infra/roles/common/tasks/systemd-resolved.yml

---
- name: Add DNS servers
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNS
    value: '{{ dns_servers[0] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dns
  when: dns_servers | length > 0

- name: Add DNS fallback server
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: FallbackDNS
    value: '{{ dns_servers[1] }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_fallbackdns
  when: dns_servers | length > 1

- name: Enable DNSSEC
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: DNSSEC
    value: '{{ "yes" if dns_dnssec else "no" }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_dnssec

- name: Add search domains
  community.general.ini_file:
    path: /etc/systemd/resolved.conf
    section: Resolve
    option: Domains
    value: '{{ dns_domains | join(" ") }}'
    mode: '0644'
    no_extra_spaces: true
  register: conf_domains

- name: Check if network manager runs
  ansible.builtin.shell: pgrep systemd-resolve
  failed_when: false
  changed_when: false
  register: systemd_resolved_running
  check_mode: false

- name: Reload systemd-resolved
  ansible.builtin.systemd:
    name: systemd-resolved
    state: restarted
  when:
    - conf_dns is changed or
      conf_fallbackdns is changed or
      conf_dnssec is changed or
      conf_domains is changed
    - systemd_resolved_running.rc == 0
initial common setup 2024-01-01 00:36:31 -05:00			`---`
			`- name: Add DNS servers`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: DNS`
			`value: '{{ dns_servers[0] }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_dns`
			`when: dns_servers \| length > 0`

			`- name: Add DNS fallback server`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: FallbackDNS`
			`value: '{{ dns_servers[1] }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_fallbackdns`
			`when: dns_servers \| length > 1`

			`- name: Enable DNSSEC`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: DNSSEC`
			`value: '{{ "yes" if dns_dnssec else "no" }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_dnssec`

			`- name: Add search domains`
			`community.general.ini_file:`
			`path: /etc/systemd/resolved.conf`
			`section: Resolve`
			`option: Domains`
			`value: '{{ dns_domains \| join(" ") }}'`
			`mode: '0644'`
			`no_extra_spaces: true`
			`register: conf_domains`

			`- name: Check if network manager runs`
			`ansible.builtin.shell: pgrep systemd-resolve`
			`failed_when: false`
			`changed_when: false`
			`register: systemd_resolved_running`
			`check_mode: false`

			`- name: Reload systemd-resolved`
			`ansible.builtin.systemd:`
			`name: systemd-resolved`
			`state: restarted`
			`when:`
			`- conf_dns is changed or`
			`conf_fallbackdns is changed or`
			`conf_dnssec is changed or`
			`conf_domains is changed`
			`- systemd_resolved_running.rc == 0`