---

- name: Add dns servers
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNS
    value: '{{ dns_servers[0] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dns
  when: dns_servers | length > 0

- name: Add dns fallback server
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: FallbackDNS
    value: '{{ dns_servers[1] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_fallbackdns
  when: dns_servers | length > 1

- name: Enable dnssec
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSSEC
    value: '{{ "yes" if dns_dnssec else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dnssec

- name: Add search domains
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: Domains
    value: '{{ dns_domains | join(" ") }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Stub listener
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSStubListener
    value: '{{ "yes" if dns_stub_listener else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Reload systemd-resolved
  ansible.builtin.service:
    name: systemd-resolved
    state: restarted
    enabled: true
  when:
    - conf_dns is changed or
      conf_fallbackdns is changed or
      conf_dnssec is changed or
      conf_domains is changed