generate TLSA record for our mailserver ports

[dsa-puppet.git] / modules / exim / manifests / init.pp

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 1fb18d6f985f410c057d286b90f6788b2373737e..10c449e704fc68ce020a3b49567f823cd68ea98c 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -146,11 +146,12 @@ class exim {
                domain      => 'ip6',
                rule        => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
        }
-       dnsextras::entry{ "tlsa-mailport":
+       dnsextras::tlsa_record{ "tlsa-mailport":
                zone => 'debian.org',
-               label => "_${mail_port}._tcp.${::fqdn}",
-               rrtype => 'TXT',
-               rrdata => 'testing' }
+               certfile => "/etc/puppet/modules/exim/files/certs/${::fqdn}.crt",
+               port => "$mail_port",
+               hostname => "$::fqdn",
+       }
 
        # Do we actually want this?  I'm only doing it because it's harmless
        # and makes the logs quiet.  There are better ways of making logs quiet,