Move tlsa setup from mail_incoming_port to mta role

[mirror/dsa-puppet.git] / modules / roles / manifests / mta.pp

diff --git a/modules/roles/manifests/mta.pp b/modules/roles/manifests/mta.pp
index a8a64c6..511a00b 100644 (file)
--- a/modules/roles/manifests/mta.pp
+++ b/modules/roles/manifests/mta.pp
@@ -60,4 +60,12 @@ class roles::mta(
       port        => '25',
     }
   }
+
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-mailport':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => $mailport,
+    hostname => $::fqdn,
+  }
 }