- name: Install stunnel
  apt: pkg=stunnel4

- name: Auto-enable stunnel
  lineinfile: dest=/etc/default/stunnel4
              regexp='^(\s*#)?\s*ENABLED='
              line='ENABLED=1'
              owner=root group=root
              mode=0644

- name: Create /etc/stunnel/certs
  file: path=/etc/stunnel/certs
        state=directory
        owner=root group=root
        mode=0755

- name: Copy the SMTP outgoing proxy's X.509 certificate
  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
            dest=/etc/stunnel/certs/postfix.pem
            owner=root group=root
            mode=0644
  register: r1
  notify:
    - Restart stunnel

- name: Configure stunnel
  template: src=etc/stunnel/postfix.conf.j2
            dest=/etc/stunnel/postfix.conf
            owner=root group=root
            mode=0644
  register: r2
  notify:
    - Restart stunnel

- name: Start stunnel
  service: name=stunnel4 pattern=/usr/bin/stunnel4 state=started
  when: not (r1.changed or r2.changed)

- meta: flush_handlers