mirror of
https://github.com/trailofbits/algo
synced 2024-11-16 12:12:55 +00:00
54 lines
1.4 KiB
YAML
54 lines
1.4 KiB
YAML
- name: Gather Facts
|
|
setup:
|
|
|
|
- name: Dnsmasq installed
|
|
apt: name=dnsmasq state=latest
|
|
|
|
- name: Dnsmasq profile for apparmor configured
|
|
template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq owner=root group=root mode=0600
|
|
notify:
|
|
- restart dnsmasq
|
|
|
|
- name: The dnsmasq directory created
|
|
file: dest=/var/lib/dnsmasq state=directory mode=0755 owner=dnsmasq group=nogroup
|
|
|
|
- name: Enforce the dnsmasq AppArmor policy
|
|
shell: aa-enforce usr.sbin.dnsmasq
|
|
|
|
- name: Ensure that the dnsmasq service directory exist
|
|
file: path=/etc/systemd/system/dnsmasq.service.d/ state=directory mode=0755 owner=root group=root
|
|
|
|
- name: Setup the cgroup limitations for the ipsec daemon
|
|
template: src=100-CustomLimitations.conf.j2 dest=/etc/systemd/system/dnsmasq.service.d/100-CustomLimitations.conf
|
|
notify:
|
|
- daemon-reload
|
|
- restart dnsmasq
|
|
|
|
- meta: flush_handlers
|
|
|
|
- name: Dnsmasq configured
|
|
template: src=dnsmasq.conf.j2 dest=/etc/dnsmasq.conf
|
|
notify:
|
|
- restart dnsmasq
|
|
|
|
- name: Adblock script created
|
|
template: src=adblock.sh dest=/opt/adblock.sh owner=root group=root mode=0755
|
|
|
|
- name: Adblock script added to cron
|
|
cron:
|
|
name: Adblock hosts update
|
|
minute: 10
|
|
hour: 2
|
|
job: /opt/adblock.sh
|
|
user: dnsmasq
|
|
|
|
- name: Update adblock hosts
|
|
shell: >
|
|
/opt/adblock.sh
|
|
become: true
|
|
become_user: dnsmasq
|
|
|
|
- name: Dnsmasq enabled and started
|
|
service: name=dnsmasq state=started enabled=yes
|
|
|