Stop hardcoding /srv/puppet.debian.org/from-letsencrypt/ all over the place

[mirror/dsa-puppet.git] / modules / ssl / manifests / service.pp

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index c507351..069df0a 100644 (file)
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -48,9 +48,10 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
 
        if (size($tlsaports) > 0 and $ssl_ensure == "present") {
                $portlist = join($tlsaports, "-")
+               $certdir = hiera('paths.letsencrypt_dir')
                dnsextras::tlsa_record{ "tlsa-${name}-${portlist}":
                        zone     => 'debian.org',
-                       certfile => [ "/srv/puppet.debian.org/from-letsencrypt/${name}.crt" ],
+                       certfile => [ "${certdir}/${name}.crt" ],
                        port     => $tlsaport,
                        hostname => "$name",
                }