Skip to content

Commit e0183d4

Browse files
cejkato2cejkato2
committed
roles: add socat as a TLS endpoint
1 parent 74ba028 commit e0183d4

File tree

5 files changed

+68
-0
lines changed

5 files changed

+68
-0
lines changed

ansible/inventory/host_files/list-vagrant/socat/tls-endpoint.service

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
[Unit]
2+
Description=Create a simple TLS endpoint using socat and keys&certs in /etc/tls-enspoint/ (server.key,server.crt,sa.crt)
3+
After=network-online.target
4+
Before=multi-user.target
5+
DefaultDependencies=no
6+
7+
[Service]
8+
User=tlsendpoint
9+
10+
ExecStart=/bin/socat openssl-listen:4740,method=TLS1.2,key=/etc/tls-endpoint/server.key,cert=/etc/tls-endpoint/server.crt,cafile=/etc/tls-endpoint/ca.crt,reuseaddr,fork udp-sendto:localhost:4739
11+
12+
# wait 60 seconds before trying to restart the connection
13+
# if it disconnects
14+
RestartSec=60
15+
16+
# keep retrying no matter what
17+
Restart=always
18+
19+
[Install]
20+
WantedBy=multi-user.target
21+

ansible/list.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,3 +13,4 @@
1313
- { role: warden-client, tags: warden-client }
1414
- { role: easyrsa, tags: easyrsa }
1515
- { role: fail2ban, tags: fail2ban }
16+
- { role: socat, tags: socat }

ansible/roles/socat/tasks/install.yml

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
- name: Check for TLS endpoint configuration (tls-endpoint.service)
2+
local_action: stat path={{ tlsendpoint_service }}
3+
become: false
4+
register: tlsendpoint_service_file
5+
ignore_errors: True
6+
7+
- name: Install socat
8+
yum: "name=socat state=installed"
9+
when: tlsendpoint_service_file.stat.exists
10+
11+
- name: Copy tls-endpoint.service configuration
12+
copy:
13+
src: "{{ tlsendpoint_service }}"
14+
dest: /etc/systemd/system/tls-endpoint.service
15+
when: tlsendpoint_service_file.stat.exists
16+
17+
- name: Create a system user tlsendpoint
18+
user:
19+
name: tlsendpoint
20+
system: yes
21+
state: present
22+
create_home: no
23+
when: tlsendpoint_service_file.stat.exists
24+
25+
- name: Create directory for TLS certificates
26+
file:
27+
path: /etc/tls-endpoint/
28+
state: directory
29+
owner: tlsendpoint
30+
when: tlsendpoint_service_file.stat.exists
31+
32+
- name: Create README for tlsendpoint
33+
copy:
34+
content: >
35+
Put server.key, server.crt, ca.crt into this directory and execute
36+
systemctl enable tlsendpoint
37+
service tlsendpoint start
38+
dest: /etc/tls-endpoint/README
39+
when: tlsendpoint_service_file.stat.exists
40+

ansible/roles/socat/tasks/main.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
- name: Socat install
2+
include: install.yml
3+
tags: install
4+

ansible/roles/socat/vars/main.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
tlsendpoint_service: "{{ inventory_dir }}/host_files/{{ inventory_hostname }}/socat/tls-endpoint.service"
2+

0 commit comments

Comments
 (0)