deactivate systemd-resolved

and replaced paths with global vars
2022-03-24 11:50:54 +01:00
parent 6b974c5633
commit 45652aebe3
12 changed files with 57 additions and 21 deletions
--- a/roles/nameserver/tasks/configure_bind_snmpd.yml
+++ b/roles/nameserver/tasks/configure_bind_snmpd.yml
@@ -28,16 +28,16 @@

 - name: nameserver | snmpd | configure named for statistics
  lineinfile:
-    path: "/etc/bind/named.conf.options" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
+    path: "{{ named_conf_options }}" # required. The file to modify. Before Ansible 2.3 this option was only usable as I(dest), I(destfile) and I(name).
    state: present
    line: 'statistics-file "/var/cache/bind/stats"; zone-statistics yes;'
-    insertafter: "options {"
+    insertbefore: "};"
    validate: /usr/sbin/named-checkconf %s
  notify: restart_named

 - name: nameserver | snmpd | configure extend
  lineinfile:
-    path: "/etc/snmp/snmpd.conf"
+    path: "{{ snmpd_conf }}"
    state: present
    line: "extend bind /etc/snmp/bind"
    insertafter: "# SECTION: Extends"
--- a/roles/nameserver/tasks/configure_unbound_snmpd.yml
+++ b/roles/nameserver/tasks/configure_unbound_snmpd.yml
@@ -8,7 +8,7 @@

 - name: nameserver | snmpd | configure extend
  lineinfile:
-    path: "/etc/snmp/snmpd.conf"
+    path: "{{ snmpd_conf }}"
    state: present
    line: "extend unbound /usr/bin/sudo /etc/snmp/unbound"
    insertafter: "# SECTION: Extends"
--- a/roles/nameserver/tasks/disable-systemd-resolved.yml
+++ b/roles/nameserver/tasks/disable-systemd-resolved.yml
@@ -0,0 +1,22 @@
+- name: nameserver | systemd-resolved | edit config
+  lineinfile:
+    path: "/etc/systemd/resolved.conf"
+    regexp: "^.*DNSStubListener=.*$"
+    state: present
+    line: "DNSStubListener=no"
+
+- name: nameserver | systemd-resolved | stop and disable service
+  service:
+    name: "systemd-resolved"
+    state: stopped
+    enabled: false
+
+- name: nameserver | systemd-resolved | remove /etc/resolv.conf (symlink)
+  file:
+    path: "/etc/resolv.conf"
+    state: absent
+
+- name: nameserver | systemd-resolved | create new /etc/resolv.conf
+  copy:
+    dest: "/etc/resolv.conf"
+    content: nameserver 127.0.0.1
--- a/roles/nameserver/tasks/install_unbound.yml
+++ b/roles/nameserver/tasks/install_unbound.yml
@@ -10,4 +10,5 @@
    mode: "0644"
    owner: "root"
    group: "root"
+    verify: "unbound-checkconf /etc/unbound/unbound.conf.d/network.conf"
  notify: restart_unbound
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -3,14 +3,11 @@
  tags: always

 - block:
-  - debug:
-      msg: Debug
+  - name: nameserver | unbound | disable systemd-resolved
+    include_tasks: disable-systemd-resolved.yml
+    when: bind == true or unbound == true

-  # # import role
-  # - import_role:
-  #     name:  # required. The name of the role to be executed.
  - block:
-    # install software
    - include_tasks: install_bind.yml
    - include_tasks: configure_bind_snmpd.yml
    rescue: