feat: split and simplify systemd-resolved DNS configuration task

- Disabled systemd-resolved and add static DNS setup
2025-04-07 21:08:45 +08:00 · 2025-04-07 21:08:45 +08:00 · d8ff3a79e2
commit d8ff3a79e2
parent 72e99501a1
2 changed files with 31 additions and 0 deletions
--- a/ansible/playbooks/roles/vhosts/common/tasks/disable-systemd-resolved.yml
+++ b/ansible/playbooks/roles/vhosts/common/tasks/disable-systemd-resolved.yml
@ -0,0 +1,27 @@
+- name: Stop systemd-resolved
+  systemd:
+    name: systemd-resolved
+    state: stopped
+    enabled: no
+
+- name: Remove /etc/resolv.conf if it's a symlink
+  file:
+    path: /etc/resolv.conf
+    state: absent
+    force: true
+
+- name: Create static /etc/resolv.conf
+  copy:
+    dest: /etc/resolv.conf
+    content: |
+      nameserver 8.8.8.8
+      nameserver 1.1.1.1
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Optionally make resolv.conf immutable to prevent changes
+  command: chattr +i /etc/resolv.conf
+  args:
+    warn: false
+  when: make_resolv_conf_immutable | default(false)
--- a/ansible/playbooks/roles/vhosts/common/tasks/main.yml
+++ b/ansible/playbooks/roles/vhosts/common/tasks/main.yml
@ -13,10 +13,14 @@
 - name: Run secure_ssh.sh script
  script: files/secure_ssh.sh

+- name: Disable systemd-resolved and set static DNS
+  include_tasks: disable-systemd-resolved.yml
+
 - name: Install packages
  script: files/install-packages.sh
  when: (ansible_facts['distribution'] == "Ubuntu") or (ansible_facts['distribution'] == "Debian")

+
 #- name: Include GPU Configuration
 #  include_tasks: include_gpu.yaml
 #  when: (ansible_facts['distribution'] == "Ubuntu") or (ansible_facts['distribution'] == "Debian")