freifunk/ansible-ffibk
9
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
ansible-ffibk/roles/service-bind-slave/templates/dnstls.conf.j2
Julian Labus 04c2ed7e30
service-bind-slave: add stunnel4 for DNS-over-TLS
2019-04-05 19:53:19 +02:00

66 lines
3.1 KiB
Django/Jinja
Raw Blame History

debug = warning
pid = /var/run/stunnel4/dnstls.pid
setuid = stunnel4
setgid = stunnel4
[dns-localhost]
accept = 127.0.0.1:853
connect = 127.0.0.1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
[dns-localhost-v6]
accept = ::1:853
connect = ::1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
[dns-anycast]
accept = {{ anycast_ipv4 | ipaddr('address') }}:853
connect = 127.0.0.1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
[dns-anycast-v6]
accept = {{ anycast_ipv6 | ipaddr('address') }}:853
connect = ::1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
[dns-loopback]
accept = {{ loopback_net_ipv4 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}:853
connect = 127.0.0.1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
[dns-loopback-v6]
accept = {{ loopback_net_ipv6 | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}:853
connect = ::1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
{% for mesh in meshes %}
[dns-{{ mesh.id }}]
accept = {{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }}:853
connect = 127.0.0.1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
{% for ip in mesh.ipv6_ula %}
[dns-{{ mesh.id }}-v6-{{ loop.index }}]
accept = {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}:853
connect = ::1:53
cert = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/cert.pem
key = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem
CAfile = /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/chain.pem
{% endfor %}
{% endfor %}
Reference in a new issue View git blame Copy permalink