X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/99f72e0ddbd36942cffa1b67c989505886412754..a1fe1b73e197fcee92a684af0a62608067456159:/cookbooks/exim/recipes/default.rb

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 8489bc2d1..9266425e3 100644
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "munin"
 include_recipe "networking"
 
 package %w[
@@ -25,7 +26,9 @@ package %w[
   ssl-cert
 ]
 
-package "exim4-daemon-heavy" if File.exist?("/var/run/clamav/clamd.ctl")
+package "exim4-daemon-heavy" do
+  only_if { ::File.exist?("/var/run/clamav/clamd.ctl") }
+end
 
 group "ssl-cert" do
   action :modify
@@ -77,7 +80,7 @@ if node[:exim][:smarthost_name]
     relay_from_hosts |= host.ipaddresses(:role => :external)
   end
 
-  domains = node[:exim][:local_domains].reject { |d| ["localhost", "@", "noreply.openstreetmap.org"].any?(d) }
+  domains = node[:exim][:certificate_names].select { |c| c =~ /^a\.mx\./ }.collect { |c| c.sub(/^a\.mx./, "") }
   primary_domain = domains.first
 
   directory "/srv/mta-sts.#{primary_domain}" do
@@ -114,6 +117,32 @@ file "/etc/exim4/blocked-senders" do
   mode 0o644
 end
 
+if node[:exim][:dkim_selectors]
+  keys = data_bag_item("exim", "dkim")
+
+  template "/etc/exim4/dkim-selectors" do
+    owner "root"
+    source "dkim-selectors.erb"
+    group "Debian-exim"
+    mode 0o644
+  end
+
+  directory "/etc/exim4/dkim-keys" do
+    owner "root"
+    group "Debian-exim"
+    mode 0o755
+  end
+
+  node[:exim][:dkim_selectors].each do |domain, selector|
+    file "/etc/exim4/dkim-keys/#{domain}" do
+      content keys[domain].join("\n")
+      owner "root"
+      group "Debian-exim"
+      mode 0o640
+    end
+  end
+end
+
 template "/etc/exim4/exim4.conf" do
   source "exim4.conf.erb"
   owner "root"