Add sql conf ext

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,54 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: '[BUG] '
+labels: 'bug'
+assignees: ''
+
+---
+
+## Your setup
+### Formula commit hash / release tag
+<!-- Please specify the formula's commit hash and/or release tag that you are using. -->
+
+
+
+### Versions reports (master & minion)
+<!-- Provided by running `salt --versions-report` or its short-form `salt -V`. -->
+<!-- Please also mention any differences in master/minion versions. -->
+
+
+
+### Pillar / config used
+<!-- Provide links to the SLS files and/or relevant configs (be sure to remove sensitive info). -->
+
+
+
+---
+
+## Bug details
+### Describe the bug
+<!-- A clear and concise description of what the bug is. -->
+
+
+
+### Steps to reproduce the bug
+<!-- Include debug logs if possible and relevant, e.g. using `salt-minion -l debug`. -->
+<!-- Alternatively, linking to Kitchen debug logs is useful, e.g. via. Travis CI. -->
+<!-- Most useful is providing a failing InSpec test, which can be used to verify any proposed fix. -->
+
+
+
+### Expected behaviour
+<!-- A clear and concise description of what you expected to happen. -->
+
+
+
+### Attempts to fix the bug
+<!-- Please mention any attempts you have made to fix the bug and what the results were. -->
+
+
+
+### Additional context
+<!-- Add any other context about the problem here. -->
+

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,27 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: '[FEATURE] '
+labels: 'enhancement'
+assignees: ''
+
+---
+
+### Is your feature request related to a problem?
+<!-- A clear and concise description of what the problem is. -->
+
+
+
+### Describe the solution you'd like
+<!-- A clear and concise description of what you want to happen. -->
+
+
+
+### Describe alternatives you've considered
+<!-- Describe any alternative solutions or features you've considered. -->
+
+
+
+### Additional context
+<!-- Add any other context about the feature request here. -->
+

.github/pull_request_template.md

@@ -0,0 +1,88 @@
+<!--
+Please fill in this PR template to make it easier to review and merge.
+
+It has been designed so that a lot of it can be completed *after* submitting it,
+e.g. filling in the checklists.
+
+Notes:
+1. Please keep the PR as small as is practicable; the larger a PR gets, the harder it becomes to review and the more time it requires to get it merged.
+2. Similarly, please avoid PRs that cover more than one type; it should be a _bug fix_ *OR* a _new feature_ *OR* a _refactor_, etc.
+3. Please direct questions to the [`#formulas` channel on Slack](https://saltstackcommunity.slack.com/messages/C7LG8SV54/), which is bridged to `#saltstack-formulas` on Freenode.
+-->
+
+### PR progress checklist (to be filled in by reviewers)
+<!-- Please leave this checklist for reviewers to tick as they work through the PR. -->
+
+- [ ] Changes to documentation are appropriate (or tick if not required)
+- [ ] Changes to tests are appropriate (or tick if not required)
+- [ ] Reviews completed
+
+---
+
+### What type of PR is this?
+<!-- Please tick each box that is relevant (after creating the PR). -->
+
+#### Primary type
+<!-- There really should be only *one* of these types ticked for each PR. -->
+
+- [ ] `[build]`    Changes related to the build system
+- [ ] `[chore]`    Changes to the build process or auxiliary tools and libraries such as documentation generation
+- [ ] `[ci]`       Changes to the continuous integration configuration
+- [ ] `[feat]`     A new feature
+- [ ] `[fix]`      A bug fix
+- [ ] `[perf]`     A code change that improves performance
+- [ ] `[refactor]` A code change that neither fixes a bug nor adds a feature
+- [ ] `[revert]`   A change used to revert a previous commit
+- [ ] `[style]`    Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc.)
+
+#### Secondary type
+<!-- Most PRs should include all of the following types as well. -->
+
+- [ ] `[docs]`     Documentation changes
+- [ ] `[test]`     Adding missing or correcting existing tests
+
+### Does this PR introduce a `BREAKING CHANGE`?
+<!-- If so, change the following to a `Yes` and explain what the breaking changes are. -->
+<!-- If there are multiple breaking changes, list them all. -->
+
+No.
+
+### Related issues and/or pull requests
+<!-- Please link any related issues/PRs here, especially any issues that are closed by this PR. -->
+
+
+
+### Describe the changes you're proposing
+<!-- A clear and concise description of what you have implemented. -->
+<!-- Consider explaining each commit if they cover different aspects of the proposed changes. -->
+
+
+
+### Pillar / config required to test the proposed changes
+<!-- Provide links to the SLS files and/or relevant configs (be sure to remove sensitive info). -->
+
+
+
+### Debug log showing how the proposed changes work
+<!-- Include a debug log showing how these changes work, e.g. using `salt-minion -l debug`. -->
+<!-- Alternatively, linking to Kitchen debug logs is useful, e.g. via. Travis CI. -->
+<!-- Most useful is providing a passing InSpec test, which can be used to verify any proposed changes. -->
+
+
+
+### Documentation checklist
+<!-- Please tick each box that is relevant (after creating the PR). -->
+
+- [ ] Updated the `README` (e.g. `Available states`).
+- [ ] Updated `pillar.example`.
+
+### Testing checklist
+<!-- Please tick each box that is relevant (after creating the PR). -->
+
+- [ ] Included in Kitchen (i.e. under `state_top`).
+- [ ] Covered by new/existing tests (e.g. InSpec, Serverspec, etc.).
+- [ ] Updated the relevant test pillar.
+
+### Additional context
+<!-- Add any other context about the proposed changes here. -->
+

.pre-commit-config.yaml

@@ -0,0 +1,70 @@
+# -*- coding: utf-8 -*-
+# vim: ft=yaml
+---
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+ci:
+  autofix_commit_msg: |
+    ci(pre-commit.ci): apply auto fixes from pre-commit.com hooks
+
+    For more information, see https://pre-commit.ci
+  autofix_prs: true
+  autoupdate_branch: ''
+  autoupdate_commit_msg: |
+    ci(pre-commit.ci): perform `pre-commit` autoupdate
+  autoupdate_schedule: quarterly
+  skip: []
+  submodules: false
+default_stages: [commit]
+repos:
+  - repo: https://github.com/dafyddj/commitlint-pre-commit-hook
+    rev: v2.3.0
+    hooks:
+      - id: commitlint
+        name: Check commit message using commitlint
+        description: Lint commit message
+          against @commitlint/config-conventional rules
+        stages: [commit-msg]
+        additional_dependencies: ['@commitlint/[email protected]']
+      - id: commitlint-travis
+        stages: [manual]
+        additional_dependencies: ['@commitlint/[email protected]']
+        always_run: true
+  - repo: https://github.com/shellcheck-py/shellcheck-py
+    rev: v0.9.0.6
+    hooks:
+      - id: shellcheck
+        name: Check shell scripts with shellcheck
+        files: ^.*\.(sh|bash|ksh)$
+        types: []
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.32.0
+    hooks:
+      - id: yamllint
+        name: Check YAML syntax with yamllint
+        args: [--strict, '.']
+        always_run: true
+        pass_filenames: false
+  - repo: https://github.com/warpnet/salt-lint
+    rev: v0.9.2
+    hooks:
+      - id: salt-lint
+        name: Check Salt files using salt-lint
+        files: ^.*\.(sls|jinja|j2|tmpl|tst)$
+  - repo: https://github.com/myint/rstcheck
+    rev: 3f929574
+    hooks:
+      - id: rstcheck
+        name: Check reST files using rstcheck
+        exclude: 'docs/CHANGELOG.rst'
+  - repo: https://github.com/saltstack-formulas/mirrors-rst-lint
+    rev: v1.3.2
+    hooks:
+      - id: rst-lint
+        name: Check reST files using rst-lint
+        exclude: |
+            (?x)^(
+                docs/CHANGELOG.rst|
+                docs/TOFS_pattern.rst|
+            )$
+        additional_dependencies: [pygments==2.9.0]

.yamllint

@@ -0,0 +1,4 @@
+---
+rules:
+  new-lines:
+    type: platform

README.rst

@@ -17,6 +17,7 @@ e.g.:
 
 .. code::
 
+  /etc/dovecot/dovecot-sql.conf.ext in dovecot:config:dovecotext:sql
   /etc/dovecot/dovecot-ldap.conf.ext in dovecot:config:dovecotext:ldap
   /etc/dovecot/conf.d/auth-ldap.conf.ext in dovecot:config:confext:ldap
   /etc/dovecot/conf.d/10-ldap.conf in dovecot:config:conf:10-ldap
@@ -37,3 +38,30 @@ Available states
 ------------
 
 Installs and configures the dovecot package, and ensures that the associated dovecot service is running.
+
+Minion configuration
+====================
+
+Unfortunately, automating the provisioning of some delicate settings is not possible,
+or anyway not ideal in my opinion.
+E.g., the `login_trusted_networks` setting for Dovecot is difficult to safely fetch from the minion;
+therefore, the best solution I could think of for now is adding a section to the pillar, like this:
+
+. code::
+
+postfix:
+  mynetworks:
+    - 172.16.1.0/24
+    - 192.168.0.0/24
+
+The list of networks will then be expanded, joined, and injected into Dovecot's conf files appropriately.
+
+Also, there are other grains related to the DB if you decide to use it:
+
+. code::
+
+postfix:
+  dbhost: hostname.example.com
+  dbname: postfixadmin
+  dbuser: postfixadmin
+  dbpassword: verysecret

dovecot/init.sls

@@ -1,4 +1,4 @@
-{% from "dovecot/map.jinja" import dovecot with context %}
+{% from "dovecot/map.sls" import dovecot with context %}
 
 dovecot_packages:
   pkg.installed:
@@ -24,7 +24,7 @@ dovecot_packages:
     - backup: minion
     - user: root
     - group: {{ dovecot.root_group }}
-    - mode: 600
+    - mode: "0600"
     - watch_in:
       - service: dovecot_service
     - require:
@@ -61,13 +61,13 @@ dovecot_packages:
   file.directory:
     - user: root
     - group: dovecot
-    - mode: 750
+    - mode: "0750"
 {% endif %}
 {{ dovecot.config.base }}/auth.d/{{ domain }}.passwd:
   file.managed:
     - user: root
     - group: dovecot
-    - mode: 640
+    - mode: "0640"
     - contents: |
         {{ content | indent(8) }}
     - backup: minion
@@ -84,7 +84,7 @@ dovecot_packages:
         {{ content | indent(8) }}
     - user: root
     - group: {{ dovecot.root_group }}
-    - mode: 444
+    - mode: "0444"
     - backup: minion
     - watch_in:
       - service: dovecot_service
@@ -99,7 +99,7 @@ dovecot_packages:
         {{ content | indent(8) }}
     - user: root
     - group: {{ dovecot.root_group }}
-    - mode: 400
+    - mode: "0400"
     - backup: minion
     - watch_in:
       - service: dovecot_service
@@ -112,6 +112,7 @@ dovecot_service:
     - name: dovecot
     - watch:
       - file: {{ dovecot.config.base }}/{{ dovecot.config.filename }}.conf
+      - file: {{ dovecot.config.base }}/conf.d/*
       - pkg: dovecot_packages
     - require:
       - pkg: dovecot_packages

dovecot/map.jinja → dovecot/map.sls

@@ -39,7 +39,7 @@
             'dovecotext': {},
             'confext': {},
             'conf': {},
-            'ssl_certs': {},            
+            'ssl_certs': {},
             'ssl_keys': {},
             'ssl_certs_dir': '/etc/ssl/private',
             'ssl_keys_dir': '/etc/ssl/private',

pillar.example

@@ -9,7 +9,8 @@ dovecot:
       local: |
         # main
         listen = *
-        login_trusted_networks = 192.168.100.0/24
+        # Trusted networks are a space separated list
+        login_trusted_networks = {{grains['postfix']['mynetworks'] | join(' ')}}
         shutdown_clients = yes
 
         # auth
@@ -71,6 +72,14 @@ dovecot:
         ssl_key = </etc/ssl/private/dovecot-one.key
 
       dovecotext:
+        sql: |
+          driver: mysql
+          connect = host={{grains['postfix']['dbhost']}} dbname={{grains['postfix']['dbname']}} user={{grains['postfix']['dbuser']}} password={{grains['postfix']['dbpassword']}}
+          default_pass_scheme = MD5_CRYPT
+          password_query = SELECT username AS user,password FROM mailbox WHERE username = '%u' AND active='1'
+          # UID and GID must be those of the postfix user
+          # Also, make sure dovecot user belongs to the postfix group
+          user_query = SELECT CONCAT('/var/mail/vmail/', maildir) AS home, {{grains['postfix']['uid'] AS uid}}, {{grains['postfix']['gid']}} AS gid, CONCAT('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active='1'
         ldap: |
           hosts = 0.0.0.0
           base = dc=example, dc=com