projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Notify prosody when its certificates change
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
mta.pp
diff --git
a/modules/roles/manifests/mta.pp
b/modules/roles/manifests/mta.pp
index
a8a64c6
..
22fbb66
100644
(file)
--- a/
modules/roles/manifests/mta.pp
+++ b/
modules/roles/manifests/mta.pp
@@
-32,11
+32,7
@@
class roles::mta(
if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
# a mail satellite. Gets mail via the mailrelays and sends out mail via the mail relays
if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
# a mail satellite. Gets mail via the mailrelays and sends out mail via the mail relays
- @@concat::fragment { "manualroute-to-${::fqdn}":
- tag => 'exim::manualroute::to::mailrelay',
- target => '/etc/exim4/manualroute',
- content => "${::fqdn}: ${::fqdn}::${mailport}",
- }
+ exim::manualroute{ $::fqdn: }
@@ferm::rule::simple { "submission-from-${::fqdn}":
tag => 'smtp::server::submission::to::mail-relay',
@@ferm::rule::simple { "submission-from-${::fqdn}":
tag => 'smtp::server::submission::to::mail-relay',
@@
-55,9
+51,14
@@
class roles::mta(
fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
}
fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
}
- ferm::rule::simple { 'dsa-smtp':
- description => 'Allow smtp access from the world',
- port => '25',
- }
+ # firewall allow is done by the exim::mx class
+ }
+
+ $autocertdir = hiera('paths.auto_certs_dir')
+ dnsextras::tlsa_record{ 'tlsa-mailport':
+ zone => 'debian.org',
+ certfile => "${autocertdir}/${::fqdn}.crt",
+ port => $mailport,
+ hostname => $::fqdn,
}
}
}
}