Commit d364a728 authored by Florian Pritz's avatar Florian Pritz
Browse files

Use unbound for DNS and disable resolved when unbound is used

We don't need resolved and it is sometimes buggy so let's just get rid
of it and use unbound like we do on our mail machines already.

Details: https://kanboard.archlinux.org/public/task/104/7dd7510424e4229247e8e0b90bf43e1553fce86cdf8475b60edc956ed5a8

Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent 744dae84
dns_search_domain: "archlinux.org"
......@@ -2,6 +2,8 @@
configure_network: false
filesystem: "ext4"
dns_servers: ["127.0.0.1"]
# FIXME: this should probably be configured another way. maybe the
# mysql/postgres roles should deploy the credentials themselves
mysql_backup_dir: "/root/backup-mysql"
......
......@@ -10,6 +10,8 @@ ipv4_gateway: "89.238.67.1"
ipv6_gateway: "2a00:1828:2000:547::1"
filesystem: ext4
dns_servers: ["127.0.0.1"]
archweb_rsync_iso_origin: 'repos.archlinux.org::kitchensink_tier1/iso/'
archweb_server_email: 'archweb-dev@archlinux.org'
archweb_domain: 'archweb-dev.archlinux.org'
......
......@@ -11,6 +11,8 @@ tcp_congestion_control: "bbr"
filesystem: btrfs
postgres_backup_dir: "/var/lib/postgres/backup"
dns_servers: ["127.0.0.1"]
zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
......
......@@ -9,6 +9,8 @@ ipv4_gateway: "5.9.158.161"
ipv6_gateway: "fe80::1"
filesystem: ext4
dns_servers: ["127.0.0.1"]
zabbix_agent_templates:
- Template OS Linux
......
......@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: firewalld, tags: ['firewall'] }
- { role: unbound }
# reconfiguring sshd may break the AUR on luna (unchecked)
#- { role: sshd, tags: ['sshd'] }
- { role: root_ssh, tags: ['root_ssh'] }
......
......@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: nginx, tags: ["nginx"] }
- { role: postgres, postgres_max_connections: 1000, postgres_shared_buffers: 4096MB,
......
......@@ -6,6 +6,7 @@
- { role: common }
- { role: tools }
- { role: sshd }
- { role: unbound }
- { role: root_ssh }
- { role: archusers }
- { role: nginx }
......
......@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-client, tags: ['borg'] }
- { role: opendkim, dkim_selector: soyuz, tags: ['mail'] }
......
......@@ -7,5 +7,6 @@
- { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg-clients']}}", tags: ["borg"] }
......@@ -40,14 +40,18 @@
- name: create symlink to resolv.conf
file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes
when: configure_network
when: configure_network and not (dns_servers|length == 1 and "127.0.0.1" in dns_servers)
- name: create resolv.conf
template: src=resolv.conf.j2 dest=/etc/resolv.conf owner=root group=root mode=0644
when: configure_network and (dns_servers|length == 1 and "127.0.0.1" in dns_servers)
- name: start networkd
service: name=systemd-networkd state=started enabled=yes
when: configure_network
- name: start resolved
service: name=systemd-resolved state=started enabled=yes
service: name=systemd-resolved state={{"stopped" if dns_servers|length == 1 and "127.0.0.1" in dns_servers else "started"}} enabled={{"no" if dns_servers|length == 1 and "127.0.0.1" in dns_servers else "yes"}}
when: configure_network
- name: configure default qdisc
......
{% for server in dns_servers %}
nameserver {{server}}
{% endfor %}
search {{dns_search_domain}}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment