summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP-proxy/tasks')
-rw-r--r--roles/IMAP-proxy/tasks/main.yml46
1 files changed, 46 insertions, 0 deletions
diff --git a/roles/IMAP-proxy/tasks/main.yml b/roles/IMAP-proxy/tasks/main.yml
index bb6e5be..73a0dee 100644
--- a/roles/IMAP-proxy/tasks/main.yml
+++ b/roles/IMAP-proxy/tasks/main.yml
@@ -40,3 +40,49 @@
when: not r.changed
- meta: flush_handlers
+
+
+- name: Install stunnel
+ apt: pkg=stunnel4
+
+- name: Auto-enable stunnel
+ lineinfile: dest=/etc/default/stunnel4
+ regexp='^(\s*#)?\s*ENABLED='
+ line='ENABLED=1'
+ owner=root group=root
+ mode=0644
+
+- name: Create /etc/stunnel/certs
+ file: path=/etc/stunnel/certs
+ state=directory
+ owner=root group=root
+ mode=0755
+
+- name: Copy Dovecot's X.509 certificate
+ # XXX: it's unfortunate that we have to store the whole CA chain...
+ # for some reason stunnel's level 4 "verify" (CA chain and only verify
+ # peer certificate) doesn't always work:
+ # https://www.stunnel.org/pipermail/stunnel-users/2013-July/004249.html
+ assemble: src=certs/dovecot
+ remote_src=no
+ dest=/etc/stunnel/certs/imap.fripost.org.pem
+ owner=root group=root
+ mode=0644
+ register: r1
+ notify:
+ - Restart stunnel
+
+- name: Configure stunnel
+ copy: src=etc/stunnel/stunnel.conf
+ dest=/etc/stunnel/stunnel.conf
+ owner=root group=root
+ mode=0644
+ register: r2
+ notify:
+ - Restart stunnel
+
+- name: Start stunnel
+ service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
+ when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers