From a627be89ba2f5f8c9f233144474da112320678b4 Mon Sep 17 00:00:00 2001
From: Natalia Serrano <natalia.serrano@qindel.com>
Date: Fri, 16 May 2025 15:37:08 +0200
Subject: [PATCH] refs #2026 add template for stunnel config

---
 chroot-tasks.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/chroot-tasks.py b/chroot-tasks.py
index 8b75937..2a4486e 100755
--- a/chroot-tasks.py
+++ b/chroot-tasks.py
@@ -108,6 +108,22 @@ def updateCaCertificates():
     print ('Updating CA trust Store', file=sys.stderr)
     utils.run (['update-ca-certificates'])
 
+def configure_stunnel():
+    with open ('/etc/stunnel/menu.conf', 'w') as fd:
+        fd.write ('setuid = stunnel4\n')
+        fd.write ('setgid = stunnel4\n')
+        fd.write ('pid = /var/run/stunnel4/menu.pid\n')
+        fd.write ('\n')
+        fd.write ('[menu]\n')
+        fd.write ('client = yes\n')
+        fd.write ('accept = 127.0.0.1:81\n')
+        fd.write ('connect = __OGCORE_IP__:__OGCORE_PORT__\n')
+        fd.write ('cert = /opt/opengnsys/etc/ogagent.crt\n')
+        fd.write ('key = /opt/opengnsys/etc/ogagent.key\n')
+        fd.write ('CAfile = /opt/opengnsys/etc/ca.crt\n')
+        fd.write ('requireCert = yes\n')
+        fd.write ('verifyChain = yes\n')
+
 def boottoolsPythonModules():
     utils.run (['pip3', 'install', 'pyblkid', '--break-system-packages'])
 
@@ -158,6 +174,7 @@ if __name__ == '__main__':
     debconf_settings = config['General'].get ('debconf_settings')
 
     updateCaCertificates()
+    configure_stunnel()
     setup_resolvconf()
     boottoolsSoftwareInstall (args.osarch, args.osrelease)
     boottoolsSoftwareCompile()