summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP-proxy/tasks')
-rw-r--r--roles/IMAP-proxy/tasks/main.yml13
1 files changed, 11 insertions, 2 deletions
diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml
index 41bb7a3..2ddba96 100644
--- a/roles/IMAP-proxy/tasks/main.yml
+++ b/roles/IMAP-proxy/tasks/main.yml
@@ -56,34 +56,43 @@
- name: Create /etc/stunnel/certs
file: path=/etc/stunnel/certs
state=directory
owner=root group=root
mode=0755
- name: Copy Dovecot's X.509 certificate
# XXX: it's unfortunate that we have to store the whole CA chain...
# for some reason stunnel's level 4 "verify" (CA chain and only verify
# peer certificate) doesn't always work:
# https://www.stunnel.org/pipermail/stunnel-users/2013-July/004249.html
assemble: src=certs/dovecot
remote_src=no
dest=/etc/stunnel/certs/imap.fripost.org.pem
owner=root group=root
mode=0644
register: r1
notify:
- Restart stunnel
+- name: Copy slapd's X.509 certificate
+ copy: src=certs/ldap/ldap.fripost.org.pem
+ dest=/etc/stunnel/certs/ldap.fripost.org.pem
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart stunnel
+
- name: Configure stunnel
copy: src=etc/stunnel/stunnel.conf
dest=/etc/stunnel/stunnel.conf
owner=root group=root
mode=0644
- register: r2
+ register: r3
notify:
- Restart stunnel
- name: Start stunnel
service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
- when: not (r1.changed or r2.changed)
+ when: not (r1.changed or r2.changed or r3.changed)
- meta: flush_handlers
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-25 23:39:41 +0000