eole-redis/dicos/90_stunnel.xml

<?xml version="1.0" encoding="utf-8"?>
<creole>
    <files>
        <!-- System configuration -->
        <file filelist='stunnel' name='/etc/default/stunnel4' source='stunnel_default' mkdir='True' rm='True'/>
        <file filelist='stunnel-custom' name='/etc/stunnel/eole-tunnel.conf' source='stunnel.conf' mkdir='True' rm='True'/>
        <file filelist='stunnel-custom' name='/usr/share/eole/bastion/data/90-stunnel_dynamic_rules' mode='0755' rm='True'/>
        <service servicelist="stunnel">stunnel4</service>
    </files>
    <variables>
        <family name='Services'>
            <variable name='activer_stunnel' type='oui/non' description="Activer Stunnel (serveur mandataire SSL) ?">
                <value>oui</value>
            </variable>
        </family>
        <family name="stunnel" mode='expert'>
            <variable name='stunnel_opts' type='string' description="Options complémentaires pour Stunnel"/>
            <variable name='stunnel_add_tunnels' type='oui/non' description="Ajouter de entrées stunnel personnalisée">
                <value>non</value>
            </variable>
            <variable name="stunnel_name" type='string' description="Nom du tunnel SSL" multi="True"/>
            <variable name="stunnel_accept_ip" type='ip' description="IP d'écoute du tunnel"/>
            <variable name="stunnel_accept_port" type="port" description=" Port d'écoute du tunnel"/>
            <variable name="stunnel_connect_ip" type="ip" description="IP du service à la sortie du tunnel"/>
            <variable name="stunnel_connect_port" type="port" description="Port d'écoute du service à la sortie du tunnel"/>
            <variable name="stunnel_ssl_version" type="string" description="Version SSL">
                <value>TLSv1</value>
            </variable>
        </family>
    </variables>
    <constraints>
        <condition name='disabled_if_in' source='activer_stunnel'>
            <param>non</param>
            <target type='filelist'>stunnel-custom</target>
            <target type='filelist'>stunnel</target>
            <target type='family'>stunnel</target>
            <target type='servicelist'>stunnel</target>
            <target type='service_accesslist'>saStunnel</target>
        </condition>
        <condition name='disabled_if_in' source='stunnel_add_tunnels'>
            <param>non</param>
            <target type='filelist'>stunnel-custom</target>
            <target type='variable'>stunnel_name</target>
            <target type='variable'>stunnel_accept_ip</target>
            <target type='variable'>stunnel_accept_port</target>
            <target type='variable'>stunnel_connect_ip</target>
            <target type='variable'>stunnel_connect_port</target>
            <target type='variable'>stunnel_ssl_version</target>
        </condition>
        <group master='stunnel_name'>
            <slave>stunnel_accept_ip</slave>
            <slave>stunnel_accept_port</slave>
            <slave>stunnel_connect_ip</slave>
            <slave>stunnel_connect_port</slave>
            <slave>stunnel_ssl_version</slave>
        </group>

    </constraints>
    <help>
        <variable name='activer_stunnel'>Activer le service mandataire SSL (stunnel)</variable>
    </help>
</creole>