Disable systemd-resolved stub resolver

This commit is contained in:
Sam A. 2023-05-28 18:46:01 +02:00
parent 95f3ffa79a
commit a1ea47c8b5
Signed by: samsapti
GPG Key ID: CBBBE7371E81C4EA
4 changed files with 27 additions and 4 deletions

View File

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible
---
- name: Restart systemd-resolved
ansible.builtin.service:
name: systemd-resolved
state: restarted
- name: Create .env for apt-update-push
ansible.builtin.template:
src: env.j2
@ -35,4 +40,3 @@
ansible.builtin.service:
name: sshd
state: restarted
listen: sshd

View File

@ -8,6 +8,22 @@
community.general.timezone:
name: "{{ timezone }}"
- name: Set /etc/resolv.conf symlink
ansible.builtin.file:
path: /etc/resolv.conf
src: /run/systemd/resolve/resolv.conf
owner: root
force: true
state: link
- name: Disable systemd-resolved stub resolver
ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf
regexp: '^#?DNSStubListener='
line: 'DNSStubListener=no'
state: present
notify: Restart systemd-resolved
- name: Upgrade system packages
ansible.builtin.apt:
update_cache: true

View File

@ -27,3 +27,6 @@
ansible.builtin.import_tasks: disks.yml
tags:
- reboot
- name: Flush handlers
ansible.builtin.meta: flush_handlers

View File

@ -6,7 +6,7 @@
regexp: '^#?PubkeyAuthentication '
line: PubkeyAuthentication yes
state: present
notify: sshd
notify: Restart sshd
- name: Disallow SSH login with password
ansible.builtin.lineinfile:
@ -14,7 +14,7 @@
regexp: '^#?PasswordAuthentication '
line: PasswordAuthentication no
state: present
notify: sshd
notify: Restart sshd
- name: Disallow root login over SSH
ansible.builtin.lineinfile:
@ -22,4 +22,4 @@
regexp: '^#?PermitRootLogin '
line: PermitRootLogin no
state: present
notify: sshd
notify: Restart sshd