is not supported for starttls. Allowed values are 'on', 'only' and 'off'.")
    114. 

  114.   if ($protocol != undef) {
    115. 

  115.     validate_string($protocol)
    116. 

  116.   }
    117. 

  117.   if ($auth_http != undef) {
    118. 

  118.     validate_string($auth_http)
    119. 

  119.   }
    120. 

  120.   validate_string($xclient)
    121. 

  121.   validate_array($server_name)
    122. 

  122. 

  123.   $config_file = "${::nginx::config::conf_dir}/conf.mail.d/${name}.conf"
    124. 

  124. 

  125.   # Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
    126. 

  126.   # and support does not exist for it in the kernel.
    127. 

  127.   if ($ipv6_enable and !$::ipaddress6) {
    128. 

  128.     warning('nginx: IPv6 support is not enabled or configured properly')
    129. 

  129.   }
    130. 

  130. 

  131.   # Check to see if SSL Certificates are properly defined.
    132. 

  132.   if ($ssl or $starttls == 'on' or $starttls == 'only') {
    133. 

  133.     if ($ssl_cert == undef) or ($ssl_key == undef) {
    134. 

  134.       fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
    135. 

  135.     }
    136. 

  136.   }
    137. 

  137. 

  138.   concat { $config_file:
    139. 

  139.     owner  => 'root',
    140. 

  140.     group  => $root_group,
    141. 

  141.     mode   => '0644',
    142. 

  142.     notify => Class['::nginx::service'],
    143. 

  143.   }
    144. 

  144. 

  145.   if (($ssl_port == undef) or ($listen_port + 0) != ($ssl_port + 0)) {
    146. 

  146.     concat::fragment { "${name}-header":
    147. 

  147.       target  => $config_file,
    148. 

  148.       content => template('nginx/mailhost/mailhost.erb'),
    149. 

  149.       order   => '001',
    150. 

  150.     }
    151. 

  151.   }
    152. 

  152. 

  153.   # Create SSL File Stubs if SSL is enabled
    154. 

  154.   if ($ssl) {
    155. 

  155.     concat::fragment { "${name}-ssl":
    156. 

  156.       target  => $config_file,
    157. 

  157.       content => template('nginx/mailhost/mailhost_ssl.erb'),
    158. 

  158.       order   => '700',
    159. 

  159.     }
    160. 

  160.   }
    161. 

  161. }
    162.