From f6a8776a6ea58c3fe8f1f14318ad5eb61f596db6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Wed, 15 Jan 2025 23:45:54 +0000
Subject: [PATCH] systemd_resolved: Initial version of role

---
 roles/systemd_resolved/handlers/main.yml      |  5 ++++
 roles/systemd_resolved/tasks/main.yml         | 28 +++++++++++++++++++
 .../systemd_resolved/templates/local.conf.j2  |  4 +++
 3 files changed, 37 insertions(+)
 create mode 100644 roles/systemd_resolved/handlers/main.yml
 create mode 100644 roles/systemd_resolved/tasks/main.yml
 create mode 100644 roles/systemd_resolved/templates/local.conf.j2

diff --git a/roles/systemd_resolved/handlers/main.yml b/roles/systemd_resolved/handlers/main.yml
new file mode 100644
index 0000000..0bbce3d
--- /dev/null
+++ b/roles/systemd_resolved/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart systemd-resolved
+  ansible.builtin.service:
+    name: systemd-resolved
+    state: restarted
diff --git a/roles/systemd_resolved/tasks/main.yml b/roles/systemd_resolved/tasks/main.yml
new file mode 100644
index 0000000..43371a6
--- /dev/null
+++ b/roles/systemd_resolved/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+- name: Install packages
+  ansible.builtin.package:
+    name: systemd-resolved
+    state: installed
+
+- name: Create config directory
+  ansible.builtin.file:
+    path: /etc/systemd/resolved.conf.d
+    state: directory
+    mode: "0755"
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Create config
+  ansible.builtin.template:
+    dest: /etc/systemd/resolved.conf.d/local.conf
+    src: local.conf.j2
+    mode: "0644"
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: Restart systemd-resolved
+
+- name: Enable service
+  ansible.builtin.service:
+    name: systemd-resolved
+    state: started
+    enabled: true
diff --git a/roles/systemd_resolved/templates/local.conf.j2 b/roles/systemd_resolved/templates/local.conf.j2
new file mode 100644
index 0000000..23d7dc6
--- /dev/null
+++ b/roles/systemd_resolved/templates/local.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS={% for addr in network_dns_servers %}{{ addr }}#{{ lookup('community.general.dig', addr + '/PTR')[:-1] }}  {% endfor %}
+
+DNSOverTLS=yes