infra/ansible/roles/common/tasks/dnscrypt.yml

---
- name: Stop and disable systemd-resolved
  become: true
  ansible.builtin.systemd:
    name: systemd-resolved
    state: stopped
    enabled: false

- name: Copy /etc/resolv.conf
  become: true
  ansible.builtin.copy:
    src: etc/resolv.conf
    dest: /etc/resolv.conf
    mode: 0644
    attributes: +i
    follow: false


- name: Copy dnscrypt-proxy.toml configuration
  become: true
  ansible.builtin.template:
    src: etc/dnscrypt-proxy/dnscrypt-proxy.toml.j2
    dest: "{{ dnscrypt_confpath }}"
    # owner: dnscrypt-proxy
    # group: dnscrypt-proxy
    mode: '0640'
    attributes: +i
    validate: dnscrypt-proxy -check -config %s

- name: Start and enable dnscrypt-proxy
  become: true
  systemd:
    name: dnscrypt-proxy
    state: restarted
    enabled: true
...