diff --git a/tasks/certificate.yml b/tasks/certificate.yml index 56751ae..b073369 100644 --- a/tasks/certificate.yml +++ b/tasks/certificate.yml @@ -1,10 +1,10 @@ - name: Generate key command: openssl genrsa -out {{stunnel_key_file}} 2048 - when: stunnel_certificate_generation + when: stunnel_certificate_generation | bool - name: Generate certificate command: openssl req -new -x509 -key {{stunnel_key_file}} -newkey rsa:4096 -keyout {{stunnel_certificate_domain}} -out {{stunnel_certificate_file}} -days {{stunnel_certificate_duration}} -nodes -subj "/C={{stunnel_certificate_country}}/ST={{stunnel_certificate_state_name}}/L={{stunnel_certificate_locality}}/O={{stunnel_certificate_organization}}/CN={{stunnel_certificate_domain}}" - when: stunnel_certificate_generation + when: stunnel_certificate_generation | bool - name: Copy certificate shell: cat {{stunnel_key_file}} {{stunnel_certificate_file}} >> /etc/stunnel/stunnel.pem diff --git a/tasks/main.yml b/tasks/main.yml index 4480717..e6bd1d5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,25 +1,17 @@ --- # tasks file for stunnel-role - name: Install SSL backend - apt: + package: name: openssl update_cache: yes register: install_ssl_backend - name: Install package - apt: + package: name: stunnel4 force: yes register: install_stunnel_4 -- name: Enable stunnel - lineinfile: - dest: /etc/default/stunnel4 - state: present - regexp: ENABLED= - line: ENABLED=1 - register: enable_stunnel - - include: certificate.yml - name: Stunnel configuration @@ -28,8 +20,17 @@ dest: /etc/stunnel/stunnel.conf register: stunnel_configuration +- name: Enable stunnel + lineinfile: + dest: /etc/default/stunnel4 + state: present + regexp: ENABLED= + line: ENABLED=1 + register: enable_stunnel + - name: Start stunnel service service: name: stunnel4 state: restarted - when: install_stunnel_4.changed or enable_stunnel.changed or stunnel_configuration.changed + enabled: true + when: install_stunnel_4 is changed or enable_stunnel is changed or stunnel_configuration is changed