From 3b818dc0b9c415124a6c16a85e757e45ebed7249 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Mon, 1 Jan 2024 00:36:31 -0500
Subject: initial common setup

---
 roles/common/tasks/systemd-resolved.yml | 60 +++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 roles/common/tasks/systemd-resolved.yml

(limited to 'roles/common/tasks/systemd-resolved.yml')

diff --git a/roles/common/tasks/systemd-resolved.yml b/roles/common/tasks/systemd-resolved.yml
new file mode 100644
index 0000000..43cb132
--- /dev/null
+++ b/roles/common/tasks/systemd-resolved.yml
@@ -0,0 +1,60 @@
+---
+- name: Add DNS servers
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNS
+    value: '{{ dns_servers[0] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dns
+  when: dns_servers | length > 0
+
+- name: Add DNS fallback server
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: FallbackDNS
+    value: '{{ dns_servers[1] }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_fallbackdns
+  when: dns_servers | length > 1
+
+- name: Enable DNSSEC
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: DNSSEC
+    value: '{{ "yes" if dns_dnssec else "no" }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_dnssec
+
+- name: Add search domains
+  community.general.ini_file:
+    path: /etc/systemd/resolved.conf
+    section: Resolve
+    option: Domains
+    value: '{{ dns_domains | join(" ") }}'
+    mode: '0644'
+    no_extra_spaces: true
+  register: conf_domains
+
+- name: Check if network manager runs
+  ansible.builtin.shell: pgrep systemd-resolve
+  failed_when: false
+  changed_when: false
+  register: systemd_resolved_running
+  check_mode: false
+
+- name: Reload systemd-resolved
+  ansible.builtin.systemd:
+    name: systemd-resolved
+    state: restarted
+  when:
+    - conf_dns is changed or
+      conf_fallbackdns is changed or
+      conf_dnssec is changed or
+      conf_domains is changed
+    - systemd_resolved_running.rc == 0
-- 
cgit v1.2.3-70-g09d2