Fix dnscrypt-proxy by not masking the socket

Problem: Masking dnscrypt-proxy.socket prevents the service from starting because the service has Requires=dnscrypt-proxy.socket dependency. Solution: Simply stop and disable the socket without masking it. This prevents socket activation while allowing the service to start and bind directly to the configured IPs. Changes: - Removed socket masking (just disable it) - Moved socket disabling before service start - Removed invalid systemd directives from override Testing: Confirmed dnscrypt-proxy now listens on VPN service IPs 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-03 10:33:13 +02:00 · 2025-08-17 19:54:20 -04:00 · 2025-08-17 19:54:20 -04:00 · 0524908ba7
commit 0524908ba7
parent 3835fe882f
2 changed files with 8 additions and 11 deletions
--- a/roles/dns/tasks/main.yml
+++ b/roles/dns/tasks/main.yml
@ -26,17 +26,16 @@

 - meta: flush_handlers

+- name: Ubuntu | Stop and disable dnscrypt-proxy socket before starting service
+  systemd:
+    name: dnscrypt-proxy.socket
+    state: stopped
+    enabled: false
+  failed_when: false
+  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+
 - name: dnscrypt-proxy enabled and started
  service:
    name: dnscrypt-proxy
    state: started
    enabled: true
-
- name: Ubuntu | Disable dnscrypt-proxy socket activation after service start
-  systemd:
-    name: dnscrypt-proxy.socket
-    state: stopped
-    enabled: false
-    masked: true
-  failed_when: false
-  when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
--- a/roles/dns/tasks/ubuntu.yml
+++ b/roles/dns/tasks/ubuntu.yml
@ -58,8 +58,6 @@
      [Unit]
      After=systemd-resolved.service
      Requires=systemd-resolved.service
-      # Remove socket dependency to allow direct binding
-      TriggeredBy=

      [Service]
      AmbientCapabilities=CAP_NET_BIND_SERVICE