From e6ea8cb86c1454794965ad991da3b620ff720a85 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 3 Oct 2017 09:51:00 +0200
Subject: [PATCH] Add tls key for gobby server

This should remove the need to rotate it manually.
---
 modules/roles/manifests/init.pp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 45ca3a5b4..f9f14f16f 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -247,6 +247,13 @@ class roles {
 
 	if has_role('gobby_debian_org') {
 		ssl::service { 'gobby.debian.org': notify  => Exec['service apache2 reload'], key => true, tlsaport => [443, 6523], }
+		file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
+			ensure => present,
+			mode => '0440',
+			group => 'gobby',
+			source => 'puppet:///modules/ssl/from-letsencrypt/gobby.debian.org.key',
+			links => follow,
+		}
 	}
 
 	if has_role('search_backend') {
-- 
2.20.1