Skip to content

Commit

Permalink
Convert mailhost templates to EPP
Browse files Browse the repository at this point in the history
  • Loading branch information
jay7x committed Jul 14, 2023
1 parent c79ca10 commit b5e7e66
Show file tree
Hide file tree
Showing 11 changed files with 348 additions and 229 deletions.
105 changes: 95 additions & 10 deletions manifests/resource/mailhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@
# for authorization.
# @param xclient
# Whether to use xclient for smtp
# @param proxy_protocol
# @param proxy_protocol
# Wheter to use proxy_protocol
# @param proxy_smtp_auth
# @param proxy_smtp_auth
# Wheter to use proxy_smtp_auth
# @param imap_auth
# Sets permitted methods of authentication for IMAP clients.
Expand Down Expand Up @@ -170,20 +170,29 @@
Optional[Array] $pop3_capabilities = undef,
Optional[String] $smtp_auth = undef,
Optional[Array] $smtp_capabilities = undef,
Optional[Variant[Array, String]] $raw_prepend = undef,
Optional[Variant[Array, String]] $raw_append = undef,
Optional[Hash] $mailhost_cfg_prepend = undef,
Optional[Hash] $mailhost_cfg_append = undef,
String $proxy_pass_error_message = 'off',
Array $server_name = [$name]
Array $server_name = [$name],
Variant[Array[String], String] $raw_prepend = [],
Variant[Array[String], String] $raw_append = [],
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_prepend = {},
Hash[String, Variant[
String,
Array[String],
Hash[String, Variant[String, Array[String]]],
]] $mailhost_cfg_append = {},
) {
if ! defined(Class['nginx']) {
fail('You must include the nginx base class before using any defined resources')
}

# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$facts['networking']['ip6']) {
$has_ipaddress6 = ($facts.get('networking.ip6') =~ Stdlib::IP::Address::V6)
if ($ipv6_enable and !$has_ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}

Expand All @@ -197,6 +206,53 @@
$config_dir = "${nginx::conf_dir}/conf.mail.d"
$config_file = "${config_dir}/${name}.conf"

# Pre-render some common parts
$mailhost_prepend = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_prepend,
raw_xpend => [$raw_prepend].flatten,
})
$mailhost_append = epp('nginx/prepend_append.epp', {
cfg_xpend => $mailhost_cfg_append,
raw_xpend => [$raw_append].flatten,
})

$mailhost_ssl_settings = epp('nginx/mailhost/mailhost_ssl_settings.epp', {
ssl_cert => $ssl_cert,
ssl_ciphers => $ssl_ciphers,
ssl_client_cert => $ssl_client_cert,
ssl_crl => $ssl_crl,
ssl_dhparam => $ssl_dhparam,
ssl_ecdh_curve => $ssl_ecdh_curve,
ssl_key => $ssl_key,
ssl_password_file => $ssl_password_file,
ssl_prefer_server_ciphers => $ssl_prefer_server_ciphers,
ssl_protocols => $ssl_protocols,
ssl_session_cache => $ssl_session_cache,
ssl_session_ticket_key => $ssl_session_ticket_key,
ssl_session_tickets => $ssl_session_tickets,
ssl_session_timeout => $ssl_session_timeout,
ssl_trusted_cert => $ssl_trusted_cert,
ssl_verify_depth => $ssl_verify_depth,
})

$mailhost_common = epp('nginx/mailhost/mailhost_common.epp', {
auth_http => $auth_http,
auth_http_header => $auth_http_header,
imap_auth => $imap_auth,
imap_capabilities => $imap_capabilities,
imap_client_buffer => $imap_client_buffer,
pop3_auth => $pop3_auth,
pop3_capabilities => $pop3_capabilities,
protocol => $protocol,
proxy_pass_error_message => $proxy_pass_error_message,
proxy_protocol => $proxy_protocol,
proxy_smtp_auth => $proxy_smtp_auth,
server_name => $server_name,
smtp_auth => $smtp_auth,
smtp_capabilities => $smtp_capabilities,
xclient => $xclient,
})

concat { $config_file:
ensure => $ensure,
owner => 'root',
Expand All @@ -210,17 +266,46 @@
if $ssl_port == undef or $listen_port != $ssl_port {
concat::fragment { "${name}-header":
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
content => epp('nginx/mailhost/mailhost.epp', {
has_ipaddress6 => $has_ipaddress6,
ipv6_enable => $ipv6_enable,
ipv6_listen_ip => $ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => $listen_ip,
listen_options => $listen_options,
listen_port => $listen_port,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
starttls => $starttls,
}),
}
}

# Create SSL File Stubs if SSL is enabled
if $ssl {
concat::fragment { "${name}-ssl":
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',
content => epp('nginx/mailhost/mailhost_ssl.epp', {
has_ipaddress6 => $has_ipaddress6,
ipv6_enable => $ipv6_enable,
ipv6_listen_ip => $ipv6_listen_ip,
ipv6_listen_options => $ipv6_listen_options,
ipv6_listen_port => $ipv6_listen_port,
listen_ip => $listen_ip,
listen_options => $listen_options,
mailhost_append => $mailhost_append,
mailhost_common => $mailhost_common,
mailhost_prepend => $mailhost_prepend,
mailhost_ssl_settings => $mailhost_ssl_settings,
nginx_version => $nginx::nginx_version,
ssl_port => $ssl_port,
}),
}
}
}
2 changes: 2 additions & 0 deletions spec/default_module_facts.yml
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
---
ipaddress6: '::'
networking:
ip6: '::'
46 changes: 40 additions & 6 deletions spec/defines/resource_mailhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,19 @@
notmatch: %r{ ssl_session_timeout 5m;}
},
{
title: 'should contain raw_prepend directives',
title: 'should contain raw_prepend directives (String)',
attr: 'raw_prepend',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_append directives (String)',
attr: 'raw_append',
value: 'test value;',
match: [' test value;']
},
{
title: 'should contain raw_prepend directives (Array)',
attr: 'raw_prepend',
value: [
'if (a) {',
Expand All @@ -162,7 +174,7 @@
match: %r{^\s+if \(a\) \{\n\s++b;\n\s+\}}
},
{
title: 'should contain raw_append directives',
title: 'should contain raw_append directives (Array)',
attr: 'raw_append',
value: [
'if (a) {',
Expand All @@ -174,23 +186,45 @@
{
title: 'should contain ordered prepended directives',
attr: 'mailhost_cfg_prepend',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
},
{
title: 'should contain ordered appended directives',
attr: 'mailhost_cfg_append',
value: { 'test1' => 'test value 1', 'test2' => ['test value 2a', 'test value 2b'], 'test3' => 'test value 3' },
value: {
'test1' => 'test value 1',
'test2' => ['test value 2a', 'test value 2b'],
'test3' => {
'subkey 3a' => 'subvalue 3a',
'subkey 3b' => ['subvalue 3b1', 'subvalue 3b2'],
},
'test4' => 'test value 4',
},
match: [
' test1 test value 1;',
' test2 test value 2a;',
' test2 test value 2b;',
' test3 test value 3;'
' test3 subkey 3a subvalue 3a;',
' test3 subkey 3b subvalue 3b1;',
' test3 subkey 3b subvalue 3b2;',
' test4 test value 4;',
]
}
].each do |param|
Expand Down
49 changes: 49 additions & 0 deletions templates/mailhost/mailhost.epp
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<%- |
Boolean $has_ipaddress6,
Boolean $ipv6_enable,
Variant[Array[String], String] $ipv6_listen_ip
String $ipv6_listen_options,
Stdlib::Port $ipv6_listen_port,
Variant[Array[String], String] $listen_ip,
Optional[String] $listen_options,
Stdlib::Port $listen_port,
String $mailhost_append,
String[1] $mailhost_common,
String $mailhost_prepend,
String[1] $mailhost_ssl_settings,
String[1] $nginx_version,
Enum['on', 'off', 'only'] $starttls,
| -%>
# MANAGED BY PUPPET
server {
<%= $mailhost_prepend -%>
<%- if $listen_ip =~ Array { -%>
<%- $listen_ip.each |$ip| { -%>
listen <%= $ip %>:<%= $listen_port %><% if $listen_options { %> <%= $listen_options %><% } %>;
<%- } -%>
<%- } else { -%>
listen <%= $listen_ip %>:<%= $listen_port %><% if $listen_options { %> <%= $listen_options %><% } %>;
<%- } -%>
<%# check to see if ipv6 support exists in the kernel before applying -%>
<%# FIXME this logic is duplicated all over the place -%>
<%- if $ipv6_enable and $has_ipaddress6 { -%>
<%- if $ipv6_listen_ip =~ Array { -%>
<%- $ipv6_listen_ip.each |$ipv6| { -%>
listen [<%= $ipv6 %>]:<%= $ipv6_listen_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
<%- } -%>
<%- } else { -%>
listen [<%= $ipv6_listen_ip %>]:<%= $ipv6_listen_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
<%- } -%>
<%- } -%>
<%= $mailhost_common -%>

<%- if versioncmp($nginx_version, '1.15.0') < 0 { -%>
ssl off;
<% } %>
starttls <%= $starttls %>;

<% if $starttls == 'on' or $starttls == 'only' { %>
<%= $mailhost_ssl_settings -%>
<%- } -%>
<%= $mailhost_append -%>
}
67 changes: 0 additions & 67 deletions templates/mailhost/mailhost.erb

This file was deleted.

Loading

0 comments on commit b5e7e66

Please sign in to comment.