Enable DNS over TLS support for local resolvers

Currently uses local CA.
2021-09-29 19:09:58 +00:00 · 2021-09-29 19:09:58 +00:00 · 8bdf278ea6
commit 8bdf278ea6
parent 581484d207
4 changed files with 31 additions and 4 deletions
--- a/playbooks/dna-gw.yml
+++ b/playbooks/dna-gw.yml
@ -70,6 +70,24 @@
        owner: root
        group: "{{ ansible_wheel }}"

+    - name: copy dns private key
+      copy:
+        dest: "{{ tls_private }}/dns.home.foo.sh.key"
+        src: /srv/ca/private/dns.home.foo.sh.key
+        mode: 0600
+        owner: root
+        group: "{{ ansible_wheel }}"
+      tags: certificate
+      notify: restart unbound
+    - name: copy dns certificate and ca cert
+      copy:
+        dest: "{{ tls_certs }}/dns.home.foo.sh.crt"
+        src: /srv/ca/certs/dns.home.foo.sh.crt
+        mode: 0644
+        owner: root
+        group: "{{ ansible_wheel }}"
+      tags: certificate
+      notify: restart unbound
    - name: copy dns zone files
      copy:
        dest: "/var/unbound/db/{{ item }}"