- name: Copy stunnel4@ldap.socket
  copy: src=etc/systemd/system/stunnel4@ldap.socket
        dest=/etc/systemd/system/stunnel4@ldap.socket
        owner=root group=root
        mode=0644
  notify:
    - systemctl daemon-reload
    - Restart stunnel4@ldap.socket

- name: Create /etc/stunnel/certs
  file: path=/etc/stunnel/certs
        state=directory
        owner=root group=root
        mode=0755

- name: Copy the slapd X.509 certificate
  copy: src=certs/ldap/ldap.fripost.org.pem
        dest=/etc/stunnel/certs/ldap.pem
        owner=root group=root
        mode=0644
  notify:
    - Stop stunnel4@ldap.service

- name: Configure stunnel
  template: src=etc/stunnel/ldap.conf.j2
            dest=/etc/stunnel/ldap.conf
            owner=root group=root
            mode=0644
  notify:
    - Stop stunnel4@ldap.service

- name: Disable stunnel4@ldap.service
  service: name=stunnel4@ldap.service enabled=false

- name: Start stunnel4@ldap.socket socket
  service: name=stunnel4@ldap.socket state=started enabled=true