set TLSA port to 0 in preparation of cert roll for buildd, contributors, ftp-master...

[mirror/dsa-puppet.git] / modules / roles / manifests / init.pp

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index e7369d4..badf9a4 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -20,6 +20,7 @@ class roles {
        #       include nagios::server
                ssl::service { 'nagios.debian.org':
                        notify  => Exec['service apache2 reload'],
+                       tlsaport => 0,
                }
        }
 
@@ -58,6 +59,7 @@ class roles {
        if has_role('api.ftp-master') {
                ssl::service { 'api.ftp-master.debian.org':
                        notify  => Exec['service apache2 reload'],
+                       key => true,
                }
        }
 
@@ -91,7 +93,6 @@ class roles {
        if has_role('people') {
                ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
                onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
-               apache2::pin { 'people.debian.org': }
        }
 
        if has_role('security_master') {