Skip to content

Stunnel role#

This role installs and configures Stunnel. We currently use Stunnel to secure connections between servers that are not on the same trusted network, using Pre-Shared Keys (PSK).

This role can be used to set up either a client or server Stunnel instance.

It uses git_based_config to configure stunnel.

To know more about our use of Stunnel, please refer to the infrastructure documentation.

This role assumes that the configure.yml playbook was run before, especially for setting up the firewall rules.

Defaults#

---
# PSK files definition
stunnel__psk_secrets: []
# the content is username:psk
# use pwgen 32 to generate psk
# - file: postgres.psk
#   content: |
#      scaleway-02: auentuaienrst

# git repostory with system config
# This is mandatory
stunnel__config_repository_root:
stunnel__config_repository_path: "{{ stunnel__config_repository_root }}/confs/{{ inventory_hostname }}"

# Set this to true if you are on a stunnel client
stunnel__ensure_no_client: true