Add autorestart config

set show_diff to false for all private key resources

manifests/config.pp

@@ -121,6 +121,8 @@
         'signaturealgorithm'   => $opendkim::signaturealgorithm,
         'minimumkeybits'       => $opendkim::minimumkeybits,
         'additional_options'   => $opendkim::additional_options,
+        'autorestart'          => $opendkim::autorestart,
+        'autorestartrate'      => $opendkim::autorestartrate,
     }),
   }
 
@@ -137,11 +139,12 @@
   if $opendkim::alldomain {
     if $opendkim::manage_private_keys == true {
       file { "${opendkim::configdir}/keys/${opendkim::selector}":
-        ensure  => file,
-        content => $opendkim::privatekey,
-        owner   => 'root',
-        group   => $opendkim::group,
-        mode    => '0640',
+        ensure    => file,
+        content   => $opendkim::privatekey,
+        owner     => 'root',
+        group     => $opendkim::group,
+        mode      => '0640',
+        show_diff => false,
       }
     }
 
@@ -191,11 +194,12 @@
 
       if $opendkim::manage_private_keys == true {
         file { "${opendkim::configdir}/keys/${key['domain']}/${key['selector']}":
-          ensure  => 'file',
-          content => $key['privatekey'],
-          owner   => $opendkim::user,
-          group   => $opendkim::group,
-          mode    => '0600',
+          ensure    => 'file',
+          content   => $key['privatekey'],
+          owner     => $opendkim::user,
+          group     => $opendkim::group,
+          mode      => '0600',
+          show_diff => false,
         }
       }
 

manifests/init.pp

@@ -91,6 +91,10 @@
 #   The privatekey used for signing in alldomain mode.
 # @param hash_algorithms
 #   The hash_algorithms used for signing in alldomain mode.
+# @param autorestart
+#   Either boolean or yes/no as to whether opendkim should restart on failure
+# @param autorestartrate
+#   The rate limit on auto restarting
 #
 # @see Please see the README.md
 class opendkim (
@@ -139,6 +143,8 @@
   Optional[String[1]]             $publickeyextended    = undef,
   Optional[String[1]]             $privatekey           = undef,
   Optional[String[1]]             $hash_algorithms      = undef,
+  Optional[Variant[Boolean,Enum['yes','no']]] $autorestart            = undef,
+  Optional[Pattern[/\A[0-9]+\/[0-9]+[sSmMhHdD]\z/]] $autorestartrate  = undef,
 ) {
   contain opendkim::install
   contain opendkim::user

templates/etc/opendkim.conf.epp

@@ -17,10 +17,21 @@
       Optional[Array[String,1]] $senderheaders,
       Optional[String[1]] $signaturealgorithm,
       Optional[Integer[1]] $minimumkeybits,
-      Hash[String,Variant[Array[String],String,Integer,Boolean]] $additional_options
+      Hash[String,Variant[Array[String],String,Integer,Boolean]] $additional_options,
+      Variant[Boolean,Enum['yes','no']] $autorestart,
+      Optional[Pattern[/\A[0-9]+\/[0-9]+[sSmMhHdD]\z/]] $autorestartrate
 | -%>
 # THIS FILE IS MANAGED BY PUPPET
 
+<% if $autorestart { -%>
+# Auto restart the filter on failures
+AutoRestart <%= $autorestart ? { true => 'yes', false => 'no', default => $autorestart } %>
+<% } -%>
+<% if $autorestartrate { -%>
+# Maximum restart rate
+AutoRestartRate <%= $autorestartrate %>
+<% } -%>
+
 # Specifies the path to the process ID file.
 PidFile <%= $pidfile %>