infra/playbooks/roles/common/tasks/systemd-resolved.yml

---

- name: Add dns servers
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNS
    value: '{{ dns_servers[0] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dns
  when: dns_servers | length > 0

- name: Add dns fallback server
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: FallbackDNS
    value: '{{ dns_servers[1] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_fallbackdns
  when: dns_servers | length > 1

- name: Enable dnssec
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSSEC
    value: '{{ "yes" if dns_dnssec else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dnssec

- name: Add search domains
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: Domains
    value: '{{ dns_domains | join(" ") }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Stub listener
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSStubListener
    value: '{{ "yes" if dns_stub_listener else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Reload systemd-resolved
  ansible.builtin.service:
    name: systemd-resolved
    state: restarted
    enabled: true
  when:
    - conf_dns is changed or
      conf_fallbackdns is changed or
      conf_dnssec is changed or
      conf_domains is changed
initial commit 2024-03-17 18:21:46 -04:00			`---`

			`- name: Add dns servers`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: DNS`
			`value: '{{ dns_servers[0] }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_dns`
			`when: dns_servers \| length > 0`

			`- name: Add dns fallback server`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: FallbackDNS`
			`value: '{{ dns_servers[1] }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_fallbackdns`
			`when: dns_servers \| length > 1`

			`- name: Enable dnssec`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: DNSSEC`
			`value: '{{ "yes" if dns_dnssec else "no" }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_dnssec`

			`- name: Add search domains`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: Domains`
			`value: '{{ dns_domains \| join(" ") }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_domains`

			`- name: Stub listener`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: DNSStubListener`
			`value: '{{ "yes" if dns_stub_listener else "no" }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_domains`

			`- name: Reload systemd-resolved`
			`ansible.builtin.service:`
			`name: systemd-resolved`
			`state: restarted`
			`enabled: true`
			`when:`
			`- conf_dns is changed or`
			`conf_fallbackdns is changed or`
			`conf_dnssec is changed or`
			`conf_domains is changed`