initial version of rsync module which supports running rsynd server on top of tls

roles/rsync/server/files/systemd-stunnel.conf

@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/stunnel /etc/stunnel/rsyncd.conf

roles/rsync/server/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - {role: rsync/client}

roles/rsync/server/tasks/main.yml

@@ -0,0 +1,38 @@
+---
+- name: create rsyncd config
+  template:
+    dest: /etc/rsyncd.conf
+    src: rsyncd.conf.j2
+    mode: 0644
+    owner: root
+    group: root
+
+- name: create rsyncd config for stunnel
+  template:
+    dest: /etc/stunnel/rsyncd.conf
+    src: rsyncd-stunnel.conf.j2
+    mode: 0644
+    owner: root
+    group: root
+
+- name: create override directory for rsyncd socket
+  file:
+    dest: /etc/systemd/system/rsyncd@.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: root
+
+- name: create override config for rsyncd socket
+  copy:
+    dest: /etc/systemd/system/rsyncd@.service.d/stunnel.conf
+    src: systemd-stunnel.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: enable rsyncd socket
+  systemd:
+    name: rsyncd.socket
+    enabled: true
+    state: started

roles/rsync/server/templates/rsyncd-stunnel.conf.j2

@@ -0,0 +1,10 @@
+
+key = /etc/pki/tls/private/{{ inventory_hostname }}.key
+cert = /etc/pki/tls/certs/{{ inventory_hostname }}.crt
+client = no
+
+verify = 2
+CAfile = /etc/pki/tls/certs/ca.crt
+
+exec = /usr/bin/rsync
+execargs = rsync --daemon --config=/etc/rsyncd.conf

roles/rsync/server/templates/rsyncd.conf.j2

@@ -0,0 +1,11 @@
+[global]
+user = rsyncd
+group = rsyncd
+use chroot = yes
+read only = yes
+hosts allow = *
+
+[test]
+comment = test module
+path = /srv/mirrors/openbsd/
+read only = yes