provider => systemd,
}
- @ferm::rule { "rsync-${name}-ssl":
+ ferm::rule { "rsync-${name}-ssl":
domain => '(ip ip6)',
description => 'Allow rsync access',
rule => '&SERVICE(tcp, 1873)',
}
+ $certdir = hiera('paths.letsencrypt_dir')
dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
zone => 'debian.org',
- certfile => [
- "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt",
- "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt",
- ],
+ certfile => [ "${certdir}/${sslname}.crt" ],
port => 1873,
hostname => $sslname,
}