X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Frsync%2Fmanifests%2Fsite.pp;h=ab47a1ad3ebe66d3667c1fb97242fdc6d4d14a9f;hb=a5c5dfdd9e59822c957607e93e9330774704601d;hp=97dbb05d872f40139c6ba6777c58cc9ab30d0fad;hpb=94eb0fe06f5deafe086b3f6f18bfd5aab2a6e069;p=mirror%2Fdsa-puppet.git

diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp
index 97dbb05d8..ab47a1ad3 100644
--- a/modules/rsync/manifests/site.pp
+++ b/modules/rsync/manifests/site.pp
@@ -3,7 +3,6 @@ define rsync::site (
 	$bind6='',
 	$source='',
 	$content='',
-	$fname='',
 	$max_clients=200,
 	$ensure=present,
 	$sslname='',
@@ -12,11 +11,7 @@ define rsync::site (
 
 	include rsync
 
-	if ! $fname {
-		$fname_real = "/etc/rsyncd-${name}.conf"
-	} else {
-		$fname_real = $fname
-	}
+	$fname_real = "/etc/rsyncd-${name}.conf"
 	case $ensure {
 		present,absent: {}
 		default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
@@ -69,7 +64,8 @@ define rsync::site (
 
 	if $sslname != '' {
 		file { "/etc/rsyncd-${name}-stunnel.conf":
-			content => template('rsync/rsyncd-stunnel.conf.erb')
+			content => template('rsync/rsyncd-stunnel.conf.erb'),
+			require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
 		}
 		@ferm::rule { "rsync-${name}-ssl":
 			domain      => '(ip ip6)',
@@ -102,6 +98,13 @@ define rsync::site (
 				require     => File["/etc/rsyncd-${name}-stunnel.conf"],
 			}
 		}
+
+		dnsextras::tlsa_record{ "tlsa-${sslname}-${sslport}":
+			zone     => 'debian.org',
+			certfile => [ "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt", "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt" ],
+			port     => $sslport,
+			hostname => "$sslname",
+		}
 	}
 
 	Service['rsync']->Service['xinetd']