finalize ch-imap-proxy

1 files changed, 59 insertions, 0 deletions

diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml
index d1479ce1..f3fad1df 100644
--- a/chaos-at-home/ch-imap-proxy.yml
+++ b/chaos-at-home/ch-imap-proxy.yml
@@ -14,3 +14,62 @@
       request:
         challenge:
           http-self-test: false
+  post_tasks:
+  - name: install stunnel package
+    apt:
+      name: stunnel4
+      state: present
+
+  - name: generate stunnel config for imap
+    copy:
+      dest: /etc/stunnel/imap.conf
+      content: |
+        cert = /var/lib/acme/live/imap.chaos-at-home.org/fullchain
+        key = /var/lib/acme/live/imap.chaos-at-home.org/privkey
+
+        [imap]
+        client = yes
+        accept  = 127.0.0.1:143
+        connect = 192.168.28.250:143
+        protocol = imap
+        verify = 0
+
+        [imaps]
+        options = NO_SSLv2
+        options = NO_SSLv3
+        options = NO_TLSv1
+        options = NO_TLSv1.1
+        accept  = 993
+        connect = 127.0.0.1:143
+    notify: restart stunnel4
+
+  - name: install systemd service unit for service-ip
+    copy:
+      dest: /etc/systemd/system/imap-service-ip.service
+      content: |
+        [Unit]
+        Description=Assign IMAP Sevice IP
+        After=network.target
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.imap.addr }}/32
+        ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.imap.addr }}/32
+        RemainAfterExit=yes
+
+        [Install]
+        WantedBy=multi-user.target
+    register: service_ip_systemd_unit
+
+  - name: make sure service-ip systemd unit is enabeld and started
+    systemd:
+      daemon_reload: yes
+      name: imap-service-ip.service
+      state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}"
+      enabled: yes
+
+  handlers:
+  - name: restart stunnel4
+    service:
+      name: stunnel4
+      state: restarted