basics.yml aktualisiert

2023-07-28 11:44:20 +02:00 · 2023-07-28 11:44:20 +02:00 · 8c909ae82e
commit 8c909ae82e
parent 5603931d11
1 changed files with 19 additions and 14 deletions
--- a/basics.yml
+++ b/basics.yml
@ -248,21 +248,26 @@
      notify: localectl
      when: nocontainer.stat.exists == true

-    - name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship
-      blockinfile:
+    ## NOW WITH DoH OVER DNSCRYPT-DNS-Proxy
+    #- name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship
+    #  blockinfile:
+    #    path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
+    #    mode: "0444"
+    #    owner: root
+    #    group: root
+    #    create: yes
+    #    insertbefore: BOF # Beginning of the file
+    #    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    #    block: |
+    #      [Resolve]
+    #      DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
+    #      DNSOverTLS=opportunistic
+    #    backup: yes
+    #  when: nocontainer.stat.exists == true
+    - name: NOW WITH DoH OVER DNSCRYPT-DNS-Proxy
+      ansible.builtin.file:
+        state: absent
        path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
-        mode: "0444"
-        owner: root
-        group: root
-        create: yes
-        insertbefore: BOF # Beginning of the file
-        marker: "# {mark} ANSIBLE MANAGED BLOCK"
-        block: |
-          [Resolve]
-          DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
-          DNSOverTLS=opportunistic
-        backup: yes
-      when: nocontainer.stat.exists == true
      
    - name: SSHD hardening
      blockinfile: