mirror of
https://github.com/trailofbits/algo.git
synced 2025-07-25 06:53:00 +02:00
d56f50180b
- Adds an extra line after the if statement. Jinja2 trims such blocks by default in Ansible. Fixes #965 - More appropriate way to configure DNS servers - Removes `DNS` option from the wireguard server config - Fixes dnscrypt-proxy restart
45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
---
|
|
- name: Add the repository
|
|
apt_repository:
|
|
state: present
|
|
codename: artful
|
|
repo: ppa:shevchuk/dnscrypt-proxy
|
|
|
|
- name: Install dnscrypt-proxy
|
|
apt:
|
|
name: dnscrypt-proxy
|
|
state: latest
|
|
update_cache: true
|
|
|
|
- block:
|
|
- name: Ubuntu | Unbound profile for apparmor configured
|
|
copy:
|
|
src: apparmor.profile.dnscrypt-proxy
|
|
dest: /etc/apparmor.d/usr.sbin.dnscrypt-proxy
|
|
owner: root
|
|
group: root
|
|
mode: 0600
|
|
notify: restart dnscrypt-proxy
|
|
|
|
- name: Ubuntu | Enforce the dnscrypt-proxy AppArmor policy
|
|
command: aa-enforce usr.sbin.dnscrypt-proxy
|
|
changed_when: false
|
|
tags: apparmor
|
|
when: apparmor_enabled|default(false)|bool == true
|
|
|
|
- name: Ubuntu | Ensure that the dnscrypt-proxy service directory exist
|
|
file:
|
|
path: /etc/systemd/system/dnscrypt-proxy.service.d/
|
|
state: directory
|
|
mode: 0755
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Ubuntu | Add capabilities to bind ports
|
|
copy:
|
|
dest: /etc/systemd/system/dnscrypt-proxy.service.d/99-capabilities.conf
|
|
content: |
|
|
[Service]
|
|
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
|
notify:
|
|
- restart dnscrypt-proxy
|