--- /dev/null
+class stunnel4 {
+ # define an stunnel listener, listening for SSL connections on $accept,
+ # connecting to plaintext service $connect using local source address $local
+ define stunnel_server($accept, $connect, $local = "127.0.0.1") {
+ file {
+ "/etc/stunnel/puppet-${name}.conf":
+ content => template("stunnel4/server.conf.erb"),
+ notify => Exec['restart_stunnel'],
+ ;
+ }
+ }
+
+
+ package {
+ "stunnel4": ensure => installed;
+ }
+
+ file {
+ "/etc/stunnel/stunnel.conf":
+ ensure => absent,
+ ;
+ }
+
+ exec {
+ "enable_stunnel4":
+ command => "sed -i -e 's/^ENABLED=/#&/; \$a ENABLED=1 # added by puppet' /etc/default/stunnel4",
+ unless => "grep -q '^ENABLED=1' /etc/default/stunnel4",
+ require => [ Package['stunnel4'] ],
+ ;
+ "restart_stunnel":
+ command => "env -i /etc/init.d/stunnel4 restart",
+ require => [ File['/etc/stunnel/stunnel.conf'], Exec['enable_stunnel4'], Package['stunnel4'] ],
+ ;
+ }
+}
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+cert = /etc/exim4/ssl/thishost.crt
+key = /etc/exim4/ssl/thishost.key
+
+; Some security enhancements for UNIX systems - comment them out on Win32
+chroot = /var/run/stunnel4
+setuid = stunnel4
+setgid = stunnel4
+; PID is created inside chroot jail
+pid = /stunnel-<%= name %>.pid
+
+verify = 2
+CAfile = /etc/exim4/ssl/ca.crt
+CRLfile = /etc/exim4/ssl/ca.crl
+
+; Some debugging stuff useful for troubleshooting
+debug = notice
+; don't use a file, use syslog
+; output = /var/log/stunnel4/stunnel.log
+
+client = no
+
+[<%= name %>]
+accept = <%= accept %>
+connect = <%= connect %>
+local = <%= local %>
+
+; vim:ft=dosini