Punt the global configuration of systemd-resolved on campus.

The WireGuard™ tunnels are getting it done using resolvectl.

diff --git a/README.org b/README.org
index 3f234aae406c56df0a1ad3df9fb0c2637e0f1992..d2684293a002ba9b2e40bdc3186c596d156b539b 100644 (file)
--- a/README.org
+++ b/README.org
@@ -5001,44 +5001,6 @@ Clients should be using the expected host name.
   when: inventory_hostname != ansible_hostname
 #+END_SRC
 
-** Configure Systemd Resolved
-
-Campus machines use the campus name server on Core (or ~dns.google~),
-and include the institute's private domain in their search lists.
-
-#+CAPTION: [[file:roles_t/campus/tasks/main.yml][=roles_t/campus/tasks/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/campus/tasks/main.yml
-
-- name: Configure resolved.
-  become: yes
-  lineinfile:
-    path: /etc/systemd/resolved.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  loop:
-  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
-  - { regexp: '^ *FallbackDNS *=', line: "FallbackDNS=8.8.8.8" }
-  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
-  notify:
-  - Reload Systemd.
-  - Restart Systemd resolved.
-#+END_SRC
-
-#+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/campus/handlers/main.yml :mkdirp yes
----
-- name: Reload Systemd.
-  become: yes
-  systemd:
-    daemon-reload: yes
-
-- name: Restart Systemd resolved.
-  become: yes
-  systemd:
-    service: systemd-resolved
-    state: restarted
-#+END_SRC
-
 ** Configure Systemd Timesyncd
 
 The institute uses a common time reference throughout the campus.
@@ -5058,7 +5020,7 @@ and file timestamps.
 
 #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/campus/handlers/main.yml
-
+---
 - name: Restart systemd-timesyncd.
   become: yes
   systemd:

diff --git a/roles_t/campus/handlers/main.yml b/roles_t/campus/handlers/main.yml
index e569fd64bfc45f50d227cface9bbbc662e1b1cc9..be1797fc558968a811f4dc101adbcfc9e6d5952a 100644 (file)
--- a/roles_t/campus/handlers/main.yml
+++ b/roles_t/campus/handlers/main.yml
@@ -1,15 +1,4 @@
 ---
-- name: Reload Systemd.
-  become: yes
-  systemd:
-    daemon-reload: yes
-
-- name: Restart Systemd resolved.
-  become: yes
-  systemd:
-    service: systemd-resolved
-    state: restarted
-
 - name: Restart systemd-timesyncd.
   become: yes
   systemd:

diff --git a/roles_t/campus/tasks/main.yml b/roles_t/campus/tasks/main.yml
index b658343e08cb14ac320df68ff26e2f3dcd66f46c..2290779dedc67feeacc748433ba0153802277f08 100644 (file)
--- a/roles_t/campus/tasks/main.yml
+++ b/roles_t/campus/tasks/main.yml
@@ -20,20 +20,6 @@
   command: hostname -F /etc/hostname
   when: inventory_hostname != ansible_hostname
 
-- name: Configure resolved.
-  become: yes
-  lineinfile:
-    path: /etc/systemd/resolved.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  loop:
-  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
-  - { regexp: '^ *FallbackDNS *=', line: "FallbackDNS=8.8.8.8" }
-  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
-  notify:
-  - Reload Systemd.
-  - Restart Systemd resolved.
-
 - name: Configure timesyncd.
   become: yes
   lineinfile: