summaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/common/files/docker-compose@.service7
-rw-r--r--roles/common/tasks/main.yml22
-rw-r--r--roles/common/tasks/systemd-resolved.yml70
3 files changed, 5 insertions, 94 deletions
diff --git a/roles/common/files/docker-compose@.service b/roles/common/files/docker-compose@.service
index a0182d4..bc2fbcc 100644
--- a/roles/common/files/docker-compose@.service
+++ b/roles/common/files/docker-compose@.service
@@ -4,10 +4,13 @@ Requires=docker.service
After=docker.service
[Service]
-Type=oneshot
+Type=simple
+Restart=always
+RestartSec=3
RemainAfterExit=true
WorkingDirectory=/etc/docker/compose/%i
-ExecStart=/usr/bin/docker compose up -d --remove-orphans
+ExecStartPre=/usr/bin/docker compose pull
+ExecStart=/usr/bin/docker compose up --detach --remove-orphans
ExecStop=/usr/bin/docker compose down
[Install]
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 6d2296c..cf29d0d 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -113,25 +113,3 @@
- name: restart fail2ban
service: name=fail2ban state=restarted enabled=yes
-
-# DNS
-- name: install systemd-resolved
- apt: name=systemd-resolved state=latest
-
-- name: Check if systemd-resolved config exists
- ansible.builtin.stat:
- path: /etc/systemd/resolved.conf
- register: systemd_resolved_config
- check_mode: false
-
-- name: Update DNS servers for systemd-resolvd
- ansible.builtin.include_tasks:
- file: 'systemd-resolved.yml'
- when: systemd_resolved_config.stat.exists | bool
-
-- name: Check if systemd-resolved runs
- ansible.builtin.shell: pgrep systemd-resolve
- failed_when: false
- changed_when: false
- register: systemd_resolved_running
- check_mode: false
diff --git a/roles/common/tasks/systemd-resolved.yml b/roles/common/tasks/systemd-resolved.yml
deleted file mode 100644
index dbf9742..0000000
--- a/roles/common/tasks/systemd-resolved.yml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-- name: Add DNS servers
- community.general.ini_file:
- path: /etc/systemd/resolved.conf
- section: Resolve
- option: DNS
- value: '{{ dns_servers[0] }}'
- mode: '0644'
- no_extra_spaces: true
- register: conf_dns
- when: dns_servers | length > 0
-
-- name: Add DNS fallback server
- community.general.ini_file:
- path: /etc/systemd/resolved.conf
- section: Resolve
- option: FallbackDNS
- value: '{{ dns_servers[1] }}'
- mode: '0644'
- no_extra_spaces: true
- register: conf_fallbackdns
- when: dns_servers | length > 1
-
-- name: Enable DNSSEC
- community.general.ini_file:
- path: /etc/systemd/resolved.conf
- section: Resolve
- option: DNSSEC
- value: '{{ "yes" if dns_dnssec else "no" }}'
- mode: '0644'
- no_extra_spaces: true
- register: conf_dnssec
-
-- name: Add search domains
- community.general.ini_file:
- path: /etc/systemd/resolved.conf
- section: Resolve
- option: Domains
- value: '{{ dns_domains | join(" ") }}'
- mode: '0644'
- no_extra_spaces: true
- register: conf_domains
-
-- name: stub listener
- community.general.ini_file:
- path: /etc/systemd/resolved.conf
- section: Resolve
- option: DNSStubListener
- value: '{{ "yes" if dns_stub_listener else "no" }}'
- mode: '0644'
- no_extra_spaces: true
- register: conf_domains
-
-- name: Check if systemd-resolve runs
- ansible.builtin.shell: pgrep systemd-resolve
- failed_when: false
- changed_when: false
- register: systemd_resolved_running
- check_mode: false
-
-- name: Reload systemd-resolved
- ansible.builtin.systemd:
- name: systemd-resolved
- state: restarted
- when:
- - conf_dns is changed or
- conf_fallbackdns is changed or
- conf_dnssec is changed or
- conf_domains is changed
- - systemd_resolved_running.rc == 0
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-22 18:44:45 +0000