# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- --- - name: "dns.yml" debug: verbosity: 1 msg: "dns.yml PROXY_DNS_PROXY={{PROXY_DNS_PROXY}}" - name: /etc/hostname shell: | grep -q localhost /etc/hostname && echo {{inventory_hostname}} > /etc/hostname exit 0 when: - ansible_distribution in ['Ubuntu', 'Debian', 'Devuan'] check_mode: false - name: /etc/hosts shell: | grep '^127.0.0.1.* {{inventory_hostname}}' /etc/hosts || \ sed -e 's@^127.0.0.1.*@\& {{inventory_hostname}}@' -i /etc/hosts exit 0 - assert: that: - '"{{ PROXY_DNS_PROXY }}" in ["dnsmasq", "dnscrypt"]' - '"{{ PROXY_DNS_PROXY }}" not in ["pdnsd"]' - '"{{ PROXY_DNS_NETMAN }}" in {{PROXY_DNS_NETMAN_ALL}}' - name: "include 'netman.yml tasks" include_tasks: "netman.yml" when: PROXY_DNS_NETMAN == 'networkmanager' - set_fact: PROXY_DNS_PROXY: "socat" when: - BOX_WHONIX_PROXY_HOST != "" or BOX_OS_FLAVOR|default('') in ['WhonixWorkstation' , 'WhonixGateway'] or PROXY_MODE in ['tor', 'selektor'] - set_fact: PROXY_DNS_PROXY: "dnsmasq" when: - BOX_WHONIX_PROXY_HOST != "" - BOX_OS_FLAVOR|default('') != 'WhonixWorkstation' and BOX_OS_FLAVOR|default('') != 'WhonixGateway' - false - name: "include dns-dnscrypt.yml tasks" include_tasks: "dns-dnscrypt.yml" when: PROXY_DNS_PROXY == "dnscrypt" - name: "include dns-dnsmasq.yml tasks" include_tasks: "dns-dnsmasq.yml" when: PROXY_DNS_PROXY == "dnsmasq" - name: "include dns-socat.yml tasks" include_tasks: "dns-socat.yml" when: PROXY_DNS_PROXY == "socat" # System hook scripts are found in /lib/dhcpcd/dhcpcd-hooks and the user defined hooks are /etc/dhcpcd.enter-hook # dhclient->resolvconf overwrites this - for now, use testforge.start for things like starbucks # https://www.techrepublic.com/article/pro-tip-take-back-control-of-resolv-conf/ # https://www.linuxquestions.org/questions/slackware-14/how-to-prevent-wicd-overwriting-etc-resolv-conf-4175488551/ - name: "/etc/resolv.conf" blockinfile: dest: /etc/resolv.conf marker: "# {mark} ANSIBLE MANAGED BLOCK privacy" create: yes block: | nameserver 127.0.0.1 when: - PROXY_DNS_PROXY in ['dnscrypt', 'dnsmasq', 'socat'] # stop dhclient from overwriting resolv.conf # with scripts in /lib/dhcpcd/dhcpcd-hooks/ # FixMe: /etc/dhcp/dhcp-client.conf? # dnscrypt is not a system service - name: "service disable not {{PROXY_DNS_PROXY}}" service: enabled: '{{ "yes" if PROXY_DNS_PROXY == "{{ item }}" else "no" }}' state: '{{ "started" if PROXY_DNS_PROXY == "{{ item }}" else "stopped" }}' name: "{{ item }}" with_items: # leave 'dnsmasq' running # maybe shutting dnsmasq shuts NetworkManager? - "{{PROXY_DNS_PROXY}}" # "dnscrypt" is not a system service ignore_errors: true when: - ansible_connection|default('') not in PLAY_NOSERVICE_CONNECTIONS - name: "service disable not {{PROXY_DNS_NETMAN}}" service: enabled: '{{ "yes" if PROXY_DNS_NETMAN == "{{ item }}" else "no" }}' state: '{{ "started" if PROXY_DNS_NETMAN == "{{ item }}" else "stopped" }}' name: "{{ item }}" with_items: "{{ PROXY_DNS_NETMAN_ALL }}" ignore_errors: true when: - ansible_connection|default('') not in PLAY_NOSERVICE_CONNECTIONS - name: "/etc/dhcpcd.conf {{ansible_distribution}}" blockinfile: dest: "{{ item }}" marker: "# {mark} ANSIBLE MANAGED BLOCK proxy" create: true block: | # we route dns queries through tor # we will configure ntp generically nohook resolv.conf,ntp.conf # with_first_found: with_items: - /etc/dhcpcd.conf when: - "'run_dnsmasq' in PROXY_FEATURES" - name: "/etc/resolvconf.conf" lineinfile: dest: /etc/resolvconf.conf create: true regexp: "{{ item.name }}" line: "{{ item.val }}" with_items: - { name: "^#*resolvconf=.*", val: "resolvconf=no" } - { name: "^#*name_servers=.*", val: "name_servers=127.0.0.1" } - { name: "^#*resolv_conf.*", val: "resolv_conf=/etc/resolv.conf" } when: - ansible_distribution == 'Gentoo' - "'run_dnsmasq' in PROXY_FEATURES" # /etc/resolvconf/update.d/ for Ubuntu # /etc/resolvconf/update.d/dnsmasq for Debian - name: "/etc/resolvconf/update.d/dnsmasq" shell: | [ -f /etc/resolvconf/update.d/dnsmasq ] || exit 0 chmod 644 /etc/resolvconf/update.d/dnsmasq mv /etc/resolvconf/update.d/dnsmasq /etc/resolvconf/update.d/.dnsmasq when: - PROXY_DNS_PROXY != ""