- name: Create /etc/stunnel/certs
  file: path=/etc/stunnel/certs
        state=directory
        owner=root group=root
        mode=0755

- name: Copy the SMTP outgoing proxy's X.509 certificate
  assemble: src=certs/postfix regexp="{{ groups.out | difference([inventory_hostname]) | join('|') }}\.pem$" remote_src=no
            dest=/etc/stunnel/certs/smtp.pem
            owner=root group=root
            mode=0644
  register: r1
  notify:
    - Restart stunnel@smtp

- name: Configure stunnel
  template: src=etc/stunnel/smtp.conf.j2
            dest=/etc/stunnel/smtp.conf
            owner=root group=root
            mode=0644
  register: r2
  notify:
    - Restart stunnel@smtp

- name: Enable stunnel@smtp
  service: name=stunnel4@smtp enabled=yes

- name: Start stunnel@smtp
  service: name=stunnel4@smtp state=started
  when: not (r1.changed or r2.changed)

- meta: flush_handlers