stop using virtual resources for ferm::rule

[mirror/dsa-puppet.git] / modules / debian_org / manifests / mail_incoming_port.pp

diff --git a/modules/debian_org/manifests/mail_incoming_port.pp b/modules/debian_org/manifests/mail_incoming_port.pp
index cbe9cb6..f74231f 100644 (file)
--- a/modules/debian_org/manifests/mail_incoming_port.pp
+++ b/modules/debian_org/manifests/mail_incoming_port.pp
@@ -5,19 +5,20 @@ class debian_org::mail_incoming_port {
                default: { $mail_port = '25' }
        }
 
-       @ferm::rule { 'dsa-mail':
+       ferm::rule { 'dsa-mail':
                description => 'Allow SMTP',
                rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
        }
 
-       @ferm::rule { 'dsa-mail-v6':
+       ferm::rule { 'dsa-mail-v6':
                description => 'Allow SMTP',
                domain      => 'ip6',
                rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
        }
+       $autocertdir = hiera('paths.auto_certs_dir')
        dnsextras::tlsa_record{ 'tlsa-mailport':
                zone     => 'debian.org',
-               certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+               certfile => "${autocertdir}/${::fqdn}.crt",
                port     => $mail_port,
                hostname => $::fqdn,
        }