- name: Gather Facts setup: - name: Dnsmasq installed apt: name=dnsmasq state=latest - name: Dnsmasq profile for apparmor configured template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq owner=root group=root mode=0600 notify: - restart dnsmasq - name: The dnsmasq directory created file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup - name: Enforce the dnsmasq AppArmor policy shell: aa-enforce usr.sbin.dnsmasq - name: Ensure that the dnsmasq service directory exist file: path=/etc/systemd/system/dnsmasq.service.d/ state=directory mode=0755 owner=root group=root - name: Setup the cgroup limitations for the ipsec daemon template: src=100-CustomLimitations.conf.j2 dest=/etc/systemd/system/dnsmasq.service.d/100-CustomLimitations.conf notify: - daemon-reload - restart dnsmasq - meta: flush_handlers - name: Dnsmasq configured template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf notify: - restart dnsmasq - name: Adblock script created template: src=adblock.sh dest=/opt/adblock.sh owner=root group=root mode=0755 - name: Adblock script added to cron cron: name: Adblock hosts update minute: 10 hour: 2 job: /opt/adblock.sh user: dnsmasq - name: Update adblock hosts shell: > /opt/adblock.sh become: true become_user: dnsmasq - name: Dnsmasq enabled and started service: name=dnsmasq state=started enabled=yes