buildd: fix lsbmajdistrelease calls

[mirror/dsa-puppet.git] / modules / rsync / manifests / site.pp

diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp
index 97dbb05..ab47a1a 100644 (file)
--- a/modules/rsync/manifests/site.pp
+++ b/modules/rsync/manifests/site.pp
@@ -3,7 +3,6 @@ define rsync::site (
        $bind6='',
        $source='',
        $content='',
-       $fname='',
        $max_clients=200,
        $ensure=present,
        $sslname='',
@@ -12,11 +11,7 @@ define rsync::site (
 
        include rsync
 
-       if ! $fname {
-               $fname_real = "/etc/rsyncd-${name}.conf"
-       } else {
-               $fname_real = $fname
-       }
+       $fname_real = "/etc/rsyncd-${name}.conf"
        case $ensure {
                present,absent: {}
                default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
@@ -69,7 +64,8 @@ define rsync::site (
 
        if $sslname != '' {
                file { "/etc/rsyncd-${name}-stunnel.conf":
-                       content => template('rsync/rsyncd-stunnel.conf.erb')
+                       content => template('rsync/rsyncd-stunnel.conf.erb'),
+                       require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
                }
                @ferm::rule { "rsync-${name}-ssl":
                        domain      => '(ip ip6)',
@@ -102,6 +98,13 @@ define rsync::site (
                                require     => File["/etc/rsyncd-${name}-stunnel.conf"],
                        }
                }
+
+               dnsextras::tlsa_record{ "tlsa-${sslname}-${sslport}":
+                       zone     => 'debian.org',
+                       certfile => [ "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt", "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt" ],
+                       port     => $sslport,
+                       hostname => "$sslname",
+               }
        }
 
        Service['rsync']->Service['xinetd']