Compare commits
1 commit
98d1bb9d14
...
ad062b280d
| Author | SHA1 | Date | |
|---|---|---|---|
| ad062b280d |
10 changed files with 0 additions and 152 deletions
|
|
@ -2,4 +2,3 @@
|
||||||
dependencies:
|
dependencies:
|
||||||
- role: deploy_ssh_server_config
|
- role: deploy_ssh_server_config
|
||||||
- role: deploy_systemd_journal_config
|
- role: deploy_systemd_journal_config
|
||||||
- role: deploy_systemd_resolved_config
|
|
||||||
|
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
||||||
# Role `deploy_systemd_resolved_config`
|
|
||||||
|
|
||||||
A role for deploying a minimal configuration for [systemd-resolved](https://man.archlinux.org/man/systemd-resolved.8) or alternatively completely disabling it.
|
|
||||||
|
|
||||||
!! Note
|
|
||||||
If systemd-resolved is disabled, the configuration is instead rendered directly into `/etc/resolv.conf` to ensure a node does not accidentally lose name resolving capabilities.
|
|
||||||
|
|
||||||
## Optional Arguments
|
|
||||||
|
|
||||||
- `deploy_systemd_resolved_config__enable` (defaults to `true`) decides whether systemd-resolved should be enabled or disabled.
|
|
||||||
|
|
||||||
- `deploy_systemd_resolved_config__mode` (defaults to `stub`) controls which compatibility mode is used for `/etc/resolv.conf` when systemd-resolved is enabled. See [man systemd-resolved(8)](https://man.archlinux.org/man/systemd-resolved.8#/ETC/RESOLV.CONF).
|
|
||||||
|
|
||||||
- `deploy_systemd_resolved_config__dns` is the list of primary DNS servers that will be configured. If e.g. a specific link configures other DNS servers, they will take precedence.
|
|
||||||
|
|
||||||
- `deploy_systemd_resolved_config__fallback_dns` (defaults to Quad9) is the list of fallback DNS servers. If, at runtime, none of the configured primary DNS servers are reachable, these servers will be used as fallback.
|
|
||||||
|
|
||||||
## Hosts
|
|
||||||
|
|
||||||
This role is included as a dependency to [base_config](../base_config/) and therefore does not need to be explicitly pulled in.
|
|
||||||
|
|
||||||
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
deploy_systemd_resolved_config__enable: true
|
|
||||||
deploy_systemd_resolved_config__mode: "stub"
|
|
||||||
deploy_systemd_resolved_config__dns: [ ]
|
|
||||||
deploy_systemd_resolved_config__fallback_dns:
|
|
||||||
- "9.9.9.9"
|
|
||||||
- "149.112.112.112"
|
|
||||||
- "2620:fe::fe"
|
|
||||||
- "2620:fe::9"
|
|
||||||
|
|
@ -1,7 +0,0 @@
|
||||||
---
|
|
||||||
- name: "reload systemd-resolved"
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: "systemd-resolved.service"
|
|
||||||
state: "restarted"
|
|
||||||
|
|
@ -1,21 +0,0 @@
|
||||||
---
|
|
||||||
argument_specs:
|
|
||||||
main:
|
|
||||||
options:
|
|
||||||
deploy_systemd_resolved_config__enable:
|
|
||||||
description: "Whether systemd-resolved should be enabled or disabled"
|
|
||||||
type: bool
|
|
||||||
required: false
|
|
||||||
deploy_systemd_resolved_config__mode:
|
|
||||||
description: "Which /etc/resolv.conf compatibility mode should be configured"
|
|
||||||
type: str
|
|
||||||
required: false
|
|
||||||
choices: [ "stub", "static-stub", "passthru", "extern" ]
|
|
||||||
deploy_systemd_resolved_config__dns:
|
|
||||||
description: "A list of DNS servers that will be configured as default dns servers"
|
|
||||||
type: list
|
|
||||||
required: false
|
|
||||||
deploy_systemd_resolved_config__fallback_dns:
|
|
||||||
description: "A list of fallback DNS servers that will be configured"
|
|
||||||
type: list
|
|
||||||
required: false
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
||||||
---
|
|
||||||
- name: Ensure /etc/resolv.conf is a plain file
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "/etc/resolv.conf"
|
|
||||||
state: file
|
|
||||||
|
|
||||||
- name: Write nameserver config directly into /etc/resolv.conf
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "resolv.conf.j2"
|
|
||||||
dest: "/etc/resolv.conf"
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=r
|
|
||||||
|
|
||||||
- name: Disable systemd-resolved
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: "systemd-resolved.service"
|
|
||||||
state: stopped
|
|
||||||
enabled: false
|
|
||||||
|
|
@ -1,36 +0,0 @@
|
||||||
---
|
|
||||||
- name: Deploy systemd-resolved config
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
notify: "reload systemd-resolved"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: resolved.conf.j2
|
|
||||||
dest: /etc/systemd/resolved.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: u=rw,g=r,o=r
|
|
||||||
|
|
||||||
- name: Make /etc/resolv.conf points to systemd-resolved
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
when: deploy_systemd_resolved_config__mode != "extern"
|
|
||||||
ansible.builtin.file: # noqa: jinja
|
|
||||||
path: /etc/resolv.conf
|
|
||||||
state: link
|
|
||||||
force: true
|
|
||||||
src: >-
|
|
||||||
{%- if deploy_systemd_resolved_config__mode == "stub" -%}
|
|
||||||
/run/systemd/resolve/stub-resolv.conf
|
|
||||||
{%- elif deploy_systemd_resolved_config__mode == "static-stub" -%}
|
|
||||||
/usr/lib/systemd/resolv.conf
|
|
||||||
{%- elif deploy_systemd_resolved_config__mode == "passthru" -%}
|
|
||||||
/run/systemd/resolve/resolv.conf
|
|
||||||
{%- endif -%}
|
|
||||||
|
|
||||||
- name: Ensure systemd-resolved is running and enabled
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
become: true
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: systemd-resolved.service
|
|
||||||
state: started
|
|
||||||
enabled: true
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
- name: Include enable.yaml
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
ansible.builtin.include_tasks: enable.yaml
|
|
||||||
when: deploy_systemd_resolved_config__enable
|
|
||||||
|
|
||||||
- name: Include disable.yaml
|
|
||||||
tags: [ "deploy_systemd_resolved_config" ]
|
|
||||||
ansible.builtin.include_tasks: disable.yaml
|
|
||||||
when: not deploy_systemd_resolved_config__enable
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
{% for i in deploy_systemd_resolved_config__dns %}
|
|
||||||
nameserver {{ i }}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
{% for i in deploy_systemd_resolved_config__fallback_dns %}
|
|
||||||
nameserver {{ i }}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
options edns0
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
||||||
# {{ ansible_managed }}
|
|
||||||
|
|
||||||
# Since the config supports drop-in files,
|
|
||||||
# use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.'
|
|
||||||
#
|
|
||||||
# See resolved.conf(5) for details
|
|
||||||
|
|
||||||
[Resolve]
|
|
||||||
DNS={{ deploy_systemd_resolved_config__dns | join(" ") }}
|
|
||||||
FallbackDNS={{ deploy_systemd_resolved_config__fallback_dns | join(" ") }}
|
|
||||||
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue