feat(resolved): add role

famedly · Oct 9, 2024 · 261aefc · 261aefc
1 parent 66ef482
commit 261aefc
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 0 deletions.
diff --git a/playbooks/systemd_resolved.yml b/playbooks/systemd_resolved.yml
@@ -0,0 +1,6 @@
+---
+- name: "Switch to systemd_resolved"
+  hosts: "{{ systemd_resolved_hosts | default('systemd_resolved') }}"
+  become: true
+  roles:
+    - role: "systemd_resolved"
diff --git a/roles/systemd_resolved/defaults/main.yml b/roles/systemd_resolved/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+systemd_resolved_dns_servers:
+  - "1.1.1.1"
+  - "9.9.9.9"
diff --git a/roles/systemd_resolved/handlers/main.yml b/roles/systemd_resolved/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: "Restart resolved"
+  ansible.builtin.systemd:
+    name: "systemd-resolved"
+    state: "restarted"
+  listen: "restart resolved"
diff --git a/roles/systemd_resolved/tasks/main.yml b/roles/systemd_resolved/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: "Install resolved"
+  ansible.builtin.package:
+    name: "systemd-resolved"
+
+- name: "Configure DNS server"
+  ansible.builtin.lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^#?DNS="
+    insertafter: "[Resolve]"
+    line: "DNS={{ systemd_resolved_dns_servers | join(' ') }}"
+  notify: "restart resolved"
+
+- name: "Enable DNSSEC"
+  ansible.builtin.lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^#?DNSSEC="
+    insertafter: "[Resolve]"
+    line: "DNSSEC=yes"
+  notify: "restart resolved"
+
+- name: "Enable resolved"
+  ansible.builtin.systemd:
+    name: "systemd-resolved"
+    masked: false
+    enabled: true
+    state: "started"
+
+- name: "Use resolved"
+  ansible.builtin.file:
+    src: "/run/systemd/resolve/stub-resolv.conf"
+    dest: "/etc/resolv.conf"
+    state: "link"
+    force: true