91 lines
2.7 KiB
YAML
91 lines
2.7 KiB
YAML
|
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||
|
---
|
||
|
|
||
|
- name: "wicd.yml"
|
||
|
debug:
|
||
|
verbosity: 1
|
||
|
msg: "proxy wicd.yml "
|
||
|
|
||
|
- name: "/etc/dhcp/dhcpd.conf"
|
||
|
blockinfile:
|
||
|
dest: /etc/dhcp/dhcpd.conf
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK privacy"
|
||
|
create: yes
|
||
|
block: |
|
||
|
default-lease-time 36000;
|
||
|
ipv4only;
|
||
|
randomise_hwaddr;
|
||
|
#? whitelist 10.16.238.1;
|
||
|
logfile /var/log/dhcpd.log;
|
||
|
nohook resolv.conf;
|
||
|
|
||
|
# stop dhclient from overwriting resolv.conf
|
||
|
# with scripts in /lib/dhcpcd/dhcpcd-hooks/
|
||
|
# FixMe: /etc/dhcp/dhcp-client.conf?
|
||
|
|
||
|
# dnscrypt is not a system service
|
||
|
- name: "service disable not {{PROXY_DNS_PROXY}}"
|
||
|
service:
|
||
|
enabled: '{{ "yes" if PROXY_DNS_PROXY == "{{ item }}" else "no" }}'
|
||
|
state: '{{ "started" if PROXY_DNS_PROXY == "{{ item }}" else "stopped" }}'
|
||
|
name: "{{ item }}"
|
||
|
with_items:
|
||
|
# leave 'dnsmasq' running
|
||
|
# maybe shutting dnsmasq shuts NetworkManager?
|
||
|
- "{{PROXY_DNS_PROXY}}"
|
||
|
# "dnscrypt" is not a system service
|
||
|
ignore_errors: true
|
||
|
when:
|
||
|
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
||
|
|
||
|
- name: "service disable not {{PROXY_DNS_NETMAN}}"
|
||
|
service:
|
||
|
enabled: '{{ "yes" if PROXY_DNS_NETMAN == "{{ item }}" else "no" }}'
|
||
|
state: '{{ "started" if PROXY_DNS_NETMAN == "{{ item }}" else "stopped" }}'
|
||
|
name: "{{ item }}"
|
||
|
with_items: "{{ PROXY_DNS_NETMAN_ALL }}"
|
||
|
ignore_errors: true
|
||
|
when:
|
||
|
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
|
||
|
|
||
|
- name: "/etc/dhcpcd.conf {{ansible_distribution}}"
|
||
|
blockinfile:
|
||
|
dest: "{{ item }}"
|
||
|
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
|
||
|
create: true
|
||
|
block: |
|
||
|
# we route dns queries through tor
|
||
|
# we will configure ntp generically
|
||
|
nohook resolv.conf,ntp.conf
|
||
|
# with_first_found:
|
||
|
with_items:
|
||
|
- /etc/dhcpcd.conf
|
||
|
when:
|
||
|
- "'run_dnsmasq' in PROXY_FEATURES"
|
||
|
|
||
|
- name: "/etc/resolvconf.conf"
|
||
|
lineinfile:
|
||
|
dest: /etc/resolvconf.conf
|
||
|
create: true
|
||
|
regexp: "{{ item.name }}"
|
||
|
line: "{{ item.val }}"
|
||
|
with_items:
|
||
|
- { name: "^#*resolvconf=.*", val: "resolvconf=no" }
|
||
|
- { name: "^#*name_servers=.*", val: "name_servers=127.0.0.1" }
|
||
|
- { name: "^#*resolv_conf.*", val: "resolv_conf=/etc/resolv.conf" }
|
||
|
when:
|
||
|
- ansible_distribution == 'Gentoo'
|
||
|
- "'run_dnsmasq' in PROXY_FEATURES"
|
||
|
|
||
|
# /etc/resolvconf/update.d/ for Ubuntu
|
||
|
|
||
|
# /etc/resolvconf/update.d/dnsmasq for Debian
|
||
|
- name: "/etc/resolvconf/update.d/dnsmasq"
|
||
|
shell: |
|
||
|
[ -f /etc/resolvconf/update.d/dnsmasq ] || exit 0
|
||
|
chmod 644 /etc/resolvconf/update.d/dnsmasq
|
||
|
mv /etc/resolvconf/update.d/dnsmasq /etc/resolvconf/update.d/.dnsmasq
|
||
|
when:
|
||
|
- PROXY_DNS_PROXY != ""
|
||
|
|