olli/debian.ansible.basics
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship

Browse Source
This commit is contained in:
olli 2022-12-04 17:11:52 +01:00
parent 872efb6f4f
commit 6059046738
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
basics.yml
View File

@ -165,6 +165,21 @@
state: present state: present
notify: localectl notify: localectl
- name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship
blockinfile:
path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
mode: "0444"
owner: root
group: root
create: yes
insertbefore: BOF # Beginning of the file
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
[Resolve]
DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
DNSOverTLS=opportunistic
backup: yes
- name: SSHD hardening - name: SSHD hardening
blockinfile: blockinfile:
path: /etc/ssh/sshd_config.d/hardening.conf path: /etc/ssh/sshd_config.d/hardening.conf