--- /dev/null
+# Copyright (c) 2025 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+ vars:
+ info: https://api.github.com/repos/DNSCrypt/dnscrypt-proxy/releases/latest
+ src: https://github.com/DNSCrypt/dnscrypt-proxy/releases/download
+ bin: dnscrypt-proxy-linux_x86_64
+ repo: "{{ ansible_local.env.vars.git_home_dir }}/server.git"
+ conf: /etc/dns
+ site: dnscrypt-proxy.conf
+ tasks:
+ - name: Fetch latest version of dnscrypt-proxy
+ uri:
+ url: "{{ info }}"
+ return_content: true
+ register: info
+ - name: Download dnscrypt-proxy
+ unarchive:
+ src: "{{ src }}/{{ ver }}/{{ bin }}-{{ ver }}.tar.gz"
+ dest: /tmp
+ copy: no
+ vars:
+ ver: "{{ info.json.tag_name }}"
+ - name: Install dnscrypt-proxy
+ copy:
+ src: /tmp/linux-x86_64/dnscrypt-proxy
+ dest: /usr/bin
+ become: true
+ - name: Set permissions for dnscrypt-proxy
+ file:
+ path: /usr/bin/dnscrypt-proxy
+ mode: 0755
+ owner: root
+ group: root
+ become: true
+ - name: Install libnginx-mod-stream
+ package:
+ name:
+ - libnginx-mod-stream
+ state: latest
+ become: true
+
+ - name: Checkout dnscrypt-proxy's configuration files to /tmp
+ command: git --work-tree=/tmp --git-dir={{ repo }} checkout main --force \
+ dnscrypt-proxy/*
+ become: true
+ - name: Create configuration directory
+ file:
+ path: "{{ conf }}"
+ state: directory
+ become: true
+ - name: Copy files to the configuration directory
+ copy:
+ src: /tmp/dnscrypt-proxy/{{ item }}
+ dest: "{{ conf }}"
+ remote_src: true
+ become: true
+ with_items:
+ - dnscrypt-proxy.toml
+ - name: Copy resolv.conf to /etc
+ copy:
+ src: /tmp/dnscrypt-proxy/resolv.conf
+ dest: /etc
+ remote_src: true
+ become: true
+ - name: Copy service file to /etc/systemd/system
+ copy:
+ src: /tmp/dnscrypt-proxy/dnscrypt-proxy.service
+ dest: /etc/systemd/system
+ remote_src: true
+ become: true
+ - name: Copy service file to /etc/systemd/system
+ copy:
+ src: /tmp/dnscrypt-proxy/dnscrypt-proxy.service
+ dest: /etc/systemd/system
+ remote_src: true
+ become: true
+ - name: Create user for running dnscrypt-proxy
+ user:
+ name: dnscrypt-proxy
+ create_home: false
+ shell: /usr/sbin/nologin
+ become: true
+
+ - name: Checkout nginx's configuration files to /tmp
+ command: git --work-tree=/tmp --git-dir={{ repo }} checkout main --force \
+ nginx/*
+ become: true
+ - name: Copy nginx configuration /etc/nginx
+ copy:
+ src: /tmp/nginx/nginx.conf
+ dest: /etc/nginx
+ remote_src: true
+ become: true
+ - name: Create directory for nginx streams
+ file:
+ path: /etc/nginx/{{ item }}
+ state: directory
+ become: true
+ with_items:
+ - streams-available
+ - streams-enabled
+ - name: Copy stream from /tmp to /etc/nginx/streams-available
+ copy:
+ src: /tmp/dnscrypt-proxy/{{ site }}
+ dest: /etc/nginx/streams-available
+ remote_src: true
+ become: true
+ - name: Enable site in nginx
+ shell: envsubst < /etc/nginx/streams-available/{{ site }} \
+ > /etc/nginx/streams-enabled/{{ site }}
+ environment: "{{ ansible_local.env.vars }}"
+ become: true
+ - name: Disable systemd-resolved
+ service:
+ name: systemd-resolved
+ state: stopped
+ become: true
+ - name: Restart dnscrypt-proxy and nginx
+ service:
+ name: "{{ item }}"
+ state: restarted
+ become: true
+ with_items:
+ - dnscrypt-proxy
+ - nginx
projects / metadata.git / commitdiff