8799e6c062
All checks were successful
Gitea Actions Demo / Explore-Gitea-Actions (push) Successful in 0s
56 lines
2.0 KiB
YAML
56 lines
2.0 KiB
YAML
---
|
||
- name: make resolv.conf work fine
|
||
hosts: all
|
||
become: yes
|
||
tasks:
|
||
- name: Install the packages versions
|
||
ansible.builtin.package:
|
||
name:
|
||
- systemd-resolved
|
||
state: present
|
||
- name: Ensure system CA certificates are up to date
|
||
ansible.builtin.package:
|
||
name: ca-certificates
|
||
state: latest
|
||
- name: Make small file
|
||
register: systemd_resolved_conf
|
||
copy:
|
||
dest: "/etc/systemd/resolved.conf"
|
||
content: |
|
||
[Resolve]
|
||
# Направляем основной трафик на VIP keepalived и привязываем к домену серта
|
||
DNS=192.168.0.88#buenos-dias.guaranteedstruggle.host
|
||
|
||
# В фолбэки шлём прямые IP нод ns1 и ns2 на случай, если сам keepalived моргнёт
|
||
FallbackDNS=192.168.0.86#buenos-dias.guaranteedstruggle.host 192.168.0.87#buenos-dias.guaranteedstruggle.host 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google
|
||
|
||
# Ваши локальные домены (БЕЗ ЗАПЯТЫХ! Строго через пробел)
|
||
Domains=guaranteedstruggle.host just-for-me.internal
|
||
|
||
# Включаем DoT в строгом (strict) режиме для защиты от утечек
|
||
DNSOverTLS=strict
|
||
DNSStubListener=yes
|
||
|
||
|
||
- name: Make fix for resolv-conf rewriting
|
||
copy:
|
||
dest: "/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate"
|
||
content: |
|
||
#!/bin/sh
|
||
make_resolv_conf(){
|
||
:
|
||
}
|
||
mode: +x
|
||
|
||
- name: restart service
|
||
service:
|
||
name: systemd-resolved
|
||
state: restarted
|
||
#when: systemd_resolved_conf.changed
|
||
|
||
- name: Force link /etc/resolv.conf to systemd-resolved stub
|
||
ansible.builtin.file:
|
||
src: /run/systemd/resolve/stub-resolv.conf
|
||
dest: /etc/resolv.conf
|
||
state: link
|
||
force: yes # перебьет файл, созданный Proxmox |