Defined Type: nginx::resource::mailhost
- Defined in:
- manifests/resource/mailhost.pp
Overview
define: nginx::resource::mailhost
This definition creates a virtual host
Parameters:
[*ensure*] - Enables or disables the specified mailhost (present|absent)
[*listen_ip*] - Default IP Address for NGINX to listen with this vHost on. Defaults to all interfaces (*)
[*listen_port*] - Default IP Port for NGINX to listen with this vHost on. Defaults to TCP 80
[*listen_options*] - Extra options for listen directive like 'default' to catchall. Undef by default.
[*ipv6_enable*] - BOOL value to enable/disable IPv6 support (false|true). Module will check to see if IPv6
support exists on your system before enabling.
[*ipv6_listen_ip*] - Default IPv6 Address for NGINX to listen with this vHost on. Defaults to all interfaces (::)
[*ipv6_listen_port*] - Default IPv6 Port for NGINX to listen with this vHost on. Defaults to TCP 80
[*ipv6_listen_options*] - Extra options for listen directive like 'default' to catchall. Template will allways add ipv6only=on.
While issue jfryman/puppet-nginx#30 is discussed, default value is 'default'.
[*index_files*] - Default index files for NGINX to read when traversing a directory
[*ssl*] - Indicates whether to setup SSL bindings for this mailhost.
[*ssl_cert*] - Pre-generated SSL Certificate file to reference for SSL Support. This is not generated by this module.
[*ssl_key*] - Pre-generated SSL Key file to reference for SSL Support. This is not generated by this module.
[*ssl_port*] - Default IP Port for NGINX to listen with this SSL vHost on. Defaults to TCP 443
[*starttls*] - enable STARTTLS support: (on|off|only)
[*protocol*] - Mail protocol to use: (imap|pop3|smtp)
[*auth_http*] - With this directive you can set the URL to the external HTTP-like server for authorization.
[*xclient*] - wheter to use xclient for smtp (on|off)
[*server_name*] - List of mailhostnames for which this mailhost will respond. Default [$name].
Actions:
Requires:
Sample Usage:
nginx::resource::mailhost { 'domain1.example':
ensure => present,
auth_http => 'server2.example/cgi-bin/auth',
protocol => 'smtp',
listen_port => 587,
ssl_port => 465,
starttls => 'only',
xclient => 'off',
ssl => true,
ssl_cert => '/tmp/server.crt',
ssl_key => '/tmp/server.pem',
}
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 |
# File 'manifests/resource/mailhost.pp', line 44
define nginx::resource::mailhost (
$listen_port,
$ensure = 'present',
$listen_ip = '*',
$listen_options = undef,
$ipv6_enable = false,
$ipv6_listen_ip = '::',
$ipv6_listen_port = 80,
$ipv6_listen_options = 'default ipv6only=on',
$ssl = false,
$ssl_cert = undef,
$ssl_key = undef,
$ssl_port = undef,
$starttls = 'off',
$protocol = undef,
$auth_http = undef,
$xclient = 'on',
$server_name = [$name]
) {
$root_group = $::nginx::config::root_group
File {
owner => 'root',
group => $root_group,
mode => '0644',
}
if is_string($listen_port) {
warning('DEPRECATION: String $listen_port must be converted to an integer. Integer string support will be removed in a future release.')
}
elsif !is_integer($listen_port) {
fail('$listen_port must be an integer.')
}
validate_re($ensure, '^(present|absent)$',
"${ensure} is not supported for ensure. Allowed values are 'present' and 'absent'.")
if !(is_array($listen_ip) or is_string($listen_ip)) {
fail('$listen_ip must be a string or array.')
}
if ($listen_options != undef) {
validate_string($listen_options)
}
validate_bool($ipv6_enable)
if !(is_array($ipv6_listen_ip) or is_string($ipv6_listen_ip)) {
fail('$ipv6_listen_ip must be a string or array.')
}
if is_string($ipv6_listen_port) {
warning('DEPRECATION: String $ipv6_listen_port must be converted to an integer. Integer string support will be removed in a future release.')
}
elsif !is_integer($ipv6_listen_port) {
fail('$ipv6_listen_port must be an integer.')
}
validate_string($ipv6_listen_options)
validate_bool($ssl)
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
if ($ssl_key != undef) {
validate_string($ssl_key)
}
if $ssl_port != undef {
if is_string($ssl_port) {
warning('DEPRECATION: String $ssl_port must be converted to an integer. Integer string support will be removed in a future release.')
}
elsif !is_integer($ssl_port) {
fail('$ssl_port must be an integer.')
}
}
validate_re($starttls, '^(on|only|off)$',
"${starttls} is not supported for starttls. Allowed values are 'on', 'only' and 'off'.")
if ($protocol != undef) {
validate_string($protocol)
}
if ($auth_http != undef) {
validate_string($auth_http)
}
validate_string($xclient)
validate_array($server_name)
$config_file = "${::nginx::config::conf_dir}/conf.mail.d/${name}.conf"
# Add IPv6 Logic Check - Nginx service will not start if ipv6 is enabled
# and support does not exist for it in the kernel.
if ($ipv6_enable and !$::ipaddress6) {
warning('nginx: IPv6 support is not enabled or configured properly')
}
# Check to see if SSL Certificates are properly defined.
if ($ssl or $starttls == 'on' or $starttls == 'only') {
if ($ssl_cert == undef) or ($ssl_key == undef) {
fail('nginx: SSL certificate/key (ssl_cert/ssl_cert) and/or SSL Private must be defined and exist on the target system(s)')
}
}
concat { $config_file:
owner => 'root',
group => $root_group,
mode => '0644',
notify => Class['::nginx::service'],
}
if (($ssl_port == undef) or ($listen_port + 0) != ($ssl_port + 0)) {
concat::fragment { "${name}-header":
target => $config_file,
content => template('nginx/mailhost/mailhost.erb'),
order => '001',
}
}
# Create SSL File Stubs if SSL is enabled
if ($ssl) {
concat::fragment { "${name}-ssl":
target => $config_file,
content => template('nginx/mailhost/mailhost_ssl.erb'),
order => '700',
}
}
}
|