From ccd3b8c67fa4770ad48c222f477186dc23b50146 Mon Sep 17 00:00:00 2001
From: "pulsar89.5" <pulsar@ykn.fr>
Date: Wed, 17 May 2023 13:49:56 +0200
Subject: [PATCH] =?UTF-8?q?[INFO]=20Cr=C3=A9er=20le=20r=C3=B4le?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md               |  4 ++--
 defaults/main.yml       | 20 ++++++++++++++++
 handlers/main.yml       |  8 +++++++
 meta/main.yml           |  2 +-
 tasks/main.yml          | 14 +++++++++++
 templates/stubby.yml.j2 | 52 +++++++++++++++++++++++++++++++++++++++++
 6 files changed, 97 insertions(+), 3 deletions(-)
 create mode 100644 defaults/main.yml
 create mode 100644 handlers/main.yml
 create mode 100644 tasks/main.yml
 create mode 100644 templates/stubby.yml.j2

diff --git a/README.md b/README.md
index 3edfbf7..2928611 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,3 @@
-# role_modele
+# role_stubby
 
-Modèle
\ No newline at end of file
+Rôle de déploiement de stubby.
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..aed0150
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+# defaults file for dnsmasq
+
+stubby_listen_addresses:
+  - 127.0.0.1
+  - 0::1
+
+stubby_upstream_recursive_servers:
+  - address_data: 2a0f:fc80::0
+    tls_port: 853
+    tls_auth_name: "dns0.eu"
+  - address_data: 2a0f:fc81::0
+    tls_port: 853
+    tls_auth_name: "dns0.eu"
+  - address_data: 193.110.81.0
+    tls_port: 853
+    tls_auth_name: "dns0.eu"
+  - address_data: 185.253.5.0
+    tls_port: 853
+    tls_auth_name: "dns0.eu"
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..493d3fe
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+# handlers file for stubby
+
+- name: Redémarrer stubby.service
+  ansible.builtin.systemd:
+    state: restarted
+    name: stubby.service
+  become: true
diff --git a/meta/main.yml b/meta/main.yml
index c58bebf..04dc1af 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Rôle de déploiement de stubby
 
   license: GPL-3.0-or-later
 
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..b70b2d5
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+# tasks file for stubby
+
+- name: Installer stubby
+  ansible.builtin.apt:
+    name: stubby
+  become: true
+
+- name: configurer stubby
+  ansible.builtin.template:
+    src: stubby.yml.j2
+    dest: /etc/stubby/stubby.yml
+  become: true
+  notify: Redémarrer stubby.service
diff --git a/templates/stubby.yml.j2 b/templates/stubby.yml.j2
new file mode 100644
index 0000000..c3cc1bb
--- /dev/null
+++ b/templates/stubby.yml.j2
@@ -0,0 +1,52 @@
+# {{ ansible_managed }}
+
+resolution_type: GETDNS_RESOLUTION_STUB
+dns_transport_list:
+  - GETDNS_TRANSPORT_TLS
+tls_authentication: GETDNS_AUTHENTICATION_REQUIRED
+tls_query_padding_blocksize: 128
+edns_client_subnet_private: 1
+round_robin_upstreams: 1
+idle_timeout: 10000
+listen_addresses:
+  - {{ roles.stubby.ipv4 | default("127.0.0.1") }}@{{ roles.stubby.port | default(53000) }}
+  - {{ roles.stubby.ipv6 | default("0::1") }}@{{ roles.stubby.port | default(53000) }}
+upstream_recursive_servers:
+  - address_data: 145.100.185.15
+    tls_auth_name: "dnsovertls.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
+  - address_data: 145.100.185.16
+    tls_auth_name: "dnsovertls1.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
+  - address_data: 185.49.141.37
+    tls_auth_name: "getdnsapi.net"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
+  - address_data: 2001:610:1:40ba:145:100:185:15
+    tls_auth_name: "dnsovertls.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4=
+  - address_data: 2001:610:1:40ba:145:100:185:16
+    tls_auth_name: "dnsovertls1.sinodun.com"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA=
+  - address_data: 2a04:b900:0:100::38
+    tls_auth_name: "getdnsapi.net"
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9Q=
+  - address_data: 80.67.188.188
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM=
+  - address_data: 2001:913::8
+    tls_pubkey_pinset:
+      - digest: "sha256"
+        value: WaG0kHUS5N/ny0labz85HZg+v+f0b/UQ73IZjFep0nM=