From 875cdad4241f21900f74c4bcd94cb39df41eec7a Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Sat, 21 Oct 2023 15:17:06 +0200
Subject: [PATCH] add systemd-resolved consul forwarding

add systemd-resolved consul redirection
---
 defaults/main.yml                        |  1 +
 handlers/main.yml                        |  5 +++++
 tasks/main.yml                           |  4 ++++
 tasks/systemd-resolved.yml               | 17 +++++++++++++++++
 templates/resolved.conf.d/consul.conf.j2 |  4 ++++
 5 files changed, 31 insertions(+)
 create mode 100644 tasks/systemd-resolved.yml
 create mode 100644 templates/resolved.conf.d/consul.conf.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 5398209..24ed798 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -32,3 +32,4 @@ consul_backup_location: ""
 consul_cron_hour: 1
 consul_retry_join_force:
 consul_dnsmasq_enable: False
+consul_systemd_resolved_enable: False
diff --git a/handlers/main.yml b/handlers/main.yml
index 17fbdfe..c3c8600 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -9,3 +9,8 @@
     name: dnsmasq
     enabled: true
     state: restarted
+- name: restart systemd-resolved
+  ansible.builtin.service:
+    name: systemd-resolved
+    enabled: true
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index b8b1d52..97d6e75 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -178,3 +178,7 @@
 
 - include_tasks: dnsmasq.yml
   when: consul_dnsmasq_enable | bool
+
+- name: include systemd-resolved
+  ansible.builtin.include_tasks: systemd-resolved.yml
+  when: consul_systemd_resolved_enable
diff --git a/tasks/systemd-resolved.yml b/tasks/systemd-resolved.yml
new file mode 100644
index 0000000..47d43f6
--- /dev/null
+++ b/tasks/systemd-resolved.yml
@@ -0,0 +1,17 @@
+---
+
+- name: Ensure resolved.conf.d is present
+  ansible.builtin.file:
+    path: /etc/systemd/resolved.conf.d
+    state: directory
+    owner: root
+    group: root
+    mode: "755"
+- name: "Template resolved consul config"
+  ansible.builtin.template:
+    src: resolved.conf.d/consul.conf.j2
+    dest: /etc/systemd/resolved.conf.d/consul.conf
+    group: root
+    owner: root
+    mode: "644"
+  notify: restart systemd-resolved
diff --git a/templates/resolved.conf.d/consul.conf.j2 b/templates/resolved.conf.d/consul.conf.j2
new file mode 100644
index 0000000..0d939a2
--- /dev/null
+++ b/templates/resolved.conf.d/consul.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS=127.0.0.1:8600
+DNSSEC=false
+Domains=~consul