class roles::rtc {
ssl::service { 'www.debian.org':
+ tlsaport => 0,
}
ssl::service { 'sip-ws.debian.org':
}
- concat { '/etc/repro/www.debian.org-chained.crt':
- }
- concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
- target => '/etc/repro/www.debian.org-chained.crt',
- source => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
- order => 00,
- require => File['/etc/ssl/debian/certs/www.debian.org.crt'],
- }
- concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
- target => '/etc/repro/www.debian.org-chained.crt',
- source => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
- order => 99,
- require => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
- }
-
- concat { '/etc/repro/sip-ws.debian.org-chained.crt':
- }
- concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
- target => '/etc/repro/sip-ws.debian.org-chained.crt',
- source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
- order => 00,
- require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
- }
- concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
- target => '/etc/repro/sip-ws.debian.org-chained.crt',
- source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
- order => 99,
- require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
+ dnsextras::tlsa_record{ 'tlsa-xmpp':
+ zone => 'debian.org',
+ certfile => "/etc/puppet/modules/ssl/files/servicecerts/www.debian.org.crt",
+ port => [5061, 5222, 5269],
+ hostname => $::fqdn,
}
@ferm::rule { 'dsa-xmpp-client-ip4':
description => 'RTP streams',
rule => 'proto udp dport (49152:65535) ACCEPT'
}
+
+ file { '/etc/monit/monit.d/50rtc':
+ ensure => absent,
+ }
}
projects / dsa-puppet.git / blobdiff