proxy_role/tasks/wicd.yml
2024-01-06 03:08:22 +00:00

91 lines
2.7 KiB
YAML

# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "wicd.yml"
debug:
verbosity: 1
msg: "proxy wicd.yml "
- name: "/etc/dhcp/dhcpd.conf"
blockinfile:
dest: /etc/dhcp/dhcpd.conf
marker: "# {mark} ANSIBLE MANAGED BLOCK privacy"
create: yes
block: |
default-lease-time 36000;
ipv4only;
randomise_hwaddr;
#? whitelist 10.16.238.1;
logfile /var/log/dhcpd.log;
nohook resolv.conf;
# stop dhclient from overwriting resolv.conf
# with scripts in /lib/dhcpcd/dhcpcd-hooks/
# FixMe: /etc/dhcp/dhcp-client.conf?
# dnscrypt is not a system service
- name: "service disable not {{PROXY_DNS_PROXY}}"
service:
enabled: '{{ "yes" if PROXY_DNS_PROXY == "{{ item }}" else "no" }}'
state: '{{ "started" if PROXY_DNS_PROXY == "{{ item }}" else "stopped" }}'
name: "{{ item }}"
with_items:
# leave 'dnsmasq' running
# maybe shutting dnsmasq shuts NetworkManager?
- "{{PROXY_DNS_PROXY}}"
# "dnscrypt" is not a system service
ignore_errors: true
when:
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- name: "service disable not {{PROXY_DNS_NETMAN}}"
service:
enabled: '{{ "yes" if PROXY_DNS_NETMAN == "{{ item }}" else "no" }}'
state: '{{ "started" if PROXY_DNS_NETMAN == "{{ item }}" else "stopped" }}'
name: "{{ item }}"
with_items: "{{ PROXY_DNS_NETMAN_ALL }}"
ignore_errors: true
when:
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- name: "/etc/dhcpcd.conf {{ansible_distribution}}"
blockinfile:
dest: "{{ item }}"
marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
create: true
block: |
# we route dns queries through tor
# we will configure ntp generically
nohook resolv.conf,ntp.conf
# with_first_found:
with_items:
- /etc/dhcpcd.conf
when:
- "'run_dnsmasq' in PROXY_FEATURES"
- name: "/etc/resolvconf.conf"
lineinfile:
dest: /etc/resolvconf.conf
create: true
regexp: "{{ item.name }}"
line: "{{ item.val }}"
with_items:
- { name: "^#*resolvconf=.*", val: "resolvconf=no" }
- { name: "^#*name_servers=.*", val: "name_servers=127.0.0.1" }
- { name: "^#*resolv_conf.*", val: "resolv_conf=/etc/resolv.conf" }
when:
- ansible_distribution == 'Gentoo'
- "'run_dnsmasq' in PROXY_FEATURES"
# /etc/resolvconf/update.d/ for Ubuntu
# /etc/resolvconf/update.d/dnsmasq for Debian
- name: "/etc/resolvconf/update.d/dnsmasq"
shell: |
[ -f /etc/resolvconf/update.d/dnsmasq ] || exit 0
chmod 644 /etc/resolvconf/update.d/dnsmasq
mv /etc/resolvconf/update.d/dnsmasq /etc/resolvconf/update.d/.dnsmasq
when:
- PROXY_DNS_PROXY != ""