blob: fd503a7083ec62a53c39be694a4730e6546aeeef (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
---
- name: Basic Setup
hosts: ch-imap-proxy
roles:
- role: apt-repo/base
- role: core/base
- role: core/sshd/base
- role: core/zsh
- role: apt-repo/spreadspace
- role: acmetool/base
- role: acmetool/cert
acmetool_cert_name: "imap.chaos-at-home.org"
acmetool_cert_config:
request:
challenge:
http-self-test: false
post_tasks:
- name: install stunnel package
apt:
name: stunnel4
state: present
- name: generate stunnel config for imap
copy:
dest: /etc/stunnel/imap.conf
content: |
cert = /var/lib/acme/live/imap.chaos-at-home.org/fullchain
key = /var/lib/acme/live/imap.chaos-at-home.org/privkey
[imap]
client = yes
accept = 127.0.0.1:143
connect = 192.168.28.250:143
protocol = imap
verify = 0
[imaps]
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
options = CIPHER_SERVER_PREFERENCE
ciphers = ECDHE+CHACHA20:ECDHE+AESGCM:DHE+CHACHA20:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!ADH:!AECDH:!MD5:!SHA
accept = 993
connect = 127.0.0.1:143
notify: restart stunnel4
- name: install systemd service unit for service-ip
copy:
dest: /etc/systemd/system/imap-service-ip.service
content: |
[Unit]
Description=Assign IMAP Sevice IP
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip addr add dev {{ network.primary.name }} {{ network_services.imap.addr }}/32
ExecStop=/usr/sbin/ip addr del dev {{ network.primary.name }} {{ network_services.imap.addr }}/32
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
register: service_ip_systemd_unit
- name: make sure service-ip systemd unit is enabeld and started
systemd:
daemon_reload: yes
name: imap-service-ip.service
state: "{{ (service_ip_systemd_unit is changed) | ternary('restarted', 'started') }}"
enabled: yes
handlers:
- name: restart stunnel4
service:
name: stunnel4
state: restarted
|