rm tmp files
This commit is contained in:
parent
7910336c5d
commit
edf1875720
|
|
@ -1,88 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install dnsdist
|
|
||||||
apt:
|
|
||||||
name:
|
|
||||||
- dnsdist
|
|
||||||
- acl
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Allow DoT connexions
|
|
||||||
ufw:
|
|
||||||
rule: allow
|
|
||||||
port: 853
|
|
||||||
proto: tcp
|
|
||||||
|
|
||||||
- name: Allow DoH connexions
|
|
||||||
ufw:
|
|
||||||
rule: allow
|
|
||||||
port: 443
|
|
||||||
proto: tcp
|
|
||||||
|
|
||||||
- name: Allow DNS connexions
|
|
||||||
ufw:
|
|
||||||
rule: allow
|
|
||||||
port: 53
|
|
||||||
proto: any
|
|
||||||
|
|
||||||
- name: Copy Configuration file for DNSdist
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: dnsdist.conf
|
|
||||||
dest: /etc/dnsdist/dnsdist.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: '0644'
|
|
||||||
|
|
||||||
|
|
||||||
- name: Add SSL keys to dnsdist.conf
|
|
||||||
ansible.builtin.replace:
|
|
||||||
path: /etc/dnsdist/dnsdist.conf
|
|
||||||
regexp: '__SSL_CRT__'
|
|
||||||
replace: '/etc/ssl/{{ domain}}.crt'
|
|
||||||
when: installCertbot == False
|
|
||||||
|
|
||||||
- name: Add SSL keys to dnsdist.conf
|
|
||||||
ansible.builtin.replace:
|
|
||||||
path: /etc/dnsdist/dnsdist.conf
|
|
||||||
regexp: '__SSL_KEY__'
|
|
||||||
replace: '/etc/ssl/{{ domain}}.key'
|
|
||||||
when: installCertbot == False
|
|
||||||
|
|
||||||
- name: permission to ssl cert
|
|
||||||
shell: |
|
|
||||||
setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".key
|
|
||||||
setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".crt
|
|
||||||
when: installCertbot == False
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Add SSL keys to dnsdist.conf
|
|
||||||
ansible.builtin.replace:
|
|
||||||
path: /etc/dnsdist/dnsdist.conf
|
|
||||||
regexp: '__SSL_CRT__'
|
|
||||||
replace: '/etc/letsencrypt/live/{{ domain}}/fullchain.pem'
|
|
||||||
when: installCertbot == True
|
|
||||||
|
|
||||||
- name: Add SSL keys to dnsdist.conf
|
|
||||||
ansible.builtin.replace:
|
|
||||||
path: /etc/dnsdist/dnsdist.conf
|
|
||||||
regexp: '__SSL_KEY__'
|
|
||||||
replace: '/etc/letsencrypt/live/{{ domain}}/privkey.pem'
|
|
||||||
when: installCertbot == True
|
|
||||||
|
|
||||||
- name: Set permission letsencrypt SSL keys
|
|
||||||
shell: setfacl -R -m u:_dnsdist:rx /etc/letsencrypt/
|
|
||||||
when: installCertbot == True
|
|
||||||
|
|
||||||
|
|
||||||
- name: Disable and stop systemd-resolved
|
|
||||||
shell: |
|
|
||||||
systemctl disable systemd-resolved
|
|
||||||
systemctl stop systemd-resolved || echo "systemd-resolved is already stopped"
|
|
||||||
|
|
||||||
- name: Start dnsdist service
|
|
||||||
shell: "systemctl start dnsdist"
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
- name: Enable systemd service
|
|
||||||
shell: "systemctl enable dnsdist"
|
|
||||||
Loading…
Reference in New Issue