Improve dns configs

This commit is contained in:
Tobias Reisinger 2024-10-31 22:05:04 +01:00
parent 428de8040a
commit f817305718
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
5 changed files with 69 additions and 30 deletions

View file

@ -23,5 +23,5 @@ acme_dns_compose:
services: services:
app: app:
ports: ports:
- "53:53" - "{{ ansible_default_ipv4.address }}:53:53"
- 53:53/udp - "{{ ansible_default_ipv4.address }}:53:53/udp"

View file

@ -9,6 +9,8 @@ dokku_svc:
extra_svcs: extra_svcs:
- domain: serguzim.me - domain: serguzim.me
www_domain: true www_domain: true
caddy_extra: |
import analytics
hsts: true hsts: true
docker_host: host.docker.internal docker_host: host.docker.internal
port: 3080 port: 3080

View file

@ -5,11 +5,6 @@
update_cache: true update_cache: true
become: true become: true
- name: Install docker
ansible.builtin.import_tasks: docker.yml
- name: Install docker rclone plugin
ansible.builtin.import_tasks: docker-rclone-plugin.yml
- name: Install jq and bzip2 - name: Install jq and bzip2
ansible.builtin.apt: ansible.builtin.apt:
pkg: pkg:
@ -19,26 +14,11 @@
update_cache: true update_cache: true
become: true become: true
- name: Check if autorestic is installed - name: Install docker
ansible.builtin.stat: ansible.builtin.import_tasks: docker.yml
path: /usr/local/bin/autorestic - name: Install docker rclone plugin
register: autorestic_status ansible.builtin.import_tasks: docker-rclone-plugin.yml
- name: Install (auto-)restic
- name: Install autorestic ansible.builtin.import_tasks: restic.yml
ansible.builtin.shell: - name: Install systemd-resolved
executable: /usr/bin/bash ansible.builtin.import_tasks: systemd-resolved.yml
cmd: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
when: not autorestic_status.stat.exists
changed_when: true
become: true
- name: Check if restic is installed
ansible.builtin.stat:
path: /usr/local/bin/restic
register: restic_status
- name: Install restic
ansible.builtin.command: autorestic install
when: not restic_status.stat.exists
changed_when: true
become: true

View file

@ -0,0 +1,23 @@
- name: Check if autorestic is installed
ansible.builtin.stat:
path: /usr/local/bin/autorestic
register: autorestic_status
- name: Install autorestic
ansible.builtin.shell:
executable: /usr/bin/bash
cmd: set -o pipefail && wget -qO - https://raw.githubusercontent.com/cupcakearmy/autorestic/master/install.sh | bash
when: not autorestic_status.stat.exists
changed_when: true
become: true
- name: Check if restic is installed
ansible.builtin.stat:
path: /usr/local/bin/restic
register: restic_status
- name: Install restic
ansible.builtin.command: autorestic install
when: not restic_status.stat.exists
changed_when: true
become: true

View file

@ -0,0 +1,34 @@
- name: Install systemd-resolved
ansible.builtin.apt:
pkg:
- systemd-resolved
state: present
update_cache: true
become: true
- name: Enable systemd-resolved
ansible.builtin.systemd_service:
name: systemd-resolved.service
state: started
enabled: true
daemon_reload: true
become: true
register: systemd_resolved_started
- name: Restart other dns-related services
ansible.builtin.systemd_service:
name: "{{ item }}.service"
state: restarted
daemon_reload: true
become: true
when: systemd_resolved_started.changed # noqa: no-handler TODO can we add a handler here?
loop:
- tailscaled
- name: Create resolv.conf symlink
ansible.builtin.file:
src: /run/systemd/resolve/stub-resolv.conf
dest: /etc/resolv.conf
force: true
state: link
become: true