From 6c4f215b3c8dccf9b22dd3d8860cb2b9fbe97aa9 Mon Sep 17 00:00:00 2001
From: "Jan Alexander Steffens (heftig)" <heftig@archlinux.org>
Date: Sun, 15 Aug 2021 00:39:22 +0200
Subject: [PATCH] matrix.archlinux.org: Configure static DNS via networking
 role

Hetzner DNS has been delaying many responses for 5 seconds, causing
outgoing federation work to pile up, almost running into OOM before we
noticed.

I don't know if were being throttled because federation makes a *lot* of
requests. Anyway, using Cloudflare DNS seems to solve it.

Enable DNSOverTLS for this because we can.
---
 host_vars/matrix.archlinux.org/misc |  1 +
 roles/networking/files/dns.conf     | 15 +++++++++++++
 roles/networking/tasks/main.yml     | 34 ++++++++++++++++++++++++-----
 3 files changed, 44 insertions(+), 6 deletions(-)
 create mode 100644 roles/networking/files/dns.conf

diff --git a/host_vars/matrix.archlinux.org/misc b/host_vars/matrix.archlinux.org/misc
index 3c34f78d5..e001c817a 100644
--- a/host_vars/matrix.archlinux.org/misc
+++ b/host_vars/matrix.archlinux.org/misc
@@ -1,4 +1,5 @@
 ---
 filesystem: btrfs
+static_dns: true
 wireguard_address: 10.0.0.15
 wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=
diff --git a/roles/networking/files/dns.conf b/roles/networking/files/dns.conf
new file mode 100644
index 000000000..e2f8b9b21
--- /dev/null
+++ b/roles/networking/files/dns.conf
@@ -0,0 +1,15 @@
+[DHCPv4]
+UseDNS=false
+
+[DHCPv6]
+UseDNS=false
+
+[IPv6AcceptRA]
+UseDNS=false
+
+[Network]
+DNS=2606:4700:4700::1111#1dot1dot1dot1.cloudflare-dns.com
+DNS=2606:4700:4700::1001#1dot1dot1dot1.cloudflare-dns.com
+DNS=1.1.1.1#1dot1dot1dot1.cloudflare-dns.com
+DNS=1.0.0.1#1dot1dot1dot1.cloudflare-dns.com
+DNSOverTLS=true
diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml
index 843f1a8cf..3c38f1c45 100644
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@@ -1,14 +1,36 @@
 ---
 - name: configure network (static)
-  template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
-  notify:
-    - restart networkd
+  block:
+    - name: install 10-static-ethernet.network
+      template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
+      notify:
+        - restart networkd
+
+    - name: create drop-in directory for 10-static-ethernet.network
+      file: path=/etc/systemd/network/10-static-ethernet.network.d state=directory owner=root group=root mode=0755
+
+    - name: configure static dns (static)
+      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network.d/dns.conf owner=root group=root mode=0644
+      notify:
+        - restart networkd
+      when: static_dns|default(false)
   when: not dhcp|default(false)
 
 - name: configure network (dhcp)
-  template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
-  notify:
-    - restart networkd
+  block:
+    - name: install 10-dhcp-ethernet.network
+      template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
+      notify:
+        - restart networkd
+
+    - name: create drop-in directory for 10-dhcp-ethernet.network
+      file: path=/etc/systemd/network/10-dhcp-ethernet.network.d state=directory owner=root group=root mode=0755
+
+    - name: configure static dns (dhcp)
+      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network.d/dns.conf owner=root group=root mode=0644
+      notify:
+        - restart networkd
+      when: static_dns|default(false)
   when: dhcp|default(false)
 
 - name: create symlink to resolv.conf
-- 
GitLab