From 43dd5876e8cad7f41546a34e3a4b2f015f23a463 Mon Sep 17 00:00:00 2001
From: Zen-Fu <zen@systemli.org>
Date: Wed, 23 Apr 2025 12:04:34 -0300
Subject: [PATCH] move mail configuration to a profile that is included in all
 nodes

refs tpo/tpa/team#42096
---
 Puppetfile                             |  2 +-
 hieradata/node/ecours.tails.net.yaml   |  1 +
 hieradata/node/mail.lizard.yaml        |  1 +
 hieradata/node/mta.chameleon.yaml      |  2 +-
 hieradata/node/whisperback.lizard.yaml |  1 +
 hieradata/role/isoworker.yaml          |  1 +
 manifests/nodes.pp                     | 27 +-------------------------
 manifests/stone.pp                     |  2 +-
 site/role/manifests/tails/physical.pp  |  1 -
 9 files changed, 8 insertions(+), 30 deletions(-)

diff --git a/Puppetfile b/Puppetfile
index 5f679341b..a0796d982 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -233,7 +233,7 @@ mod 'camptocamp/systemd', # Tag: v6.0.0
 
 mod 'tails/tails', # Branch: gitlab/master
   :git => 'https://gitlab.tails.boum.org/tails/puppet-tails.git',
-  :commit => 'd05ac696a3c5e0feb52fde31a164d22951df6e0f'
+  :commit => 'a1e840daa233787774d4d0801257ce3d5054ed95'
 
 mod 'claranet/timezone', # Tag: 2.0.1
   :git => 'https://github.com/claranet/puppet-timezone.git',
diff --git a/hieradata/node/ecours.tails.net.yaml b/hieradata/node/ecours.tails.net.yaml
index 4fb25a640..3188a0733 100644
--- a/hieradata/node/ecours.tails.net.yaml
+++ b/hieradata/node/ecours.tails.net.yaml
@@ -42,3 +42,4 @@ tails::profile::backupfs::excludes:
   - sys
   - var/lib/mysql
 monitoring::type: master
+tails::profile::mail::type: mta
diff --git a/hieradata/node/mail.lizard.yaml b/hieradata/node/mail.lizard.yaml
index 36edbd3ec..8b0e450c7 100644
--- a/hieradata/node/mail.lizard.yaml
+++ b/hieradata/node/mail.lizard.yaml
@@ -64,3 +64,4 @@ tails::profile::autoreplies::autoreplies:
   tails-bugs@boum.org:
     subject: this address is no longer in use
     content: The tails-bugs@boum.org address is no longer in use, please contact us at support@tails.net instead.
+tails::profile::mail::type: schleuder
diff --git a/hieradata/node/mta.chameleon.yaml b/hieradata/node/mta.chameleon.yaml
index ef4f8229d..7d7da89ef 100644
--- a/hieradata/node/mta.chameleon.yaml
+++ b/hieradata/node/mta.chameleon.yaml
@@ -37,4 +37,4 @@ tails::profile::autoreplies::autoreplies:
   accounting@tails.net:
     subject: this address is no longer in use
     content: "Hello and thanks for reaching out to Tails.\n\nIn the fall of 2024, Tails joined forced with the Tor Project, and we are now developing the operating system under the Tor Project umbrella. This email address is not active anymore.\nYour inquiry is not automatically forwarded. We kindly ask you to address your original inquiry to accounting@torproject.org."
-
+tails::profile::mail::type: schleuder
diff --git a/hieradata/node/whisperback.lizard.yaml b/hieradata/node/whisperback.lizard.yaml
index 79523b624..4f2ca2052 100644
--- a/hieradata/node/whisperback.lizard.yaml
+++ b/hieradata/node/whisperback.lizard.yaml
@@ -8,3 +8,4 @@ tails::profile::network::interfaces:
     options:
       gateway: 192.168.122.1
       dns-nameservers: 192.168.122.1
+tails::profile::mail::type: whisperback
diff --git a/hieradata/role/isoworker.yaml b/hieradata/role/isoworker.yaml
index f36fa9610..6847456e7 100644
--- a/hieradata/role/isoworker.yaml
+++ b/hieradata/role/isoworker.yaml
@@ -13,3 +13,4 @@ tails::profile::jenkins::isotester::jenkins_master_ssh_pubkey_name: 'jenkins@jen
 tails::profile::jenkins::dovecot::email_password: test
 tirewall::purge: false
 monitoring::type: unmonitored
+tails::profile::mail::type: testermta
diff --git a/manifests/nodes.pp b/manifests/nodes.pp
index 697efffc2..34bc7f264 100644
--- a/manifests/nodes.pp
+++ b/manifests/nodes.pp
@@ -1,4 +1,5 @@
 include tails::profile::base
+include tails::profile::mail
 include tails_profile_puppet
 include monitoring
 
@@ -10,50 +11,42 @@ node /(chameleon|dragon|iguana|lizard|skink)\.tails\.net/ {
 
 node 'apt.lizard' {
   include tails::profile::mounts
-  include tails::profile::msmtp
   include tails::profile::reprepro
 }
 
 node 'apt-proxy.lizard' {
   include tails::profile::apt_cacher_ng
   include tails::profile::mounts
-  include tails::profile::msmtp
 }
 
 node 'bitcoin.lizard' {
   include tails::profile::bitcoin
   include tails::profile::mounts
-  include tails::profile::msmtp
 }
 
 node 'bittorrent.lizard' {
   include tails::profile::bittorrent
-  include tails::profile::msmtp
 }
 
 node 'dns.lizard' {
   include tails::profile::dns::primary
-  include tails::profile::msmtp
 }
 
 node /^isobuilder\d\.lizard$/ {
   include tails::profile::jenkins::isobuilder_only
   include tails::profile::mounts
-  include tails::profile::msmtp
 }
 
 node 'jenkins.dragon' {
   include tails::profile::jenkins::artifacts_store
   include tails::profile::jenkins::master
   include tails::profile::jenkins::reverse_proxy
-  include tails::profile::msmtp
 }
 
 node 'mail.lizard' {
   include tails::profile::autoreplies
   include tails::profile::mailalias
   include tails::profile::rspamd
-  include tails::profile::schleuder
 }
 
 node 'misc.lizard' {
@@ -62,7 +55,6 @@ node 'misc.lizard' {
   include tails::profile::jenkins::support::ssh
   include tails::profile::jenkins::support::sftp
   include tails::profile::mailalias
-  include tails::profile::msmtp
   include tails::profile::release_misc
   include tails::profile::rss2email
   include tails::profile::tailsbot
@@ -71,19 +63,16 @@ node 'misc.lizard' {
 node 'puppet-git.lizard' {
   include tails::profile::gitolite
   include tails::profile::mounts
-  include tails::profile::msmtp
 }
 
 node 'rsync.lizard' {
   include tails::profile::mirrorbits
   include tails::profile::mounts
-  include tails::profile::msmtp
   include tails::profile::rsync
 }
 
 node 'translate.lizard' {
   include tails::profile::mailalias
-  include tails::profile::msmtp
   include tails::profile::weblate
 
   # XXX workaround for sysadmin#17988, remove once node is upgraded to Bookworm
@@ -101,8 +90,6 @@ node 'translate.lizard' {
 }
 
 node 'whisperback.lizard' {
-  include tails::profile::whisperback
-
   # XXX Remove once enough time has passed after deployment of the new address
   # below (see: sysadmin#18080)
   tails::profile::whisperback::onion { 'tails_whisperback_relay':
@@ -123,7 +110,6 @@ node 'www.lizard' {
   include tails::profile::http_to_git_annex
   include tails::profile::mailalias
   include tails::profile::mirrorbits::reverse_proxy
-  include tails::profile::msmtp
   include tails::profile::nginx
   include tails::profile::nginx::exportcert
   include tails::profile::redmine
@@ -139,7 +125,6 @@ node 'www.lizard' {
 node 'ecours.tails.net' {
   include tails::profile::dropbear
   include tails::profile::backupfs
-  include tails::profile::mta
   include tails::profile::vpn
 }
 
@@ -147,7 +132,6 @@ node 'gecko.tails.net' {
   include tails::profile::backupfs
   include tails::profile::dropbear
   include tails::profile::hedgedoc
-  include tails::profile::msmtp
   include tails::profile::tailsbot
   include tails::profile::vpn
 }
@@ -155,34 +139,28 @@ node 'gecko.tails.net' {
 node 'teels.tails.net' {
   include tails::profile::backupfs
   include tails::profile::dns::secondary
-  include tails::profile::msmtp
   include tails::profile::vpn
 }
 
 node 'puppet.lizard' {
-  include tails::profile::msmtp
   include tails::profile::sshkeymaster
   include monitoring::plugins::puppetmaster
 }
 
 node 'gitlab-runner.iguana' {
   include tails::profile::gitlab_runner
-  include tails::profile::msmtp
 }
 
 node 'gitlab-runner2.dragon' {
   include tails::profile::gitlab_runner
-  include tails::profile::msmtp
 }
 
 node 'proxy-dev.skink' {
-  include tails::profile::msmtp
   include tails::profile::nginx
 }
 
 node /^isoworker\d+\.(dragon|iguana)$/ {
   include tails::profile::jenkins::isoworker
-  include tails::profile::testermta
 }
 
 node 'isoworkers-mail.iguana' {
@@ -191,17 +169,14 @@ node 'isoworkers-mail.iguana' {
 
 node 'mta.chameleon' {
   include tails::profile::autoreplies
-  include tails::profile::schleuder
   include tails::profile::unbound
 }
 
 node 'www2.chameleon' {
-  include tails::profile::msmtp
   include tails::profile::mtasts
   include tails::profile::nginx::exportcert
   include tails::profile::website::mirror
 }
 
 node 'testlab.skink' {
-  include tails::profile::msmtp
 }
diff --git a/manifests/stone.pp b/manifests/stone.pp
index 7adf8f6b0..8e52c5087 100644
--- a/manifests/stone.pp
+++ b/manifests/stone.pp
@@ -4,5 +4,5 @@ node 'stone.tails.net' {
   include tails::profile::base
   include tails::profile::backupserver
   include tails::profile::dropbear
-  include tails::profile::msmtp
+  include tails::profile::mail
 }
diff --git a/site/role/manifests/tails/physical.pp b/site/role/manifests/tails/physical.pp
index 68f84d87d..292f64770 100644
--- a/site/role/manifests/tails/physical.pp
+++ b/site/role/manifests/tails/physical.pp
@@ -10,7 +10,6 @@ class role::tails::physical (
   include tails::profile::dropbear
   include tails::profile::libvirt
   include tails::profile::modprobe
-  include tails::profile::msmtp
   include tails::profile::vpn
 
   if $munin {
-- 
GitLab