include_recipe "munin"
include_recipe "networking"
+include_recipe "prometheus"
package %w[
exim4
relay_from_hosts = node[:exim][:relay_from_hosts]
if node[:exim][:smarthost_name]
+ search(:node, "roles:gateway") do |gateway|
+ allowed_ips = gateway.interfaces(:role => :internal).map do |interface|
+ "#{interface[:network]}/#{interface[:prefix]}"
+ end
+
+ node.default[:networking][:wireguard][:peers] << {
+ :public_key => gateway[:networking][:wireguard][:public_key],
+ :allowed_ips => allowed_ips,
+ :endpoint => "#{gateway.name}:51820"
+ }
+ end
+
search(:node, "exim_smarthost_via:#{node[:exim][:smarthost_name]}\\:*").each do |host|
relay_from_hosts |= host.ipaddresses(:role => :external)
end
end
end
+template "/etc/default/exim4" do
+ source "default.erb"
+ owner "root"
+ group "root"
+ mode "044"
+ notifies :restart, "service[exim4]"
+end
+
template "/etc/exim4/exim4.conf" do
source "exim4.conf.erb"
owner "root"
munin_plugin "exim_mailqueue"
munin_plugin "exim_mailstats"
+prometheus_exporter "exim" do
+ port 9636
+end
+
if node[:exim][:smarthost_name]
node[:exim][:daemon_smtp_ports].each do |port|
firewall_rule "accept-inbound-smtp-#{port}" do