From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Sat, 14 Jun 2025 23:43:48 +0000 (-0600)
Subject: Punt the global configuration of systemd-resolved on campus.
X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=9f244c20210b7311f812ebdb0779ad27dc964147;p=Institute

Punt the global configuration of systemd-resolved on campus.

The WireGuard™ tunnels are getting it done using resolvectl.
---

diff --git a/README.org b/README.org
index 3f234aa..d268429 100644
--- a/README.org
+++ b/README.org
@@ -5001,44 +5001,6 @@ Clients should be using the expected host name.
   when: inventory_hostname != ansible_hostname
 #+END_SRC
 
-** Configure Systemd Resolved
-
-Campus machines use the campus name server on Core (or ~dns.google~),
-and include the institute's private domain in their search lists.
-
-#+CAPTION: [[file:roles_t/campus/tasks/main.yml][=roles_t/campus/tasks/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/campus/tasks/main.yml
-
-- name: Configure resolved.
-  become: yes
-  lineinfile:
-    path: /etc/systemd/resolved.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  loop:
-  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
-  - { regexp: '^ *FallbackDNS *=', line: "FallbackDNS=8.8.8.8" }
-  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
-  notify:
-  - Reload Systemd.
-  - Restart Systemd resolved.
-#+END_SRC
-
-#+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
-#+BEGIN_SRC conf :tangle roles_t/campus/handlers/main.yml :mkdirp yes
----
-- name: Reload Systemd.
-  become: yes
-  systemd:
-    daemon-reload: yes
-
-- name: Restart Systemd resolved.
-  become: yes
-  systemd:
-    service: systemd-resolved
-    state: restarted
-#+END_SRC
-
 ** Configure Systemd Timesyncd
 
 The institute uses a common time reference throughout the campus.
@@ -5058,7 +5020,7 @@ and file timestamps.
 
 #+CAPTION: [[file:roles_t/campus/handlers/main.yml][=roles_t/campus/handlers/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/campus/handlers/main.yml
-
+---
 - name: Restart systemd-timesyncd.
   become: yes
   systemd:
diff --git a/roles_t/campus/handlers/main.yml b/roles_t/campus/handlers/main.yml
index e569fd6..be1797f 100644
--- a/roles_t/campus/handlers/main.yml
+++ b/roles_t/campus/handlers/main.yml
@@ -1,15 +1,4 @@
 ---
-- name: Reload Systemd.
-  become: yes
-  systemd:
-    daemon-reload: yes
-
-- name: Restart Systemd resolved.
-  become: yes
-  systemd:
-    service: systemd-resolved
-    state: restarted
-
 - name: Restart systemd-timesyncd.
   become: yes
   systemd:
diff --git a/roles_t/campus/tasks/main.yml b/roles_t/campus/tasks/main.yml
index b658343..2290779 100644
--- a/roles_t/campus/tasks/main.yml
+++ b/roles_t/campus/tasks/main.yml
@@ -20,20 +20,6 @@
   command: hostname -F /etc/hostname
   when: inventory_hostname != ansible_hostname
 
-- name: Configure resolved.
-  become: yes
-  lineinfile:
-    path: /etc/systemd/resolved.conf
-    regexp: "{{ item.regexp }}"
-    line: "{{ item.line }}"
-  loop:
-  - { regexp: '^ *DNS *=', line: "DNS={{ core_addr }}" }
-  - { regexp: '^ *FallbackDNS *=', line: "FallbackDNS=8.8.8.8" }
-  - { regexp: '^ *Domains *=', line: "Domains={{ domain_priv }}" }
-  notify:
-  - Reload Systemd.
-  - Restart Systemd resolved.
-
 - name: Configure timesyncd.
   become: yes
   lineinfile: