X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fexim%2Fmanifests%2Fmx.pp;h=f719e628c2c996c95b89ef2f9c1f0c8970fc904a;hb=1070137fdc4e4594d6ad4bfef27f696d5f209147;hp=c1b4fdbca3afc289dac07dbf90749fa0d04c34e3;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index c1b4fdbca..f719e628c 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -13,14 +13,23 @@ class exim::mx inherits exim {
 		notify  => Service['exim4'],
 	}
 
+	# MXs used as smarthosts
 	@ferm::rule { 'dsa-exim-submission':
 		description => 'Allow SMTP',
-		rule        => '&SERVICE_RANGE(tcp, submission, \$SMTP_SOURCES)'
+		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
 	}
 	@ferm::rule { 'dsa-exim-v6-submission':
 		description => 'Allow SMTP',
 		domain      => 'ip6',
-		rule        => '&SERVICE_RANGE(tcp, submission, \$SMTP_V6_SOURCES)',
+		rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
+	}
+	dnsextras::tlsa_record{ "tlsa-submission":
+		zone => 'debian.org',
+		certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+		port => 587,
+		hostname => "$::fqdn",
+	}
+	package { 'nagios-plugins-standard':
+		ensure => installed,
 	}
-
 }