From: Julien Cristau <jcristau@debian.org>
Date: Tue, 3 Oct 2017 07:51:00 +0000 (+0200)
Subject: Add tls key for gobby server
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e6ea8cb86c1454794965ad991da3b620ff720a85;p=mirror%2Fdsa-puppet.git

Add tls key for gobby server

This should remove the need to rotate it manually.
---

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 45ca3a5b4..f9f14f16f 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -247,6 +247,13 @@ class roles {
 
 	if has_role('gobby_debian_org') {
 		ssl::service { 'gobby.debian.org': notify  => Exec['service apache2 reload'], key => true, tlsaport => [443, 6523], }
+		file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
+			ensure => present,
+			mode => '0440',
+			group => 'gobby',
+			source => 'puppet:///modules/ssl/from-letsencrypt/gobby.debian.org.key',
+			links => follow,
+		}
 	}
 
 	if has_role('search_backend') {