diff --git a/roles/base_config/meta/main.yaml b/roles/base_config/meta/main.yaml index d7cc109..d1704a2 100644 --- a/roles/base_config/meta/main.yaml +++ b/roles/base_config/meta/main.yaml @@ -2,4 +2,3 @@ dependencies: - role: deploy_ssh_server_config - role: deploy_systemd_journal_config - - role: deploy_systemd_resolved_config diff --git a/roles/deploy_systemd_resolved_config/README.md b/roles/deploy_systemd_resolved_config/README.md deleted file mode 100644 index fbd6c78..0000000 --- a/roles/deploy_systemd_resolved_config/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Role `deploy_systemd_resolved_config` - -A role for deploying a minimal configuration for [systemd-resolved](https://man.archlinux.org/man/systemd-resolved.8) or alternatively completely disabling it. - -!! Note -If systemd-resolved is disabled, the configuration is instead rendered directly into `/etc/resolv.conf` to ensure a node does not accidentally lose name resolving capabilities. - -## Optional Arguments - -- `deploy_systemd_resolved_config__enable` (defaults to `true`) decides whether systemd-resolved should be enabled or disabled. - -- `deploy_systemd_resolved_config__mode` (defaults to `stub`) controls which compatibility mode is used for `/etc/resolv.conf` when systemd-resolved is enabled. See [man systemd-resolved(8)](https://man.archlinux.org/man/systemd-resolved.8#/ETC/RESOLV.CONF). - -- `deploy_systemd_resolved_config__dns` is the list of primary DNS servers that will be configured. If e.g. a specific link configures other DNS servers, they will take precedence. - -- `deploy_systemd_resolved_config__fallback_dns` (defaults to Quad9) is the list of fallback DNS servers. If, at runtime, none of the configured primary DNS servers are reachable, these servers will be used as fallback. - -## Hosts - -This role is included as a dependency to [base_config](../base_config/) and therefore does not need to be explicitly pulled in. - diff --git a/roles/deploy_systemd_resolved_config/defaults/main.yaml b/roles/deploy_systemd_resolved_config/defaults/main.yaml deleted file mode 100644 index c322507..0000000 --- a/roles/deploy_systemd_resolved_config/defaults/main.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -deploy_systemd_resolved_config__enable: true -deploy_systemd_resolved_config__mode: "stub" -deploy_systemd_resolved_config__dns: [ ] -deploy_systemd_resolved_config__fallback_dns: - - "9.9.9.9" - - "149.112.112.112" - - "2620:fe::fe" - - "2620:fe::9" diff --git a/roles/deploy_systemd_resolved_config/handlers/main.yaml b/roles/deploy_systemd_resolved_config/handlers/main.yaml deleted file mode 100644 index b40760b..0000000 --- a/roles/deploy_systemd_resolved_config/handlers/main.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- name: "reload systemd-resolved" - tags: [ "deploy_systemd_resolved_config" ] - become: true - ansible.builtin.systemd: - name: "systemd-resolved.service" - state: "restarted" diff --git a/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml b/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml deleted file mode 100644 index d9ad05f..0000000 --- a/roles/deploy_systemd_resolved_config/meta/argument_specs.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -argument_specs: - main: - options: - deploy_systemd_resolved_config__enable: - description: "Whether systemd-resolved should be enabled or disabled" - type: bool - required: false - deploy_systemd_resolved_config__mode: - description: "Which /etc/resolv.conf compatibility mode should be configured" - type: str - required: false - choices: [ "stub", "static-stub", "passthru", "extern" ] - deploy_systemd_resolved_config__dns: - description: "A list of DNS servers that will be configured as default dns servers" - type: list - required: false - deploy_systemd_resolved_config__fallback_dns: - description: "A list of fallback DNS servers that will be configured" - type: list - required: false diff --git a/roles/deploy_systemd_resolved_config/tasks/disable.yaml b/roles/deploy_systemd_resolved_config/tasks/disable.yaml deleted file mode 100644 index 9092116..0000000 --- a/roles/deploy_systemd_resolved_config/tasks/disable.yaml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Ensure /etc/resolv.conf is a plain file - tags: [ "deploy_systemd_resolved_config" ] - become: true - ansible.builtin.file: - path: "/etc/resolv.conf" - state: file - -- name: Write nameserver config directly into /etc/resolv.conf - tags: [ "deploy_systemd_resolved_config" ] - become: true - ansible.builtin.template: - src: "resolv.conf.j2" - dest: "/etc/resolv.conf" - owner: root - group: root - mode: u=rw,g=r,o=r - -- name: Disable systemd-resolved - tags: [ "deploy_systemd_resolved_config" ] - become: true - ansible.builtin.systemd: - name: "systemd-resolved.service" - state: stopped - enabled: false diff --git a/roles/deploy_systemd_resolved_config/tasks/enable.yaml b/roles/deploy_systemd_resolved_config/tasks/enable.yaml deleted file mode 100644 index 395ef0d..0000000 --- a/roles/deploy_systemd_resolved_config/tasks/enable.yaml +++ /dev/null @@ -1,36 +0,0 @@ ---- -- name: Deploy systemd-resolved config - tags: [ "deploy_systemd_resolved_config" ] - become: true - notify: "reload systemd-resolved" - ansible.builtin.template: - src: resolved.conf.j2 - dest: /etc/systemd/resolved.conf - owner: root - group: root - mode: u=rw,g=r,o=r - -- name: Make /etc/resolv.conf points to systemd-resolved - tags: [ "deploy_systemd_resolved_config" ] - become: true - when: deploy_systemd_resolved_config__mode != "extern" - ansible.builtin.file: # noqa: jinja - path: /etc/resolv.conf - state: link - force: true - src: >- - {%- if deploy_systemd_resolved_config__mode == "stub" -%} - /run/systemd/resolve/stub-resolv.conf - {%- elif deploy_systemd_resolved_config__mode == "static-stub" -%} - /usr/lib/systemd/resolv.conf - {%- elif deploy_systemd_resolved_config__mode == "passthru" -%} - /run/systemd/resolve/resolv.conf - {%- endif -%} - -- name: Ensure systemd-resolved is running and enabled - tags: [ "deploy_systemd_resolved_config" ] - become: true - ansible.builtin.systemd: - name: systemd-resolved.service - state: started - enabled: true diff --git a/roles/deploy_systemd_resolved_config/tasks/main.yaml b/roles/deploy_systemd_resolved_config/tasks/main.yaml deleted file mode 100644 index 00bc293..0000000 --- a/roles/deploy_systemd_resolved_config/tasks/main.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: Include enable.yaml - tags: [ "deploy_systemd_resolved_config" ] - ansible.builtin.include_tasks: enable.yaml - when: deploy_systemd_resolved_config__enable - -- name: Include disable.yaml - tags: [ "deploy_systemd_resolved_config" ] - ansible.builtin.include_tasks: disable.yaml - when: not deploy_systemd_resolved_config__enable diff --git a/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 b/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 deleted file mode 100644 index fd06a1a..0000000 --- a/roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# {{ ansible_managed }} - -{% for i in deploy_systemd_resolved_config__dns %} -nameserver {{ i }} -{% endfor %} - -{% for i in deploy_systemd_resolved_config__fallback_dns %} -nameserver {{ i }} -{% endfor %} - -options edns0 diff --git a/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 b/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 deleted file mode 100644 index 67968e4..0000000 --- a/roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 +++ /dev/null @@ -1,11 +0,0 @@ -# {{ ansible_managed }} - -# Since the config supports drop-in files, -# use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.' -# -# See resolved.conf(5) for details - -[Resolve] -DNS={{ deploy_systemd_resolved_config__dns | join(" ") }} -FallbackDNS={{ deploy_systemd_resolved_config__fallback_dns | join(" ") }} -