UseDNS=false
#+END_SRC
+
+** Configure Gate ResolveD
+
+Gate provides name service on the wild Ethernet by having its "stub
+listener" listen there. That stub should not read =/etc/hosts= lest
+~gate~ resolve to ~127.0.1.1~, nonsense to the wild.
+
+#+CAPTION: [[file:roles_t/gate/tasks/main.yml][=roles_t/gate/tasks/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/gate/tasks/main.yml
+
+- name: Configure resolved.
+ become: yes
+ lineinfile:
+ path: /etc/systemd/resolved.conf
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ loop:
+ - regexp: '^ *DNSStubListenerExtra *='
+ line: "DNSStubListenerExtra={{ gate_wild_addr }}"
+ - regexp: '^ *ReadEtcHosts *='
+ line: "ReadEtcHosts=no"
+ notify:
+ - Reload Systemd.
+ - Restart Systemd resolved.
+#+END_SRC
+
+#+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]]
+#+BEGIN_SRC conf :tangle roles_t/gate/handlers/main.yml
+
+- name: Reload Systemd.
+ become: yes
+ systemd:
+ daemon-reload: yes
+ tags: actualizer
+
+- name: Restart Systemd resolved.
+ become: yes
+ systemd:
+ service: systemd-resolved
+ state: restarted
+ tags: actualizer
+#+END_SRC
+
** UFW Rules
Gate uses the Uncomplicated FireWall (UFW) to install its packet
command: networkctl reload
tags: actualizer
+- name: Reload Systemd.
+ become: yes
+ systemd:
+ daemon-reload: yes
+ tags: actualizer
+
+- name: Restart Systemd resolved.
+ become: yes
+ systemd:
+ service: systemd-resolved
+ state: restarted
+ tags: actualizer
+
- name: Restart WireGuard™.
become: yes
systemd:
force: no
notify: Reload networkd.
+- name: Configure resolved.
+ become: yes
+ lineinfile:
+ path: /etc/systemd/resolved.conf
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ loop:
+ - regexp: '^ *DNSStubListenerExtra *='
+ line: "DNSStubListenerExtra={{ gate_wild_addr }}"
+ - regexp: '^ *ReadEtcHosts *='
+ line: "ReadEtcHosts=no"
+ notify:
+ - Reload Systemd.
+ - Restart Systemd resolved.
+
- name: Install UFW.
become: yes
apt: pkg=ufw
projects / Institute / commitdiff