From e16d5f1dc188dc4c6fae79c4438190daaca0a1cf Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 3 Oct 2017 08:55:52 +0200
Subject: [PATCH] Use a template to get from-letsencrypt cert key, and no
 longer support getting keys from files/keys (which no longer exists anyhow)

---
 modules/ssl/manifests/service.pp | 2 +-
 modules/ssl/templates/key.erb    | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 modules/ssl/templates/key.erb

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index f01a75c5e..eeeec9273 100644
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -31,7 +31,7 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = [], $key = fal
 			ensure => $ssl_ensure,
 			mode   => '0440',
 			group => 'ssl-cert',
-			source => [ "puppet:///modules/ssl/keys/${name}.crt", "puppet:///modules/ssl/from-letsencrypt/${name}.key" ],
+			content => template('ssl/key.erb'),
 			notify => [ $notify ],
 			links  => follow,
 		}
diff --git a/modules/ssl/templates/key.erb b/modules/ssl/templates/key.erb
new file mode 100644
index 000000000..29f969b37
--- /dev/null
+++ b/modules/ssl/templates/key.erb
@@ -0,0 +1,5 @@
+<%=
+  fn = "/srv/puppet.torproject.org/from-letsencrypt/#{@name}.key"
+  out = File.read(fn)
+  out
+%>
-- 
2.20.1