--- - name: Install dnsdist apt: name: - dnsdist - acl state: present - name: Allow DoT connexions ufw: rule: allow port: 853 proto: tcp - name: Allow DoH connexions ufw: rule: allow port: 443 proto: tcp - name: Allow DNS connexions ufw: rule: allow port: 53 proto: any - name: Copy Configuration file for DNSdist ansible.builtin.copy: src: dnsdist.conf dest: /etc/dnsdist/dnsdist.conf owner: root group: root mode: '0644' - name: Add SSL keys to dnsdist.conf ansible.builtin.replace: path: /etc/dnsdist/dnsdist.conf regexp: '__SSL_CRT__' replace: '/etc/ssl/{{ domain}}.crt' when: installCertbot == False - name: Add SSL keys to dnsdist.conf ansible.builtin.replace: path: /etc/dnsdist/dnsdist.conf regexp: '__SSL_KEY__' replace: '/etc/ssl/{{ domain}}.key' when: installCertbot == False - name: permission to ssl cert shell: | setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".key setfacl -R -m u:_dnsdist:rx /etc/ssl/"{{ domain }}".crt when: installCertbot == False - name: Add SSL keys to dnsdist.conf ansible.builtin.replace: path: /etc/dnsdist/dnsdist.conf regexp: '__SSL_CRT__' replace: '/etc/letsencrypt/live/{{ domain}}/fullchain.pem' when: installCertbot == True - name: Add SSL keys to dnsdist.conf ansible.builtin.replace: path: /etc/dnsdist/dnsdist.conf regexp: '__SSL_KEY__' replace: '/etc/letsencrypt/live/{{ domain}}/privkey.pem' when: installCertbot == True - name: Set permission letsencrypt SSL keys shell: setfacl -R -m u:_dnsdist:rx /etc/letsencrypt/ when: installCertbot == True - name: Disable and stop systemd-resolved shell: | systemctl disable systemd-resolved systemctl stop systemd-resolved || echo "systemd-resolved is already stopped" - name: Start dnsdist service shell: "systemctl start dnsdist" - name: Enable systemd service shell: "systemctl enable dnsdist" - name: Copy cron certbot service ansible.builtin.copy: src: certbot-cron dest: /etc/cron.d/certbot owner: root group: root mode: '0644' when: installCertbot == True