From f6131611e15a644312e3c4baf5b8f6387c2930e7 Mon Sep 17 00:00:00 2001
From: khramshinr <khramshinr@gmail.com>
Date: Wed, 29 May 2024 19:46:20 +0600
Subject: T5735: Stunnel CLI and configuration

Add CLI commands
Add config
Add conf_mode
Add systemd config
Add stunnel smoketests
Add log level config
---
 data/templates/stunnel/stunnel_config.j2 | 118 +++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 data/templates/stunnel/stunnel_config.j2

(limited to 'data/templates')

diff --git a/data/templates/stunnel/stunnel_config.j2 b/data/templates/stunnel/stunnel_config.j2
new file mode 100644
index 000000000..52c289fa9
--- /dev/null
+++ b/data/templates/stunnel/stunnel_config.j2
@@ -0,0 +1,118 @@
+; Autogenerated by service_stunnel.py
+
+; Example https://www.stunnel.org/config_unix.html#
+; **************************************************************************
+; * Global options                                                         *
+; **************************************************************************
+
+; PID file is created inside the chroot jail (if enabled)
+pid = {{ config_file | replace('.conf', '.pid') }}
+
+; Debugging stuff (may be useful for troubleshooting)
+;foreground = yes
+
+{% if log is vyos_defined %}
+debug = {{ log.level }}
+{% endif %}
+
+;output = /usr/local/var/log/stunnel.log
+
+
+; **************************************************************************
+; * Service definitions                                                    *
+; **************************************************************************
+
+; ***************************************** Client mode services ***********
+
+{% if client is vyos_defined %}
+{%     for name, config in client.items() %}
+[{{ name }}]
+client = yes
+{%         if config.listen.address is vyos_defined %}
+accept = {{ config.listen.address }}:{{ config.listen.port }}
+{%         else %}
+accept = {{ config.listen.port }}
+{%         endif %}
+{%         if config.connect is vyos_defined %}
+{%             if config.connect.address is vyos_defined %}
+connect = {{ config.connect.address }}:{{ config.connect.port }}
+{%             else %}
+connect = {{ config.connect.port }}
+{%             endif %}
+{%         endif %}
+{%         if config.protocol is vyos_defined %}
+protocol = {{ config.protocol }}
+{%         endif %}
+{%         if config.options is vyos_defined %}
+{%             if config.options.authentication is vyos_defined %}
+protocolAuthentication = {{ config.options.authentication }}
+{%             endif %}
+{%             if config.options.domain is vyos_defined %}
+protocolDomain = {{ config.options.domain }}
+{%             endif %}
+{%             if config.options.host is vyos_defined %}
+protocolHost = {{ config.options.host.address }}:{{ config.options.host.port }}
+{%             endif %}
+{%             if config.options.password is vyos_defined %}
+protocolPassword = {{ config.options.password }}
+{%             endif %}
+{%             if config.options.username is vyos_defined %}
+protocolUsername = {{ config.options.username }}
+{%             endif %}
+{%         endif %}
+{%         if config.ssl.ca_path is vyos_defined %}
+CApath = {{ config.ssl.ca_path }}
+{%         endif %}
+{%         if config.ssl.ca_file is vyos_defined %}
+CAfile = {{ config.ssl.ca_file }}
+{%         endif %}
+{%         if config.ssl.cert is vyos_defined %}
+cert = {{ config.ssl.cert }}
+{%         endif %}
+{%         if config.ssl.cert_key is vyos_defined %}
+key = {{ config.ssl.cert_key }}
+{%         endif %}
+{%         if config.psk.file is vyos_defined %}
+PSKsecrets = {{ config.psk.file }}
+{%         endif %}
+{%     endfor %}
+{% endif %}
+
+
+; ***************************************** Server mode services ***********
+
+{% if server is vyos_defined %}
+{%     for name, config in server.items() %}
+[{{ name }}]
+{%         if config.listen.address is vyos_defined %}
+accept = {{ config.listen.address }}:{{ config.listen.port }}
+{%         else %}
+accept = {{ config.listen.port }}
+{%         endif %}
+{%         if config.connect is vyos_defined %}
+{%             if config.connect.address is vyos_defined %}
+connect = {{ config.connect.address }}:{{ config.connect.port }}
+{%             else %}
+connect = {{ config.connect.port }}
+{%             endif %}
+{%         endif %}
+{%         if config.protocol is vyos_defined %}
+protocol = {{ config.protocol }}
+{%         endif %}
+{%         if config.ssl.ca_path is vyos_defined %}
+CApath = {{ config.ssl.ca_path }}
+{%         endif %}
+{%         if config.ssl.ca_file is vyos_defined %}
+CAfile = {{ config.ssl.ca_file }}
+{%         endif %}
+{%         if config.ssl.cert is vyos_defined %}
+cert = {{ config.ssl.cert }}
+{%         endif %}
+{%         if config.ssl.cert_key is vyos_defined %}
+key = {{ config.ssl.cert_key }}
+{%         endif %}
+{%         if config.psk.file is vyos_defined %}
+PSKsecrets = {{ config.psk.file }}
+{%         endif %}
+{%     endfor %}
+{% endif %}
-- 
cgit v1.2.3