X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fmailrelay.pp;h=6be074edcc01aec823f3cdbaf62cc5def2bf4cd3;hb=fa67a3c70b0ad6f46691ee1495dfa7f249143d52;hp=87b926351709fd6478b7631162dc798a57563cd2;hpb=cbfcf80b2071271178ab5cad24d575decf524c70;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp
index 87b926351..6be074edc 100644
--- a/modules/roles/manifests/mailrelay.pp
+++ b/modules/roles/manifests/mailrelay.pp
@@ -37,4 +37,12 @@ class roles::mailrelay {
     port   => 'submission',
   }
   Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-submission':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => 587,
+    hostname => $::fqdn,
+  }
 }