X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/388687b7120815bc61f49de6c5dd0ea793dad67b..5e5cb7ccbcfcd4e3696ddcd0a3e5218c254e429d:/cookbooks/exim/recipes/default.rb diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb index 6b20f5181..94133183a 100644 --- a/cookbooks/exim/recipes/default.rb +++ b/cookbooks/exim/recipes/default.rb @@ -1,8 +1,8 @@ # -# Cookbook Name:: exim +# Cookbook:: exim # Recipe:: default # -# Copyright 2011, OpenStreetMap Foundation +# Copyright:: 2011, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,21 +33,35 @@ group "ssl-cert" do append true end -openssl_x509_certificate "/etc/ssl/certs/exim.pem" do - key_file "/etc/ssl/private/exim.key" - owner "root" - group "ssl-cert" - mode 0o640 - org "OpenStreetMap" - email "postmaster@openstreetmap.org" - common_name node[:fqdn] - expire 3650 +if node[:exim][:certificate_names] + include_recipe "apache" + + apache_site node[:exim][:certificate_names].first do + template "apache.erb" + variables :aliases => node[:exim][:certificate_names].drop(1) + end + + ssl_certificate node[:exim][:certificate_names].first do + domains node[:exim][:certificate_names] + notifies :restart, "service[exim4]" + end +else + openssl_x509_certificate "/etc/ssl/certs/exim.pem" do + key_file "/etc/ssl/private/exim.key" + owner "root" + group "ssl-cert" + mode 0o640 + org "OpenStreetMap" + email "postmaster@openstreetmap.org" + common_name node[:fqdn] + expire 3650 + notifies :restart, "service[exim4]" + end end service "exim4" do action [:enable, :start] supports :status => true, :restart => true, :reload => true - subscribes :restart, "execute[/etc/ssl/certs/exim.pem]" end relay_to_domains = node[:exim][:relay_to_domains] @@ -142,7 +156,7 @@ else end end -if node[:exim][:smarthost_via] # ~FC023 +if node[:exim][:smarthost_via] firewall_rule "deny-outbound-smtp" do action :reject source "fw"