#
# Cookbook Name:: kosmos-postfix
# Recipe:: default
#

node.default["postfix"]["main"]["smtp_tls_CAfile"]  = "/etc/ssl/certs/ca-certificates.crt"
node.default["postfix"]["main"]["smtpd_tls_CAfile"] = "/etc/ssl/certs/ca-certificates.crt"

return if node.run_list.roles.include?("email_server")

smtp_credentials = Chef::EncryptedDataBagItem.load("credentials", "smtp")

node.default["postfix"]["sasl"] = {
  smtp_credentials["relayhost"] => {
    "username" => smtp_credentials["user_name"],
    "password" => smtp_credentials["password"]
  }
}

# Postfix doesn"t support smtps relayhost, use STARTSSL instead
node.default["postfix"]["main"]["relayhost"]                  = smtp_credentials["relayhost"]
node.default["postfix"]["main"]["smtp_sasl_auth_enable"]      = "yes"
node.default["postfix"]["main"]["smtp_sasl_security_options"] = "noanonymous"

include_recipe "postfix::default"