From e0c4da9d3bc8bbf97f1839f36ce2abf3fb0e3c7c Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 11:43:35 +0200
Subject: [PATCH] Move TLSA for submission port from exim::mx role to the
 mailrelay role

---
 modules/exim/manifests/mx.pp         | 7 -------
 modules/roles/manifests/mailrelay.pp | 8 ++++++++
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index bcee6aa77..bf7fd5ebf 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -23,13 +23,6 @@ class exim::mx(
     notify => Service['exim4'],
   }
 
-  $autocertdir = hiera('paths.auto_certs_dir')
-  dnsextras::tlsa_record{ 'tlsa-submission':
-    zone     => 'debian.org',
-    certfile => "${autocertdir}/${::fqdn}.crt",
-    port     => 587,
-    hostname => $::fqdn,
-  }
   package { 'monitoring-plugins-standard':
     ensure => installed,
   }
diff --git a/modules/roles/manifests/mailrelay.pp b/modules/roles/manifests/mailrelay.pp
index 87b926351..6be074edc 100644
--- a/modules/roles/manifests/mailrelay.pp
+++ b/modules/roles/manifests/mailrelay.pp
@@ -37,4 +37,12 @@ class roles::mailrelay {
     port   => 'submission',
   }
   Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+
+  $autocertdir = hiera('paths.auto_certs_dir')
+  dnsextras::tlsa_record{ 'tlsa-submission':
+    zone     => 'debian.org',
+    certfile => "${autocertdir}/${::fqdn}.crt",
+    port     => 587,
+    hostname => $::fqdn,
+  }
 }
-- 
2.20.1