maybe TLSA records for XMPP stuff

author Peter Palfrader <peter@palfrader.org>

Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)

committer Peter Palfrader <peter@palfrader.org>

Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)
author Peter Palfrader <peter@palfrader.org>
Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)
committer Peter Palfrader <peter@palfrader.org>
Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)
diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp

index 7543670..0456075 100644 (file)
--- a/modules/roles/manifests/rtc.pp
+++ b/modules/roles/manifests/rtc.pp
@@ -6,6 +6,13 @@ class roles::rtc {
         ssl::service { 'sip-ws.debian.org':
         }
  
+       dnsextras::tlsa_record{ 'tlsa-xmpp':
+               zone     => 'debian.org',
+               certfile => "/etc/puppet/modules/ssl/files/servicecerts/www.debian.org.crt",
+               port     => [5061, 5222, 5269],
+               hostname => $::fqdn,
+       }
+
         @ferm::rule { 'dsa-xmpp-client-ip4':
                 domain      => 'ip',
                 description => 'XMPP connections (client to server)',
author	Peter Palfrader <peter@palfrader.org>
	Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Thu, 5 Nov 2015 18:55:40 +0000 (19:55 +0100)