add systemd-resolved consul forwarding

add systemd-resolved consul redirection

defaults/main.yml

@@ -32,3 +32,4 @@ consul_backup_location: ""
 consul_cron_hour: 1
 consul_retry_join_force:
 consul_dnsmasq_enable: False
+consul_systemd_resolved_enable: False

handlers/main.yml

@@ -9,3 +9,8 @@
     name: dnsmasq
     enabled: true
     state: restarted
+- name: restart systemd-resolved
+  ansible.builtin.service:
+    name: systemd-resolved
+    enabled: true
+    state: restarted

tasks/main.yml

@@ -178,3 +178,7 @@
 
 - include_tasks: dnsmasq.yml
   when: consul_dnsmasq_enable | bool
+
+- name: include systemd-resolved
+  ansible.builtin.include_tasks: systemd-resolved.yml
+  when: consul_systemd_resolved_enable

tasks/systemd-resolved.yml

@@ -0,0 +1,17 @@
+---
+
+- name: Ensure resolved.conf.d is present
+  ansible.builtin.file:
+    path: /etc/systemd/resolved.conf.d
+    state: directory
+    owner: root
+    group: root
+    mode: "755"
+- name: "Template resolved consul config"
+  ansible.builtin.template:
+    src: resolved.conf.d/consul.conf.j2
+    dest: /etc/systemd/resolved.conf.d/consul.conf
+    group: root
+    owner: root
+    mode: "644"
+  notify: restart systemd-resolved

templates/resolved.conf.d/consul.conf.j2

@@ -0,0 +1,4 @@
+[Resolve]
+DNS=127.0.0.1:8600
+DNSSEC=false
+Domains=~consul