rm tmp files
This commit is contained in:
parent
7910336c5d
commit
edf1875720
|
|
@ -1,88 +0,0 @@
|
|||
---
|
||||
- name: Install dnsdist
|
||||
apt:
|
||||
name:
|
||||
- dnsdist
|
||||
- acl
|
||||
state: present
|
||||
|
||||
- name: Allow DoT connexions
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 853
|
||||
proto: tcp
|
||||
|
||||
- name: Allow DoH connexions
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 443
|
||||
proto: tcp
|
||||
|
||||
- name: Allow DNS connexions
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 53
|
||||
proto: any
|
||||
|
||||
- name: Copy Configuration file for DNSdist
|
||||
ansible.builtin.copy:
|
||||
src: dnsdist.conf
|
||||
dest: /etc/dnsdist/dnsdist.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
|
||||
- name: Add SSL keys to dnsdist.conf
|
||||
ansible.builtin.replace:
|
||||
path: /etc/dnsdist/dnsdist.conf
|
||||
regexp: '__SSL_CRT__'
|
||||
replace: '/etc/ssl/{{ domain}}.crt'
|
||||
when: installCertbot == False
|
||||
|
||||
- name: Add SSL keys to dnsdist.conf
|
||||
ansible.builtin.replace:
|
||||
path: /etc/dnsdist/dnsdist.conf
|
||||
regexp: '__SSL_KEY__'
|
||||
replace: '/etc/ssl/{{ domain}}.key'
|
||||
when: installCertbot == False
|
||||
|
||||
- name: permission to ssl cert
|
||||
shell: |
|
||||
setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".key
|
||||
setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".crt
|
||||
when: installCertbot == False
|
||||
|
||||
|
||||
|
||||
- name: Add SSL keys to dnsdist.conf
|
||||
ansible.builtin.replace:
|
||||
path: /etc/dnsdist/dnsdist.conf
|
||||
regexp: '__SSL_CRT__'
|
||||
replace: '/etc/letsencrypt/live/{{ domain}}/fullchain.pem'
|
||||
when: installCertbot == True
|
||||
|
||||
- name: Add SSL keys to dnsdist.conf
|
||||
ansible.builtin.replace:
|
||||
path: /etc/dnsdist/dnsdist.conf
|
||||
regexp: '__SSL_KEY__'
|
||||
replace: '/etc/letsencrypt/live/{{ domain}}/privkey.pem'
|
||||
when: installCertbot == True
|
||||
|
||||
- name: Set permission letsencrypt SSL keys
|
||||
shell: setfacl -R -m u:_dnsdist:rx /etc/letsencrypt/
|
||||
when: installCertbot == True
|
||||
|
||||
|
||||
- name: Disable and stop systemd-resolved
|
||||
shell: |
|
||||
systemctl disable systemd-resolved
|
||||
systemctl stop systemd-resolved || echo "systemd-resolved is already stopped"
|
||||
|
||||
- name: Start dnsdist service
|
||||
shell: "systemctl start dnsdist"
|
||||
|
||||
|
||||
|
||||
- name: Enable systemd service
|
||||
shell: "systemctl enable dnsdist"
|
||||
Loading…
Reference in New Issue