Disable systemd-resolved stub resolver

This commit is contained in:
Sam A. 2023-05-28 18:46:01 +02:00
parent 95f3ffa79a
commit a1ea47c8b5
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
4 changed files with 27 additions and 4 deletions

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Restart systemd-resolved
ansible.builtin.service:
name: systemd-resolved
state: restarted
- name: Create .env for apt-update-push - name: Create .env for apt-update-push
ansible.builtin.template: ansible.builtin.template:
src: env.j2 src: env.j2
@ -35,4 +40,3 @@
ansible.builtin.service: ansible.builtin.service:
name: sshd name: sshd
state: restarted state: restarted
listen: sshd

View file

@ -8,6 +8,22 @@
community.general.timezone: community.general.timezone:
name: "{{ timezone }}" name: "{{ timezone }}"
- name: Set /etc/resolv.conf symlink
ansible.builtin.file:
path: /etc/resolv.conf
src: /run/systemd/resolve/resolv.conf
owner: root
force: true
state: link
- name: Disable systemd-resolved stub resolver
ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf
regexp: '^#?DNSStubListener='
line: 'DNSStubListener=no'
state: present
notify: Restart systemd-resolved
- name: Upgrade system packages - name: Upgrade system packages
ansible.builtin.apt: ansible.builtin.apt:
update_cache: true update_cache: true

View file

@ -27,3 +27,6 @@
ansible.builtin.import_tasks: disks.yml ansible.builtin.import_tasks: disks.yml
tags: tags:
- reboot - reboot
- name: Flush handlers
ansible.builtin.meta: flush_handlers

View file

@ -6,7 +6,7 @@
regexp: '^#?PubkeyAuthentication ' regexp: '^#?PubkeyAuthentication '
line: PubkeyAuthentication yes line: PubkeyAuthentication yes
state: present state: present
notify: sshd notify: Restart sshd
- name: Disallow SSH login with password - name: Disallow SSH login with password
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -14,7 +14,7 @@
regexp: '^#?PasswordAuthentication ' regexp: '^#?PasswordAuthentication '
line: PasswordAuthentication no line: PasswordAuthentication no
state: present state: present
notify: sshd notify: Restart sshd
- name: Disallow root login over SSH - name: Disallow root login over SSH
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
@ -22,4 +22,4 @@
regexp: '^#?PermitRootLogin ' regexp: '^#?PermitRootLogin '
line: PermitRootLogin no line: PermitRootLogin no
state: present state: present
notify: sshd notify: Restart sshd