Commit cd440a20 authored Jul 02, 2025 by Thomas Woerner

ipareplica: Add support for DNS over TLS

This change adds support for DNS over TLS to the ipareplica role.

New variables

ipareplica_dot_forwarders
    List of DNS over TLS forwarders. Required if ipareplica_dns_over_tls
    is enabled. (list of strings)
    required: false
ipareplica_dns_over_tls | ipaclient_dns_over_tls
    Configure DNS over TLS. Requires FreeIPA version 4.12.5 or later.
    (bool, default: false)
    required: false
ipareplica_dns_over_tls_cert
    Certificate to use for DNS over TLS. If empty, a new certificate will
    be requested from IPA CA. (string)
    required: false
ipareplica_dns_over_tls_key
    Key for certificate specified in ipareplica_dns_over_tls_cert. (string)
    required: false
ipareplica_dns_policy
    Encrypted DNS policy. Only usable if `ipareplica_dns_over_tls` is
    enabled. (choice: relaxed, enforced, default: relaxed)
    required: false

New distribution specific variable

ipareplica_packages_dot
    List of IPA packages needed for DNS over TLS.

parent e2317f30

Show whitespace changes

Inline Side-by-side

Please to comment