Skip to content
Snippets Groups Projects
Commit 65084a5d authored by nimrod's avatar nimrod
Browse files

Added stunnel installation.

parent fe8619e3
No related branches found
No related tags found
No related merge requests found
......@@ -33,3 +33,8 @@
service:
name: systemd-timesyncd
state: restarted
- name: Restart stunnel
service:
name: '{{ stunnel_server[ansible_os_family] }}'
state: restarted
......@@ -56,5 +56,8 @@
- include: lock_root.yml
when: lock_root|default(True) and not common_role_finished is defined
- include: stunnel.yml
when: stunnel|default(True) and not common_role_finished is defined
- set_fact:
common_role_finished: True
---
- assert:
that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
- name: apt install stunnel
when: ansible_pkg_mgr == 'apt'
apt:
name: stunnel4
state: present
update_cache: yes
cache_valid_time: 3600
- name: pkg install stunnel
when: ansible_pkg_mgr == 'openbsd_pkg'
openbsd_pkg:
name: '{{ openbsd_stunnel_version[ansible_os_family] }}'
state: present
- name: Configure stunnel
with_dict:
syslog: yes
key: '{{ tls_key_path }}'
cert: '{{ tls_cert_path }}'
CAfile: '{{ ca_store[ansible_os_family] }}'
ciphers: '!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:AES256+ECDH:AES128:+SHA1'
options: NO_SSLv2
options: NO_SSLv3
lineinfile:
dest: /etc/stunnel/stunnel.conf
line: '{{ item.key }} = {{ item.value }}'
regexp: '^{{ item.key }} ='
state: present
notify:
- Restart stunnel
- name: Allow stunnel to access the TLS key
user:
name: '{{ stunnel_user[ansible_os_family] }}'
groups: ssl-cert
append: yes
state: present
notify:
- Restart stunnel
......@@ -31,7 +31,16 @@ openbsd_collectd_version:
'5.7': 'collectd-5.4.1p1'
'5.8': 'collectd-5.5.0p1'
openbsd_stunnel_version:
'5.5': 'stunnel-4.56'
'5.6': 'stunnel-5.00p0'
'5.7': 'stunnel-5.06'
'5.8': 'stunnel-5.19'
openbsd_pkg_mirror: http://www.mirrorservice.org/pub
ca_store:
OpenBSD: /etc/ssl/cert.pem
Debian: /etc/ssl/certs/ca-certificates.crt
update_ca_certificates:
OpenBSD: /usr/local/sbin/update-ca-certificates
Debian: /usr/sbin/update-ca-certificates
......@@ -56,3 +65,9 @@ ntpd_service:
aliases_file:
OpenBSD: /etc/mail/aliases
Debian: /etc/aliases
stunnel_service:
OpenBSD: stunnel
Debian: stunnel4
stunnel_user:
OpenBSD: _stunnel
Debian: stunnel4
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment