mirror of
https://github.com/trailofbits/algo.git
synced 2025-07-25 06:53:00 +02:00
49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
---
|
|
- name: Add the repository
|
|
apt_repository:
|
|
state: present
|
|
codename: artful
|
|
repo: ppa:shevchuk/dnscrypt-proxy
|
|
register: result
|
|
until: result|succeeded
|
|
retries: 10
|
|
delay: 3
|
|
|
|
- name: Install dnscrypt-proxy
|
|
apt:
|
|
name: dnscrypt-proxy
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- block:
|
|
- name: Ubuntu | Unbound profile for apparmor configured
|
|
copy:
|
|
src: apparmor.profile.dnscrypt-proxy
|
|
dest: /etc/apparmor.d/usr.sbin.dnscrypt-proxy
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
notify: restart dnscrypt-proxy
|
|
|
|
- name: Ubuntu | Enforce the dnscrypt-proxy AppArmor policy
|
|
command: aa-enforce usr.sbin.dnscrypt-proxy
|
|
changed_when: false
|
|
tags: apparmor
|
|
when: apparmor_enabled|default(false)|bool == true
|
|
|
|
- name: Ubuntu | Ensure that the dnscrypt-proxy service directory exist
|
|
file:
|
|
path: /etc/systemd/system/dnscrypt-proxy.service.d/
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Ubuntu | Add capabilities to bind ports
|
|
copy:
|
|
dest: /etc/systemd/system/dnscrypt-proxy.service.d/99-capabilities.conf
|
|
content: |
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
notify:
|
|
- restart dnscrypt-proxy
|