Enable lingering for the contributors user

[mirror/dsa-puppet.git] / modules / roles / manifests / mta.pp

diff --git a/modules/roles/manifests/mta.pp b/modules/roles/manifests/mta.pp
index a8a64c6..22fbb66 100644 (file)
--- a/modules/roles/manifests/mta.pp
+++ b/modules/roles/manifests/mta.pp
@@ -32,11 +32,7 @@ class roles::mta(
   if $mxdata and $mxdata.any |$item| { $item =~ /INCOMING-MX/ } {
     # a mail satellite.  Gets mail via the mailrelays and sends out mail via the mail relays
 
-    @@concat::fragment { "manualroute-to-${::fqdn}":
-      tag     => 'exim::manualroute::to::mailrelay',
-      target  => '/etc/exim4/manualroute',
-      content => "${::fqdn}:   ${::fqdn}::${mailport}",
-    }
+    exim::manualroute{ $::fqdn: }
 
     @@ferm::rule::simple { "submission-from-${::fqdn}":
       tag   => 'smtp::server::submission::to::mail-relay',
@@ -55,9 +51,14 @@ class roles::mta(
       fail('We are not an exim::mx (or a postfix) yet do not have set our MXs to INCOMING-MX.')
     }
 
-    ferm::rule::simple { 'dsa-smtp':
-      description => 'Allow smtp access from the world',
-      port        => '25',
-    }
+    # firewall allow is done by the exim::mx class
+  }
+
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-mailport':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => $mailport,
+    hostname => $::fqdn,
   }
 }