CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 10 Wiki Activity Actions

add capability to disable systemd-resolved via role #86

Open
lilly wants to merge 1 commit from add-systemd-resolved-config-role into main
pull from: add-systemd-resolved-config-role
merge into: CCCHH:main
Conversation 0 Commits 1 Files changed 9 +131
9 changed files with 131 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 58ced1a85e - Show all commits

add capability to disable systemd-resolved to base_config role
All checks were successful
/ Ansible Lint (push) Successful in 2m28s
Details
/ Ansible Lint (pull_request) Successful in 2m24s
Details

Prev Next
lilly 2026-04-30 23:12:08 +02:00
commit 58ced1a85e
Signed by: lilly
SSH key fingerprint: SHA256:y9T5GFw2A20WVklhetIxG1+kcg/Ce0shnQmbu1LQ37g

1
roles/base_config/meta/main.yaml
View file

@ -2,3 +2,4 @@
dependencies: dependencies:
- role: deploy_ssh_server_config - role: deploy_ssh_server_config
- role: deploy_systemd_journal_config - role: deploy_systemd_journal_config
- role: deploy_systemd_resolved_config

9
roles/deploy_systemd_resolved_config/defaults/main.yaml Normal file
View file

@ -0,0 +1,9 @@
---
deploy_systemd_resolved_config__enable: true
deploy_systemd_resolved_config__mode: "stub"
deploy_systemd_resolved_config__dns: [ ]
deploy_systemd_resolved_config__fallback_dns:
- "9.9.9.9"
- "149.112.112.112"
- "2620:fe::fe"
- "2620:fe::9"

7
roles/deploy_systemd_resolved_config/handlers/main.yaml Normal file
View file

@ -0,0 +1,7 @@
---
- name: "reload systemd-resolved"
tags: [ "deploy_systemd_resolved_config" ]
become: true
ansible.builtin.systemd:
name: "systemd-resolved.service"
state: "restarted"

21
roles/deploy_systemd_resolved_config/meta/argument_specs.yaml Normal file
View file

@ -0,0 +1,21 @@
---
argument_specs:
main:
options:
deploy_systemd_resolved_config__enable:
description: "Whether systemd-resolved should be enabled or disabled"
type: bool
required: false
deploy_systemd_resolved_config__mode:
description: "Which /etc/resolv.conf compatibility mode should be configured"
type: str
required: false
choices: [ "stub", "static-stub", "passthru", "extern" ]
deploy_systemd_resolved_config__dns:
description: "A list of DNS servers that will be configured as default dns servers"
type: list
required: false
deploy_systemd_resolved_config__fallback_dns:
description: "A list of fallback DNS servers that will be configured"
type: list
required: false

25
roles/deploy_systemd_resolved_config/tasks/disable.yaml Normal file
View file

@ -0,0 +1,25 @@
---
- name: Ensure /etc/resolv.conf is a plain file
tags: [ "deploy_systemd_resolved_config" ]
become: true
ansible.builtin.file:
path: "/etc/resolv.conf"
state: file
- name: Write nameserver config directly into /etc/resolv.conf
tags: [ "deploy_systemd_resolved_config" ]
become: true
ansible.builtin.template:
src: "resolv.conf.j2"
dest: "/etc/resolv.conf"
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Disable systemd-resolved
tags: [ "deploy_systemd_resolved_config" ]
become: true
ansible.builtin.systemd:
name: "systemd-resolved.service"
state: stopped
enabled: false

36
roles/deploy_systemd_resolved_config/tasks/enable.yaml Normal file
View file

@ -0,0 +1,36 @@
---
- name: Deploy systemd-resolved config
tags: [ "deploy_systemd_resolved_config" ]
become: true
notify: "reload systemd-resolved"
ansible.builtin.template:
src: resolved.conf.j2
dest: /etc/systemd/resolved.conf
owner: root
group: root
mode: u=rw,g=r,o=r
- name: Make /etc/resolv.conf points to systemd-resolved
tags: [ "deploy_systemd_resolved_config" ]
become: true
when: deploy_systemd_resolved_config__mode != "extern"
ansible.builtin.file: # noqa: jinja
path: /etc/resolv.conf
state: link
force: true
src: >-
{%- if deploy_systemd_resolved_config__mode == "stub" -%}
/run/systemd/resolve/stub-resolv.conf
{%- elif deploy_systemd_resolved_config__mode == "static-stub" -%}
/usr/lib/systemd/resolv.conf
{%- elif deploy_systemd_resolved_config__mode == "passthru" -%}
/run/systemd/resolve/resolv.conf
{%- endif -%}
- name: Ensure systemd-resolved is running and enabled
tags: [ "deploy_systemd_resolved_config" ]
become: true
ansible.builtin.systemd:
name: systemd-resolved.service
state: started
enabled: true

10
roles/deploy_systemd_resolved_config/tasks/main.yaml Normal file
View file

@ -0,0 +1,10 @@
---
- name: Include enable.yaml
tags: [ "deploy_systemd_resolved_config" ]
ansible.builtin.include_tasks: enable.yaml
when: deploy_systemd_resolved_config__enable
- name: Include disable.yaml
tags: [ "deploy_systemd_resolved_config" ]
ansible.builtin.include_tasks: disable.yaml
when: not deploy_systemd_resolved_config__enable

11
roles/deploy_systemd_resolved_config/templates/resolv.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
# {{ ansible_managed }}
{% for i in deploy_systemd_resolved_config__dns %}
nameserver {{ i }}
{% endfor %}
{% for i in deploy_systemd_resolved_config__fallback_dns %}
nameserver {{ i }}
{% endfor %}
options edns0

11
roles/deploy_systemd_resolved_config/templates/resolved.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
# {{ ansible_managed }}
# Since the config supports drop-in files,
# use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.'
#
# See resolved.conf(5) for details
[Resolve]
DNS={{ deploy_systemd_resolved_config__dns | join(" ") }}
FallbackDNS={{ deploy_systemd_resolved_config__fallback_dns | join(" ") }}