X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=ee096196d7b34f666017dfcd06e7eeaec4222588;hb=225f9f1650b942977fc3e9f5a2e3826108d2b43f;hp=54f1933b3c5c3586e801319da3b1fd91fe429776;hpb=f833a1c122597f80da4d4095cae8d7d5bd852a7a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 54f1933b3..ee096196d 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -1,6 +1,7 @@
 class exim::mx inherits exim {
 	include clamav
 	include postgrey
+	include fail2ban::exim
 
 	file { '/etc/exim4/ccTLD.txt':
 		source => 'puppet:///modules/exim/common/ccTLD.txt',
@@ -23,9 +24,10 @@ class exim::mx inherits exim {
 		domain      => 'ip6',
 		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
 	}
+	$autocertdir = hiera('paths.auto_certs_dir')
 	dnsextras::tlsa_record{ "tlsa-submission":
 		zone => 'debian.org',
-		certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+		certfile => "${autocertdir}/${::fqdn}.crt",
 		port => 587,
 		hostname => "$::fqdn",
 	}
@@ -34,12 +36,12 @@ class exim::mx inherits exim {
 	}
 
 	if has_role('mailrelay') {
-		file { '/etc/cron.d/dsa-email-virtualdomains':
-			source => 'puppet:///modules/exim/dsa-email-virtualdomains.cron',
-		}
-	} else {
-		file { '/etc/cron.d/dsa-email-virtualdomains':
-			ensure => absent,
+		concat::fragment { 'dsa-puppet-stuff--email-virtualdomains':
+			target => '/etc/cron.d/dsa-puppet-stuff',
+			content  => @(EOF)
+				@hourly  root if [ ! -d /etc/exim4/email-virtualdomains ]; then cd /etc/exim4 && git clone mail-git:email-virtualdomains ; fi && cd /etc/exim4/email-virtualdomains && git pull --quiet --ff-only
+				| EOF
 		}
 	}
+	file { '/etc/cron.d/dsa-email-virtualdomains': ensure => absent, }
 }