X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=cddf405cebaa52694e3fbc83675de0196bdd2d2e;hb=7cd792d848686c9ac7fb5b71e1045b691abdc315;hp=3c40623d64826184ac0dfc7c0b6bc577464e137a;hpb=108cf6c59c96238bc76eb2150632e21c2c6d3e26;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 3c40623d6..cddf405ce 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -23,13 +23,24 @@ class exim::mx inherits exim {
 		domain      => 'ip6',
 		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
 	}
-	dnsextras::entry{ "tlsa-submission":
+	$autocertdir = hiera('paths.auto_certs_dir')
+	dnsextras::tlsa_record{ "tlsa-submission":
 		zone => 'debian.org',
-		label => "_587._tcp.${::fqdn}",
-		rrtype => 'TXT',
-		rrdata => 'testing' }
-
+		certfile => "${autocertdir}/${::fqdn}.crt",
+		port => 587,
+		hostname => "$::fqdn",
+	}
 	package { 'nagios-plugins-standard':
 		ensure => installed,
 	}
+
+	if has_role('mailrelay') {
+		concat::fragment { 'dsa-puppet-stuff--email-virtualdomains':
+			target => '/etc/cron.d/dsa-puppet-stuff',
+			content  => @(EOF)
+				@hourly  root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
+				| EOF
+		}
+	}
+	file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
 }