From: Matt Birkholz Date: Fri, 21 Nov 2025 20:39:12 +0000 (-0700) Subject: Configure Gate systemd-resolved to serve the wild Ethernet. X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=8c77f9655eaeee5a217fd6674b1f80d9b77ae4f5;p=Institute.git Configure Gate systemd-resolved to serve the wild Ethernet. --- diff --git a/README.org b/README.org index bf253a3..28f12fc 100644 --- a/README.org +++ b/README.org @@ -4972,6 +4972,49 @@ UseMTU=true UseDNS=false #+END_SRC + +** Configure Gate ResolveD + +Gate provides name service on the wild Ethernet by having its "stub +listener" listen there. That stub should not read =/etc/hosts= lest +~gate~ resolve to ~127.0.1.1~, nonsense to the wild. + +#+CAPTION: [[file:roles_t/gate/tasks/main.yml][=roles_t/gate/tasks/main.yml=]] +#+BEGIN_SRC conf :tangle roles_t/gate/tasks/main.yml + +- name: Configure resolved. + become: yes + lineinfile: + path: /etc/systemd/resolved.conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - regexp: '^ *DNSStubListenerExtra *=' + line: "DNSStubListenerExtra={{ gate_wild_addr }}" + - regexp: '^ *ReadEtcHosts *=' + line: "ReadEtcHosts=no" + notify: + - Reload Systemd. + - Restart Systemd resolved. +#+END_SRC + +#+CAPTION: [[file:roles_t/gate/handlers/main.yml][=roles_t/gate/handlers/main.yml=]] +#+BEGIN_SRC conf :tangle roles_t/gate/handlers/main.yml + +- name: Reload Systemd. + become: yes + systemd: + daemon-reload: yes + tags: actualizer + +- name: Restart Systemd resolved. + become: yes + systemd: + service: systemd-resolved + state: restarted + tags: actualizer +#+END_SRC + ** UFW Rules Gate uses the Uncomplicated FireWall (UFW) to install its packet diff --git a/roles_t/gate/handlers/main.yml b/roles_t/gate/handlers/main.yml index 6e8eeb8..2ecd80c 100644 --- a/roles_t/gate/handlers/main.yml +++ b/roles_t/gate/handlers/main.yml @@ -4,6 +4,19 @@ command: networkctl reload tags: actualizer +- name: Reload Systemd. + become: yes + systemd: + daemon-reload: yes + tags: actualizer + +- name: Restart Systemd resolved. + become: yes + systemd: + service: systemd-resolved + state: restarted + tags: actualizer + - name: Restart WireGuard™. become: yes systemd: diff --git a/roles_t/gate/tasks/main.yml b/roles_t/gate/tasks/main.yml index ea14e23..f35cfed 100644 --- a/roles_t/gate/tasks/main.yml +++ b/roles_t/gate/tasks/main.yml @@ -78,6 +78,21 @@ force: no notify: Reload networkd. +- name: Configure resolved. + become: yes + lineinfile: + path: /etc/systemd/resolved.conf + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + loop: + - regexp: '^ *DNSStubListenerExtra *=' + line: "DNSStubListenerExtra={{ gate_wild_addr }}" + - regexp: '^ *ReadEtcHosts *=' + line: "ReadEtcHosts=no" + notify: + - Reload Systemd. + - Restart Systemd resolved. + - name: Install UFW. become: yes apt: pkg=ufw