~sirn/gridns.xyz

97920bf6b15aa60e2518ee72edce40457f6a4d3b — Kridsada Thanabulpong 4 years ago 776e7bd
[dnscrypt-proxy] remove, replaced with plain dns query
4 files changed, 7 insertions(+), 165 deletions(-)

M playbook.yml
D roles/dnscrypt-proxy/defaults/main.yml
M roles/dnscrypt-proxy/tasks/main.yml
D roles/dnscrypt-proxy/templates/dnscrypt-proxy.toml.j2
M playbook.yml => playbook.yml +0 -5
@@ 81,11 81,6 @@
- hosts: dns
  tasks:
    - import_role:
        name: dnscrypt-proxy
      tags:
        - dnscrypt-proxy

    - import_role:
        name: unbound-blocklist
      tags:
        - unbound-blocklist

D roles/dnscrypt-proxy/defaults/main.yml => roles/dnscrypt-proxy/defaults/main.yml +0 -45
@@ 1,45 0,0 @@
---
dnscrypt_proxy_addresses:
  - "127.0.0.1:5353"

dnscrypt_proxy_cache: yes

dnscrypt_proxy_cache_size: 512

dnscrypt_proxy_cache_min_ttl: 600

dnscrypt_proxy_cache_max_ttl: 86400

dnscrypt_proxy_cache_neg_min_ttl: 60

dnscrypt_proxy_cache_neg_max_ttl: 600

dnscrypt_proxy_fallback_resolver: "1.1.1.1:53"

dnscrypt_proxy_logger: |
  #!/usr/local/bin/execlineb -P
  s6-log -b n10 s1000000 t !"gzip -nq9" /var/log/dnscrypt-proxy/

dnscrypt_proxy_max_clients: 100

dnscrypt_proxy_require_servers:
  - dnssec
  - nolog
  - nofilter

dnscrypt_proxy_sources:
  - name: public-resolvers
    urls:
      - https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md
      - https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
    minisign_key: RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3
    refresh_delay: 72
    prefix: ''

dnscrypt_proxy_use_servers:
  - ipv4
  - dnscrypt
  - doh

dnscrypt_proxy_upstreams:
  - cloudflare

M roles/dnscrypt-proxy/tasks/main.yml => roles/dnscrypt-proxy/tasks/main.yml +7 -59
@@ 1,69 1,17 @@
---
## Install
##

- name: install dnscrypt-proxy
  become: yes
  pkgng:
    name: dnscrypt-proxy2
    state: present
  notify:
    - restart dnscrypt-proxy


## Configure
##

- name: configure dnscrypt-proxy
  become: yes
  template:
    src: dnscrypt-proxy.toml.j2
    dest: /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml
  notify:
    - restart dnscrypt-proxy


## Supervise
##

- name: ensure dnscrypt-proxy service directories
- name: delete dnscrypt-proxy service directories
  become: yes
  file:
    dest: "{{item}}"
    state: directory
  with_items:
    - /var/service/dnscrypt-proxy
    - /var/service/dnscrypt-proxy/log

- name: install dnscrypt-proxy service
  become: yes
  copy:
    dest: /var/service/dnscrypt-proxy/run
    mode: 0555
    content: |
      #!/usr/local/bin/execlineb -P
      fdmove -c 2 1
      {% if dnscrypt_proxy_drop_privileges_early %}
      s6-setuidgid _dnscrypt-proxy
      {% endif %}
      /usr/local/sbin/dnscrypt-proxy -config /usr/local/etc/dnscrypt-proxy/dnscrypt-proxy.toml
    dest: "/var/service/dnscrypt-proxy"
    state: absent
  notify:
    - rescan s6
    - restart dnscrypt-proxy

- name: install dnscrypt-proxy log service
- name: remove dnscrypt-proxy
  become: yes
  copy:
    dest: /var/service/dnscrypt-proxy/log/run
    mode: 0555
    content: "{{dnscrypt_proxy_logger}}"
  notify:
    - rescan s6
    - restart dnscrypt-proxy logger


## Per-role flush
##
  pkgng:
    name: dnscrypt-proxy2
    state: absent

- name: flush handler
  become: yes

D roles/dnscrypt-proxy/templates/dnscrypt-proxy.toml.j2 => roles/dnscrypt-proxy/templates/dnscrypt-proxy.toml.j2 +0 -56
@@ 1,56 0,0 @@
{% if dnscrypt_proxy_upstreams %}
server_names = [{% for upstream in dnscrypt_proxy_upstreams %}"{{upstream}}"{% if not loop.last %}, {% endif %}{% endfor %}]
{% endif %}
listen_addresses = [{% for addr in dnscrypt_proxy_addresses %}"{{addr}}"{% if not loop.last %}, {% endif %}{% endfor %}]
max_clients = {{dnscrypt_proxy_max_clients}}
{% if not dnscrypt_proxy_drop_privileges_early %}
username = "_dnscrypt-proxy"
{% endif %}

{% if dnscrypt_proxy_use_servers %}
## Require servers
##

{% for server in dnscrypt_proxy_use_servers %}
{{server}}_servers = true
{% endfor %}

{% endif %}
{% if dnscrypt_proxy_require_servers %}
## Require properties
##

{% for require in dnscrypt_proxy_require_servers %}
require_{{require}} = true
{% endfor %}

{% endif %}
force_tcp = false
timeout = 2500
cert_refresh_delay = 240
fallback_resolver = "{{dnscrypt_proxy_fallback_resolver}}"
ignore_system_dns = true
block_ipv6 = false

{% if dnscrypt_proxy_cache %}
## Cache
##

cache = true
cache_size = {{dnscrypt_proxy_cache_size}}
cache_min_ttl = {{dnscrypt_proxy_cache_min_ttl}}
cache_max_ttl = {{dnscrypt_proxy_cache_max_ttl}}
cache_neg_min_ttl = {{dnscrypt_proxy_cache_neg_min_ttl}}
cache_neg_max_ttl = {{dnscrypt_proxy_cache_neg_max_ttl}}

{% endif %}
[sources]
{% for source in dnscrypt_proxy_sources %}

  [sources.{{source.name}}]
  urls = [{% for u in source.urls %}"{{u}}"{% if not loop.last %}, {% endif %}{% endfor %}]
  cache_file = "{{source.name}}.md"
  minisign_key = "{{source.minisign_key}}"
  refresh_delay = {{source.refresh_delay}}
  prefix = "{{source.prefix}}"
{% endfor %}