rsync::site: typecheck $ensure parameter

[mirror/dsa-puppet.git] / modules / rsync / manifests / site.pp

diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp
index 7549694..c762d6d 100644 (file)
--- a/modules/rsync/manifests/site.pp
+++ b/modules/rsync/manifests/site.pp
@@ -3,7 +3,7 @@ define rsync::site (
        $source=undef,
        $content=undef,
        $max_clients=200,
-       $ensure=present,
+       Enum['present','absent'] $ensure = 'present',
        $sslname=undef,
 ) {
        include rsync
@@ -11,11 +11,6 @@ define rsync::site (
        $fname_real_rsync = "/etc/rsyncd-${name}.conf"
        $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
 
-       case $ensure {
-               present,absent: {}
-               default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
-       }
-
        $ensure_service = $ensure ? {
                present => running,
                absent  => stopped,
@@ -112,18 +107,16 @@ define rsync::site (
                        provider => systemd,
                }
 
-               @ferm::rule { "rsync-${name}-ssl":
+               ferm::rule { "rsync-${name}-ssl":
                        domain      => '(ip ip6)',
                        description => 'Allow rsync access',
                        rule        => '&SERVICE(tcp, 1873)',
                }
 
+               $certdir = hiera('paths.letsencrypt_dir')
                dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
                        zone     => 'debian.org',
-                       certfile => [
-                               "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt",
-                               "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt",
-                       ],
+                       certfile => [ "${certdir}/${sslname}.crt" ],
                        port     => 1873,
                        hostname => $sslname,
                }