summaryrefslogtreecommitdiffstats
path: root/roles/webmail/tasks
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2020-05-18 15:51:54 +0200
committerGuilhem Moulin <guilhem@fripost.org>2020-05-18 15:51:54 +0200
commit42df93debccbcb1a18cd377b6de0b5b20527312f (patch)
treeacb669efd9b6f9d0d80e9563d2940192b3753925 /roles/webmail/tasks
parentf3e90041c28a74c94d06f419889691f533422c2f (diff)
stunnel4: Harden and socket-activate.
Diffstat (limited to 'roles/webmail/tasks')
-rw-r--r--roles/webmail/tasks/ldap.yml32
1 files changed, 19 insertions, 13 deletions
diff --git a/roles/webmail/tasks/ldap.yml b/roles/webmail/tasks/ldap.yml
index 4abbd3a..f0b461c 100644
--- a/roles/webmail/tasks/ldap.yml
+++ b/roles/webmail/tasks/ldap.yml
@@ -1,3 +1,12 @@
+- name: Copy stunnel4@ldap.socket
+ copy: src=etc/systemd/system/stunnel4@ldap.socket
+ dest=/etc/systemd/system/stunnel4@ldap.socket
+ owner=root group=root
+ mode=0644
+ notify:
+ - systemctl daemon-reload
+ - Restart stunnel4@ldap.socket
+
- name: Create /etc/stunnel/certs
file: path=/etc/stunnel/certs
state=directory
@@ -9,22 +18,19 @@
dest=/etc/stunnel/certs/ldap.pem
owner=root group=root
mode=0644
- register: r1
notify:
- - Restart stunnel@ldap
+ - Stop stunnel4@ldap.service
- name: Configure stunnel
- copy: src=etc/stunnel/ldap.conf
- dest=/etc/stunnel/ldap.conf
- owner=root group=root
- mode=0644
- register: r2
+ template: src=etc/stunnel/ldap.conf.j2
+ dest=/etc/stunnel/ldap.conf
+ owner=root group=root
+ mode=0644
notify:
- - Restart stunnel@ldap
+ - Stop stunnel4@ldap.service
-- name: Enable stunnel@ldap
- service: name=stunnel4@ldap enabled=yes
+- name: Disable stunnel4@ldap.service
+ service: name=stunnel4@ldap.service enabled=false
-- name: Start stunnel@ldap
- service: name=stunnel4@ldap state=started
- when: not (r1.changed or r2.changed)
+- name: Start stunnel4@ldap.socket socket
+ service: name=stunnel4@ldap.socket state=started enabled=true