summaryrefslogtreecommitdiff
path: root/roles/common/tasks/systemd-resolved.yml
blob: 43cb132856569539f0a362bde8a536c94e6a03b1 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

---
- name: Add DNS servers
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNS
    value: '{{ dns_servers[0] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dns
  when: dns_servers | length > 0

- name: Add DNS fallback server
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: FallbackDNS
    value: '{{ dns_servers[1] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_fallbackdns
  when: dns_servers | length > 1

- name: Enable DNSSEC
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSSEC
    value: '{{ "yes" if dns_dnssec else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dnssec

- name: Add search domains
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: Domains
    value: '{{ dns_domains | join(" ") }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Check if network manager runs
  ansible.builtin.shell: pgrep systemd-resolve
  failed_when: false
  changed_when: false
  register: systemd_resolved_running
  check_mode: false

- name: Reload systemd-resolved
  ansible.builtin.systemd:
    name: systemd-resolved
    state: restarted
  when:
    - conf_dns is changed or
      conf_fallbackdns is changed or
      conf_dnssec is changed or
      conf_domains is changed
    - systemd_resolved_running.rc == 0
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-22 07:39:01 +0000