provider => systemd,
}
- @ferm::rule { "rsync-${name}-ssl":
+ ferm::rule { "rsync-${name}-ssl":
domain => '(ip ip6)',
description => 'Allow rsync access',
rule => '&SERVICE(tcp, 1873)',
}
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
zone => 'debian.org',
- certfile => [ "/srv/puppet.debian.org/from-letsencrypt/${sslname}.crt" ],
+ certfile => [ "${certdir}/${sslname}.crt" ],
port => 1873,
hostname => $sslname,
}