Resolver: Use systemd-resolved.

author: Guilhem Moulin <guilhem@fripost.org> 2025-01-28 14:26:18 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2025-01-28 14:26:18 +0100
commit: 20cd6ac5299a725558a85df7c93c34f4a67b15d5 (patch)
tree: f5ed4fc68e9ff8b4e4f44db249285c7e0d5331d8 /roles/common/tasks
parent: bcae4845763a067cafaeb672f173ed810bacb242 (diff)
3 files changed, 41 insertions, 11 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index a6795ba..1dc286e 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -19,6 +19,11 @@
   when: "'webmail' in group_names and 'LDAP_provider' not in group_names"
 - import_tasks: auditd.yml
   tags: auditd
+- import_tasks: resolved.yml
+  tags:
+    - resolv
+    - resolved
+    - dns
 - import_tasks: unbound.yml
   tags:
     - unbound
diff --git a/roles/common/tasks/resolved.yml b/roles/common/tasks/resolved.yml
new file mode 100644
index 0000000..2834eaa
--- /dev/null
+++ b/roles/common/tasks/resolved.yml
@@ -0,0 +1,36 @@
+- name: Install systemd-resolved
+  apt: pkg={{ packages }}
+  vars:
+    packages:
+    - systemd-resolved
+    - libnss-resolve
+    - libnss-myhostname
+
+- name: Create directory /etc/systemd/resolved.conf.d
+  file: path=/etc/systemd/resolved.conf.d
+        state=directory
+        owner=root group=root
+        mode=0755
+
+- name: Configure systemd-resolved
+  template: src=etc/systemd/resolved.conf.d/local.conf.j2
+            dest=/etc/systemd/resolved.conf.d/local.conf
+            owner=root group=root
+            mode=0644
+  notify:
+    - Restart systemd-resolved
+
+- name: Start systemd-resolved
+  service: name=systemd-resolved.service enabled=true state=started
+
+- meta: flush_handlers
+
+- name: Remove resolvconf
+  apt: pkg=resolvconf state=absent purge=yes
+
+- name: Configure /etc/nsswitch.conf
+  lineinfile: "dest=/etc/nsswitch.conf create=no
+               regexp='^(hosts:\\s+).*'
+               line='\\1resolve [!UNAVAIL=return] files myhostname dns'
+               backrefs=true"
+  tags: nsswitch
diff --git a/roles/common/tasks/unbound.yml b/roles/common/tasks/unbound.yml
index b4554ac..dda6769 100644
--- a/roles/common/tasks/unbound.yml
+++ b/roles/common/tasks/unbound.yml
@@ -19,14 +19,3 @@
   when: not r.changed
 
 #- meta: flush_handlers
-
-- name: Use the local DNS server
-  lineinfile: dest=/etc/resolv.conf create=yes
-              regexp='^nameserver\s+127\.0\.0\.1\s*$'
-              line='nameserver 127.0.0.1'
-              insertbefore='^\s*#*?nameserver\s'
-              firstmatch=yes
-  tags:
-    - resolver
-  notify:
-    - Restart Postfix
author	Guilhem Moulin <guilhem@fripost.org>	2025-01-28 14:26:18 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2025-01-28 14:26:18 +0100
commit	20cd6ac5299a725558a85df7c93c34f4a67b15d5 (patch)
tree	f5ed4fc68e9ff8b4e4f44db249285c7e0d5331d8 /roles/common/tasks
parent	bcae4845763a067cafaeb672f173ed810bacb242 (diff)