diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2020-05-18 15:51:54 +0200 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2020-05-18 15:51:54 +0200 |
commit | 42df93debccbcb1a18cd377b6de0b5b20527312f (patch) | |
tree | acb669efd9b6f9d0d80e9563d2940192b3753925 /roles/webmail/tasks | |
parent | f3e90041c28a74c94d06f419889691f533422c2f (diff) |
stunnel4: Harden and socket-activate.
Diffstat (limited to 'roles/webmail/tasks')
-rw-r--r-- | roles/webmail/tasks/ldap.yml | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/roles/webmail/tasks/ldap.yml b/roles/webmail/tasks/ldap.yml index 4abbd3a..f0b461c 100644 --- a/roles/webmail/tasks/ldap.yml +++ b/roles/webmail/tasks/ldap.yml @@ -1,3 +1,12 @@ +- name: Copy stunnel4@ldap.socket + copy: src=etc/systemd/system/stunnel4@ldap.socket + dest=/etc/systemd/system/stunnel4@ldap.socket + owner=root group=root + mode=0644 + notify: + - systemctl daemon-reload + - Restart stunnel4@ldap.socket + - name: Create /etc/stunnel/certs file: path=/etc/stunnel/certs state=directory @@ -9,22 +18,19 @@ dest=/etc/stunnel/certs/ldap.pem owner=root group=root mode=0644 - register: r1 notify: - - Restart stunnel@ldap + - Stop stunnel4@ldap.service - name: Configure stunnel - copy: src=etc/stunnel/ldap.conf - dest=/etc/stunnel/ldap.conf - owner=root group=root - mode=0644 - register: r2 + template: src=etc/stunnel/ldap.conf.j2 + dest=/etc/stunnel/ldap.conf + owner=root group=root + mode=0644 notify: - - Restart stunnel@ldap + - Stop stunnel4@ldap.service -- name: Enable stunnel@ldap - service: name=stunnel4@ldap enabled=yes +- name: Disable stunnel4@ldap.service + service: name=stunnel4@ldap.service enabled=false -- name: Start stunnel@ldap - service: name=stunnel4@ldap state=started - when: not (r1.changed or r2.changed) +- name: Start stunnel4@ldap.socket socket + service: name=stunnel4@ldap.socket state=started enabled=true |