create relayd role and enable it for proxy group

playbooks/proxy.yml

@@ -11,6 +11,7 @@
 
   roles:
     - base
+    - relayd
     - ifstated
     - nginx/server
     - role: nginx/site

roles/relayd/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: restart relayd
+  service:
+    name: relayd
+    state: restarted

roles/relayd/tasks/main.yml

@@ -0,0 +1,16 @@
+---
+
+- name: copy relayd config
+  template:
+    dest: /etc/relayd.conf
+    src: relayd.conf.j2
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart relayd
+
+- name: enable relayd service
+  service:
+    name: relayd
+    state: started
+    enabled: true

roles/relayd/templates/relayd.conf.j2

@@ -0,0 +1,6 @@
+
+table <ldap_servers> { ldap01.home.foo.sh }
+relay "ldap" {
+    listen on 0.0.0.0 port 636
+    forward to <ldap_servers> check tls
+}