1 files changed, 33 insertions, 9 deletions

diff --git a/roles/webmail/tasks/mail.yml b/roles/webmail/tasks/mail.yml
index e2dea38..7603a56 100644
--- a/roles/webmail/tasks/mail.yml
+++ b/roles/webmail/tasks/mail.yml
@@ -1,15 +1,39 @@
-- name: Install Postfix
-  apt: pkg=postfix
+- name: Install stunnel
+  apt: pkg=stunnel4
 
-- name: Configure Postfix
-  template: src=etc/postfix/main.cf.j2
-            dest=/etc/postfix-{{ postfix_instance[inst].name }}/main.cf
+- name: Auto-enable stunnel
+  lineinfile: dest=/etc/default/stunnel4
+              regexp='^(\s*#)?\s*ENABLED='
+              line='ENABLED=1'
+              owner=root group=root
+              mode=0644
+
+- name: Create /etc/stunnel/certs
+  file: path=/etc/stunnel/certs
+        state=directory
+        owner=root group=root
+        mode=0755
+
+- name: Copy the SMTP outgoing proxy's X.509 certificate
+  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
+            dest=/etc/stunnel/certs/postfix.pem
             owner=root group=root
             mode=0644
+  register: r1
   notify:
-    - Reload Postfix
+    - Restart stunnel
 
-- meta: flush_handlers
+- name: Configure stunnel
+  template: src=etc/stunnel/postfix.conf.j2
+            dest=/etc/stunnel/postfix.conf
+            owner=root group=root
+            mode=0644
+  register: r2
+  notify:
+    - Restart stunnel
 
-- name: Start Postfix
-  service: name=postfix state=started
+- name: Start stunnel
+  service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
+  when: not (r1.changed or r2.changed)
+
+- meta: flush_handlers