From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 09:39:51 +0000 (+0200)
Subject: Move tlsa setup from mail_incoming_port to mta role
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=0419e52aab23ded081fc5f8e4e567ad9be84bd15;p=mirror%2Fdsa-puppet.git

Move tlsa setup from mail_incoming_port to mta role
---

diff --git a/modules/debian_org/manifests/mail_incoming_port.pp b/modules/debian_org/manifests/mail_incoming_port.pp
index e8db01d41..720e14fbe 100644
--- a/modules/debian_org/manifests/mail_incoming_port.pp
+++ b/modules/debian_org/manifests/mail_incoming_port.pp
@@ -15,11 +15,4 @@ class debian_org::mail_incoming_port {
 		domain      => 'ip6',
 		rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
 	}
-	$autocertdir = hiera('paths.auto_certs_dir')
-	dnsextras::tlsa_record{ 'tlsa-mailport':
-		zone     => 'debian.org',
-		certfile => "${autocertdir}/${::fqdn}.crt",
-		port     => $mail_port,
-		hostname => $::fqdn,
-	}
 }
diff --git a/modules/roles/manifests/mta.pp b/modules/roles/manifests/mta.pp
index a8a64c6e2..511a00b71 100644
--- a/modules/roles/manifests/mta.pp
+++ b/modules/roles/manifests/mta.pp
@@ -60,4 +60,12 @@ class roles::mta(
       port        => '25',
     }
   }
+
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-mailport':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => $mailport,
+    hostname => $::fqdn,
+  }
 }