olli/debian.ansible.basics
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

basics.yml aktualisiert

Browse Source
This commit is contained in:
olli 2023-07-28 11:44:20 +02:00
parent 5603931d11
commit 8c909ae82e
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
basics.yml
View File

@ -248,21 +248,26 @@
notify: localectl notify: localectl
when: nocontainer.stat.exists == true when: nocontainer.stat.exists == true
- name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship ## NOW WITH DoH OVER DNSCRYPT-DNS-Proxy
blockinfile: #- name: DigitalCourage encrypted DNS (DoT) via TLS systemd-resolved without censorship
# blockinfile:
# path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
# mode: "0444"
# owner: root
# group: root
# create: yes
# insertbefore: BOF # Beginning of the file
# marker: "# {mark} ANSIBLE MANAGED BLOCK"
# block: |
# [Resolve]
# DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
# DNSOverTLS=opportunistic
# backup: yes
# when: nocontainer.stat.exists == true
- name: NOW WITH DoH OVER DNSCRYPT-DNS-Proxy
ansible.builtin.file:
state: absent
path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf path: /etc/systemd/resolved.conf.d/digitalcourage-dot.conf
mode: "0444"
owner: root
group: root
create: yes
insertbefore: BOF # Beginning of the file
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
[Resolve]
DNS=5.9.164.112#dns3.digitalcourage.de 2a01:4f8:251:554::2#dns3.digitalcourage.de
DNSOverTLS=opportunistic
backup: yes
when: nocontainer.stat.exists == true
- name: SSHD hardening - name: SSHD hardening
blockinfile: blockinfile: