From d740b6ab3347c66742e37ff72dfb4cfe30558781 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Thu, 11 Apr 2024 14:51:13 -0400
Subject: [PATCH] remove systemd-resolved, restart docker-compose services

---
 group_vars/all.yml                         | 10 +---
 group_vars/ca.yml                          |  2 +-
 roles/common/files/docker-compose@.service |  7 ++-
 roles/common/tasks/main.yml                | 22 -------
 roles/common/tasks/systemd-resolved.yml    | 70 ----------------------
 5 files changed, 7 insertions(+), 104 deletions(-)
 delete mode 100644 roles/common/tasks/systemd-resolved.yml

diff --git a/group_vars/all.yml b/group_vars/all.yml
index 2f31a50..f844d49 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -4,15 +4,7 @@ nijika_ip: '100.64.0.2'
 
 nameserver_ip: '10.155.0.1'
 
-dns_servers:
-  - "{{ nameserver_ip }}"
-  - '1.1.1.1'
-  - '1.0.0.1'
-dns_dnssec: true
-dns_domains: ["simponic.xyz"]
-dns_stub_listener: false
-
 step_bootstrap_fingerprint: '2de0c420e3b6f9f8e47f325de908b2b2d395d3bc7e49ed9b672ce9be89bea1bf'
 step_bootstrap_ca_url: 'ca.internal.simponic.xyz'
-step_acme_cert_contact: 'elizabeth.hunt@simponic.xyz'
+step_acme_cert_contact: 'elizabeth@simponic.xyz'
 step_ca_port: 5239
diff --git a/group_vars/ca.yml b/group_vars/ca.yml
index 6171512..5bde372 100644
--- a/group_vars/ca.yml
+++ b/group_vars/ca.yml
@@ -1,6 +1,6 @@
 ---
 step_ca_root_password: "{{ lookup('env', 'STEP_CA_ROOT_PASSWORD') }}"
 step_ca_intermediate_password: "{{ lookup('env', 'STEP_CA_INTERMEDIATE_PASSWORD') }}"
-step_ca_dns: "{{ step_bootstrap_ca_url }}, {{ johan_ip }}, {{ nameserver_ip }}"
+step_ca_dns: "{{ nameserver_ip }}, {{ step_bootstrap_ca_url }}"
 step_ca_name: Simponic Internal CA
 step_ca_address: ":{{ step_ca_port }}"
diff --git a/roles/common/files/docker-compose@.service b/roles/common/files/docker-compose@.service
index a0182d4..bc2fbcc 100644
--- a/roles/common/files/docker-compose@.service
+++ b/roles/common/files/docker-compose@.service
@@ -4,10 +4,13 @@ Requires=docker.service
 After=docker.service
 
 [Service]
-Type=oneshot
+Type=simple
+Restart=always
+RestartSec=3
 RemainAfterExit=true
 WorkingDirectory=/etc/docker/compose/%i
-ExecStart=/usr/bin/docker compose up -d --remove-orphans
+ExecStartPre=/usr/bin/docker compose pull
+ExecStart=/usr/bin/docker compose up --detach --remove-orphans
 ExecStop=/usr/bin/docker compose down
 
 [Install]
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 6d2296c..cf29d0d 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -113,25 +113,3 @@
 
 - name: restart fail2ban
   service: name=fail2ban state=restarted enabled=yes
-
-# DNS
-- name: install systemd-resolved
-  apt: name=systemd-resolved state=latest
-
-- name: Check if systemd-resolved config exists
-  ansible.builtin.stat:
-    path: /etc/systemd/resolved.conf
-  register: systemd_resolved_config
-  check_mode: false
-
-- name: Update DNS servers for systemd-resolvd
-  ansible.builtin.include_tasks:
-    file: 'systemd-resolved.yml'
-  when: systemd_resolved_config.stat.exists | bool
-
-- name: Check if systemd-resolved runs
-  ansible.builtin.shell: pgrep systemd-resolve
-  failed_when: false
-  changed_when: false
-  register: systemd_resolved_running
-  check_mode: false
diff --git a/roles/common/tasks/systemd-resolved.yml b/roles/common/tasks/systemd-resolved.yml
deleted file mode 100644
index dbf9742..0000000
--- a/roles/common/tasks/systemd-resolved.yml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-- name: Add DNS servers
-  community.general.ini_file:
-    path: /etc/systemd/resolved.conf
-    section: Resolve
-    option: DNS
-    value: '{{ dns_servers[0] }}'
-    mode: '0644'
-    no_extra_spaces: true
-  register: conf_dns
-  when: dns_servers | length > 0
-
-- name: Add DNS fallback server
-  community.general.ini_file:
-    path: /etc/systemd/resolved.conf
-    section: Resolve
-    option: FallbackDNS
-    value: '{{ dns_servers[1] }}'
-    mode: '0644'
-    no_extra_spaces: true
-  register: conf_fallbackdns
-  when: dns_servers | length > 1
-
-- name: Enable DNSSEC
-  community.general.ini_file:
-    path: /etc/systemd/resolved.conf
-    section: Resolve
-    option: DNSSEC
-    value: '{{ "yes" if dns_dnssec else "no" }}'
-    mode: '0644'
-    no_extra_spaces: true
-  register: conf_dnssec
-
-- name: Add search domains
-  community.general.ini_file:
-    path: /etc/systemd/resolved.conf
-    section: Resolve
-    option: Domains
-    value: '{{ dns_domains | join(" ") }}'
-    mode: '0644'
-    no_extra_spaces: true
-  register: conf_domains
-
-- name: stub listener
-  community.general.ini_file:
-    path: /etc/systemd/resolved.conf
-    section: Resolve
-    option: DNSStubListener
-    value: '{{ "yes" if dns_stub_listener else "no" }}'
-    mode: '0644'
-    no_extra_spaces: true
-  register: conf_domains
-
-- name: Check if systemd-resolve runs
-  ansible.builtin.shell: pgrep systemd-resolve
-  failed_when: false
-  changed_when: false
-  register: systemd_resolved_running
-  check_mode: false
-
-- name: Reload systemd-resolved
-  ansible.builtin.systemd:
-    name: systemd-resolved
-    state: restarted
-  when:
-    - conf_dns is changed or
-      conf_fallbackdns is changed or
-      conf_dnssec is changed or
-      conf_domains is changed
-    - systemd_resolved_running.rc == 0