1 files changed, 60 insertions, 0 deletions

diff --git a/roles/common/tasks/systemd-resolved.yml b/roles/common/tasks/systemd-resolved.yml
new file mode 100644
index 0000000..43cb132
--- /dev/null
+++ b/roles/common/tasks/systemd-resolved.yml
@@ -0,0 +1,60 @@
+---
+- name: Add DNS servers
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNS
+    value: '{{ dns_servers[0] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dns
+  when: dns_servers | length > 0
+
+- name: Add DNS fallback server
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: FallbackDNS
+    value: '{{ dns_servers[1] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_fallbackdns
+  when: dns_servers | length > 1
+
+- name: Enable DNSSEC
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNSSEC
+    value: '{{ "yes" if dns_dnssec else "no" }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dnssec
+
+- name: Add search domains
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: Domains
+    value: '{{ dns_domains | join(" ") }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_domains
+
+- name: Check if network manager runs
+  ansible.builtin.shell: pgrep systemd-resolve
+  failed_when: false
+  changed_when: false
+  register: systemd_resolved_running
+  check_mode: false
+
+- name: Reload systemd-resolved
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: restarted
+  when:
+    - conf_dns is changed or
+      conf_fallbackdns is changed or
+      conf_dnssec is changed or
+      conf_domains is changed
+    - systemd_resolved_running.rc == 0