1 files changed, 64 insertions, 0 deletions

diff --git a/playbooks/roles/common/tasks/systemd-resolved.yml b/playbooks/roles/common/tasks/systemd-resolved.yml
new file mode 100644
index 0000000..f0f7163
--- /dev/null
+++ b/playbooks/roles/common/tasks/systemd-resolved.yml
@@ -0,0 +1,64 @@
+---
+
+- name: Add dns servers
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNS
+    value: '{{ dns_servers[0] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dns
+  when: dns_servers | length > 0
+
+- name: Add dns fallback server
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: FallbackDNS
+    value: '{{ dns_servers[1] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_fallbackdns
+  when: dns_servers | length > 1
+
+- name: Enable dnssec
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNSSEC
+    value: '{{ "yes" if dns_dnssec else "no" }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dnssec
+
+- name: Add search domains
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: Domains
+    value: '{{ dns_domains | join(" ") }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_domains
+
+- name: Stub listener
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNSStubListener
+    value: '{{ "yes" if dns_stub_listener else "no" }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_domains
+
+- name: Reload systemd-resolved
+  ansible.builtin.service:
+    name: systemd-resolved
+    state: restarted
+    enabled: true
+  when:
+    - conf_dns is changed or
+      conf_fallbackdns is changed or
+      conf_dnssec is changed or
+      conf_domains is changed