class eid::relay() {
  package {'sasl2-bin': ensure => latest}
  package {'libsasl2-modules': ensure => latest}
  package {'opendkim': ensure => latest}


  $submission_ip = hiera_array('submission_ip',[]);

  sunet::misc::ufw_allow { "allow-submission-clients":
     from   => $submission_ip,
     port => '587',
  }

  sunet::misc::ufw_allow { "allow-dhcp6-546":
      from  => 'any',
      to    => 'fe80::/64',
      port  => '546',
      proto => 'udp',
  }


  $relay_ip = hiera_array('relay_ip',[]);

  if $relay_ip != '' {
     sunet::misc::ufw_allow { "allow-relay-rrsync":
       from   => $relay_ip,
       port => '22',
     }
     sunet::ssh_keys { 'relay-keys':
       config => safe_hiera('relay_ssh_keys_mapping', {}),
       key_database_name => 'relay_ssh_keys_db'
     }
   }
}