diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-06-05 17:30:00 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-06-05 17:33:25 +0200 |
| commit | 17d7427e0bc5e61ee10e28cbc5cba5b8a7566d58 (patch) | |
| tree | 00dc894e22ab7221e908faeac98095835b0a0782 /roles/common/tasks | |
| parent | 57e40efc54c230566fd5f6bd10d25692709909b7 (diff) | |
Use stunnel to secure the connection from the webmail to ldap.fripost.org.
We should use IPSec instead, but doing so would force us to weaken
slapd.conf's ‘security’ setting.
Diffstat (limited to 'roles/common/tasks')
| -rw-r--r-- | roles/common/tasks/main.yml | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 04681bd..e419bf3 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,37 +1,38 @@ --- - include: sysctl.yml tags: sysctl - include: hosts.yml - include: apt.yml tags: apt - name: Install intel-microcode apt: pkg=intel-microcode when: "ansible_processor[0] | search('^(Genuine)?Intel.*') and not (ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen')" tags: intel - include: firewall.yml tags: - firewall - iptables - include: stunnel.yml tags: stunnel + when: "'webmail' in group_names and ('LDAP-provider' not in group_names or 'out' not in group_names)" - include: samhain.yml tags: samhain - include: auditd.yml tags: auditd - include: rkhunter.yml tags: rkhunter - include: clamav.yml tags: clamav - include: fail2ban.yml tags: fail2ban - include: smart.yml tags: - smartmontools - smart when: "not ((ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'xen') or ansible_system_vendor == 'QEMU')" - include: haveged.yml tags: - haveged - entropy - name: Copy genkeypair.sh and gendhparam.sh |