debops.stunnel default variables
Tunnel connections
- stunnel_services
List of client-server tunnels configurd by debops.stunnel
See stunnel_services for more details.
stunnel_services: []
- stunnel_server
List of hostnames, CNAMEs or service names which indicate that this host should be configured as a stunnel server.
stunnel_server: []
- stunnel_server_addresses
List of hostnames, IP addresses and FQDN domains configured on a given
server. If any entries here are included in item.client_connect
, a given
host will be configured as the stunnel server, otherwise it will be
configured as stunnel client.
stunnel_server_addresses: '{{ [ ansible_hostname, ansible_fqdn ] +
ansible_all_ipv4_addresses|d([]) +
ansible_all_ipv6_addresses|d([]) +
stunnel_server }}'
SSL, PKI and encryption
- stunnel_ssl_ciphers
List of SSL ciphers used by stunnel
stunnel_ssl_ciphers: 'ALL:ECDHE:!SSLv3:!SSLv2:!kEDH:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!RC4:RSA:HIGH'
- stunnel_ssl_curve
Elliptic Curve used by stunnel
stunnel_ssl_curve: 'prime256v1'
- stunnel_ssl_opts
List of SSL options passed to the OpenSSL library See stunnel4(8) for more details.
stunnel_ssl_opts: [ 'NO_SSLv3' ]
- stunnel_ssl_verify
What level of scrutiny should stunnel use to check validity of a client/server certificate. See stunnel4(8) for more details.
stunnel_ssl_verify: '2'
- stunnel_ssl_check_crl
Should stunnel use CRL to check validity of the certificate?
stunnel_ssl_check_crl: False
- stunnel_pki
Enable or disable support for PKI/SSL/TLS in stunnel, managed by
debops.pki
role
stunnel_pki: '{{ ansible_local.pki.enabled|d() }}'
- stunnel_pki_path
PKI base directory
stunnel_pki_path: '{{ ansible_local.pki.base_path
if (ansible_local|d() and ansible_local.pki|d())
else "/etc/pki" }}'
- stunnel_pki_realm
PKI realm to use for stunnel
stunnel_pki_realm: '{{ ansible_local.pki.realm
if (ansible_local|d() and ansible_local.pki|d())
else "system" }}'
- stunnel_pki_ca
CA certificate to use, relative to stunnel_pki_realm
variable
stunnel_pki_ca: 'CA.crt'
- stunnel_pki_crl
Certificate Revocation List file to use, relative to stunnel_pki_realm
variable
stunnel_pki_crl: 'default.crl'
- stunnel_pki_crt
Certificate file to use, relative to stunnel_pki_crt
variable
stunnel_pki_crt: 'default.crt'
- stunnel_pki_key
Private key file to use, relative to stunnel_pki_key
variable
stunnel_pki_key: 'default.key'
Other options
- stunnel_options
Additional options added to all tunnel configuration files, specified as a YAML text block
stunnel_options: ''
- stunnel_debug
Debug level, determines log verbosity
stunnel_debug: '4'