feat(resolved): add role

2024-11-12 23:37:12 +00:00 · 2024-10-09 19:11:19 +02:00 · 2024-10-09 19:11:19 +02:00 · 261aefc9af
commit 261aefc9af
parent 66ef48220e
4 changed files with 50 additions and 0 deletions
--- a/playbooks/systemd_resolved.yml
+++ b/playbooks/systemd_resolved.yml
@ -0,0 +1,6 @@
+---
+- name: "Switch to systemd_resolved"
+  hosts: "{{ systemd_resolved_hosts | default('systemd_resolved') }}"
+  become: true
+  roles:
+    - role: "systemd_resolved"
--- a/roles/systemd_resolved/defaults/main.yml
+++ b/roles/systemd_resolved/defaults/main.yml
@ -0,0 +1,4 @@
+---
+systemd_resolved_dns_servers:
+  - "1.1.1.1"
+  - "9.9.9.9"
--- a/roles/systemd_resolved/handlers/main.yml
+++ b/roles/systemd_resolved/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: "Restart resolved"
+  ansible.builtin.systemd:
+    name: "systemd-resolved"
+    state: "restarted"
+  listen: "restart resolved"
--- a/roles/systemd_resolved/tasks/main.yml
+++ b/roles/systemd_resolved/tasks/main.yml
@ -0,0 +1,34 @@
+---
+- name: "Install resolved"
+  ansible.builtin.package:
+    name: "systemd-resolved"
+
+- name: "Configure DNS server"
+  ansible.builtin.lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^#?DNS="
+    insertafter: "[Resolve]"
+    line: "DNS={{ systemd_resolved_dns_servers | join(' ') }}"
+  notify: "restart resolved"
+
+- name: "Enable DNSSEC"
+  ansible.builtin.lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^#?DNSSEC="
+    insertafter: "[Resolve]"
+    line: "DNSSEC=yes"
+  notify: "restart resolved"
+
+- name: "Enable resolved"
+  ansible.builtin.systemd:
+    name: "systemd-resolved"
+    masked: false
+    enabled: true
+    state: "started"
+
+- name: "Use resolved"
+  ansible.builtin.file:
+    src: "/run/systemd/resolve/stub-resolv.conf"
+    dest: "/etc/resolv.conf"
+    state: "link"
+    force: true