Commit d364a728 authored by Florian Pritz's avatar Florian Pritz
Browse files

Use unbound for DNS and disable resolved when unbound is used

We don't need resolved and it is sometimes buggy so let's just get rid
of it and use unbound like we do on our mail machines already.

Details: https://kanboard.archlinux.org/public/task/104/7dd7510424e4229247e8e0b90bf43e1553fce86cdf8475b60edc956ed5a8



Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent 744dae84
dns_search_domain: "archlinux.org"
...@@ -2,6 +2,8 @@ ...@@ -2,6 +2,8 @@
configure_network: false configure_network: false
filesystem: "ext4" filesystem: "ext4"
dns_servers: ["127.0.0.1"]
# FIXME: this should probably be configured another way. maybe the # FIXME: this should probably be configured another way. maybe the
# mysql/postgres roles should deploy the credentials themselves # mysql/postgres roles should deploy the credentials themselves
mysql_backup_dir: "/root/backup-mysql" mysql_backup_dir: "/root/backup-mysql"
......
...@@ -10,6 +10,8 @@ ipv4_gateway: "89.238.67.1" ...@@ -10,6 +10,8 @@ ipv4_gateway: "89.238.67.1"
ipv6_gateway: "2a00:1828:2000:547::1" ipv6_gateway: "2a00:1828:2000:547::1"
filesystem: ext4 filesystem: ext4
dns_servers: ["127.0.0.1"]
archweb_rsync_iso_origin: 'repos.archlinux.org::kitchensink_tier1/iso/' archweb_rsync_iso_origin: 'repos.archlinux.org::kitchensink_tier1/iso/'
archweb_server_email: 'archweb-dev@archlinux.org' archweb_server_email: 'archweb-dev@archlinux.org'
archweb_domain: 'archweb-dev.archlinux.org' archweb_domain: 'archweb-dev.archlinux.org'
......
...@@ -11,6 +11,8 @@ tcp_congestion_control: "bbr" ...@@ -11,6 +11,8 @@ tcp_congestion_control: "bbr"
filesystem: btrfs filesystem: btrfs
postgres_backup_dir: "/var/lib/postgres/backup" postgres_backup_dir: "/var/lib/postgres/backup"
dns_servers: ["127.0.0.1"]
zabbix_agent_templates: zabbix_agent_templates:
- Template OS Linux - Template OS Linux
- Template App Borg Backup - Template App Borg Backup
......
...@@ -9,6 +9,8 @@ ipv4_gateway: "5.9.158.161" ...@@ -9,6 +9,8 @@ ipv4_gateway: "5.9.158.161"
ipv6_gateway: "fe80::1" ipv6_gateway: "fe80::1"
filesystem: ext4 filesystem: ext4
dns_servers: ["127.0.0.1"]
zabbix_agent_templates: zabbix_agent_templates:
- Template OS Linux - Template OS Linux
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] } - { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] } - { role: tools, tags: ['tools'] }
- { role: firewalld, tags: ['firewall'] } - { role: firewalld, tags: ['firewall'] }
- { role: unbound }
# reconfiguring sshd may break the AUR on luna (unchecked) # reconfiguring sshd may break the AUR on luna (unchecked)
#- { role: sshd, tags: ['sshd'] } #- { role: sshd, tags: ['sshd'] }
- { role: root_ssh, tags: ['root_ssh'] } - { role: root_ssh, tags: ['root_ssh'] }
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] } - { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] } - { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] } - { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] } - { role: root_ssh, tags: ['root_ssh'] }
- { role: nginx, tags: ["nginx"] } - { role: nginx, tags: ["nginx"] }
- { role: postgres, postgres_max_connections: 1000, postgres_shared_buffers: 4096MB, - { role: postgres, postgres_max_connections: 1000, postgres_shared_buffers: 4096MB,
......
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
- { role: common } - { role: common }
- { role: tools } - { role: tools }
- { role: sshd } - { role: sshd }
- { role: unbound }
- { role: root_ssh } - { role: root_ssh }
- { role: archusers } - { role: archusers }
- { role: nginx } - { role: nginx }
......
...@@ -7,6 +7,7 @@ ...@@ -7,6 +7,7 @@
- { role: common, tags: ['common'] } - { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] } - { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] } - { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] } - { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-client, tags: ['borg'] } - { role: borg-client, tags: ['borg'] }
- { role: opendkim, dkim_selector: soyuz, tags: ['mail'] } - { role: opendkim, dkim_selector: soyuz, tags: ['mail'] }
......
...@@ -7,5 +7,6 @@ ...@@ -7,5 +7,6 @@
- { role: common, tags: ['common'] } - { role: common, tags: ['common'] }
- { role: tools, tags: ['tools'] } - { role: tools, tags: ['tools'] }
- { role: sshd, tags: ['sshd'] } - { role: sshd, tags: ['sshd'] }
- { role: unbound }
- { role: root_ssh, tags: ['root_ssh'] } - { role: root_ssh, tags: ['root_ssh'] }
- { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg-clients']}}", tags: ["borg"] } - { role: borg-server, backup_dir: "/backup", backup_clients: "{{groups['borg-clients']}}", tags: ["borg"] }
...@@ -40,14 +40,18 @@ ...@@ -40,14 +40,18 @@
- name: create symlink to resolv.conf - name: create symlink to resolv.conf
file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes file: src=/run/systemd/resolve/stub-resolv.conf dest=/etc/resolv.conf state=link force=yes
when: configure_network when: configure_network and not (dns_servers|length == 1 and "127.0.0.1" in dns_servers)
- name: create resolv.conf
template: src=resolv.conf.j2 dest=/etc/resolv.conf owner=root group=root mode=0644
when: configure_network and (dns_servers|length == 1 and "127.0.0.1" in dns_servers)
- name: start networkd - name: start networkd
service: name=systemd-networkd state=started enabled=yes service: name=systemd-networkd state=started enabled=yes
when: configure_network when: configure_network
- name: start resolved - name: start resolved
service: name=systemd-resolved state=started enabled=yes service: name=systemd-resolved state={{"stopped" if dns_servers|length == 1 and "127.0.0.1" in dns_servers else "started"}} enabled={{"no" if dns_servers|length == 1 and "127.0.0.1" in dns_servers else "yes"}}
when: configure_network when: configure_network
- name: configure default qdisc - name: configure default qdisc
......
{% for server in dns_servers %}
nameserver {{server}}
{% endfor %}
search {{dns_search_domain}}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment