debops.resolved default variables

General options

resolved__enabled

Enable or disable management of the systemd-resolved service using DebOps. If the parameter is set to False, the role will not touch service configuration.

resolved__enabled: '{{ True
                       if (ansible_service_mgr == "systemd" and
                           resolved__fact_service_state == "present")
                       else False }}'
resolved__deploy_state

This variable controls if the systemd-resolved main configuration file is managed on the host (present) or not (absent, default). If deployment state is disabled, systemd-resolved will use the configuration provided with the OS package.

resolved__deploy_state: 'absent'
resolved__resolv_conf

Specify the file which will be symlinked as the system-wide resolver configuration file (see resolv.conf(5) for details). The role will symlink the specified file as /etc/resolv.conf when both systemd-networkd and systemd-resolved services are enabled on a host.

To not make any changes, set this variable to /etc/resolv.conf.

resolved__resolv_conf: '/run/systemd/resolve/stub-resolv.conf'
resolved__fallback_conf

Name of the systemd-resolved configuration file stored in the /etc/systemd/resolved.conf.d/ directory which will contain nameserver and search domain configuration saved from Ansible facts before the service is installed. If the name is empty, the file will not be created by the role.

resolved__fallback_conf: '00fallback-dns.conf'
resolved__dnssd_enabled

Enable or disable support for publishing and resolving DNS-SD resource records using the Multicast DNS protocol. See systemd.dnssd(5) for more details about the service configuration itself and DNS-SD support in systemd-resolved documentation section about support of this functionality in the Ansible role. For this variable to work, the resolved__deploy_state variable needs to be set to present.

resolved__dnssd_enabled: True

APT packages and installation

resolved__base_packages

List of base APT packages for systemd-resolved support. The APT package is separate from systemd APT package since Debian Bookworm to allow for conflict resolution with other APT packages that provide the resolvconf service.

resolved__base_packages: '{{ ["libnss-resolve"]
                              if (ansible_distribution_release in
                                  (["stretch", "buster", "bullseye",
                                    "bionic", "focal", "jammy"]))
                              else ["systemd-resolved", "libnss-resolve"] }}'
resolved__packages

List of additional APT packages to install for systemd-resolved support.

resolved__packages: []
resolved__skip_packages

List of APT packages which provide the resolvconf service. When the role detects that they are installed on the host, it will turn itself off to avoid conflicts.

resolved__skip_packages: [ 'resolvconf', 'openresolv' ]
resolved__version

Specify the version of the systemd-resolved daemon installed on the host. By default this variable is defined using Ansible local facts and can be used to alter configuration depending on the version of the service.

resolved__version: '{{ ansible_local.resolved.version | d("0") }}'

The systemd-resolved daemon configuration

These variables define the contents of the /etc/systemd/resolved.conf configuration file. Check the resolved.conf(5) manual page for more information about the configuration options, and resolved__configuration for details about the configuration of the role itself.

By default the configuration is not applied on the hosts, you need to set resolved__deploy_state variable to present to deploy the configuration.

resolved__default_configuration

List of the default configuration options defined by the role.

resolved__default_configuration:

  - name: 'DNS'
    value: []
    state: 'init'

  - name: 'FallbackDNS'
    value: []
    state: 'init'

  - name: 'Domains'
    value: []
    state: 'init'

  - name: 'DNSSEC'
    value: False
    state: 'init'

  - name: 'DNSOverTLS'
    value: False
    state: 'init'

  - name: 'MulticastDNS'
    value: '{{ resolved__dnssd_enabled | bool }}'
    state: '{{ "init" if (resolved__dnssd_enabled | bool) else "present" }}'

  - name: 'LLMNR'
    value: True
    state: 'init'

  - name: 'Cache'
    value: True
    state: 'init'

  - name: 'DNSStubListener'
    value: True
    state: 'init'

  - name: 'DNSStubListenerExtra'
    value: ''
    state: 'init'

  - name: 'ReadEtcHosts'
    value: True
    state: 'init'

  - name: 'ResolveUnicastSingleLabel'
    value: False
    state: 'init'
resolved__configuration

List of the configuration options which should be present on all hosts in the Ansible inventory.

resolved__configuration: []
resolved__group_configuration

List of the configuration options which should be present on hosts in a specific Ansible inventory group.

resolved__group_configuration: []
resolved__host_configuration

List of the configuration options which should be present on specific hosts in the Ansible inventory.

resolved__host_configuration: []
resolved__combined_configuration

Variable which combines all configuration lists and is used in the role tasks and templates.

resolved__combined_configuration: '{{ resolved__default_configuration
                                      + resolved__configuration
                                      + resolved__group_configuration
                                      + resolved__host_configuration }}'

The DNS-SD configuration units

These variables can be used to manage systemd-resolved *.dnssd files located in the /etc/systemd/dnssd/ directory. Check the systemd.dnssd(5) manual page for more information about files themselves, and resolved__units for details about configuring units using this role.

resolved__default_units

List of the default systemd-resolved units defined by the role.

resolved__default_units:

  - name: 'workstation.dnssd'
    comment: 'Publish information about the host in mDNS'
    raw: |
      [Service]
      Name=%H
      Type=_workstation._tcp
      Port=9
    state: 'present'

  - name: 'ssh.dnssd'
    comment: 'Publish information about the SSH service'
    raw: |
      [Service]
      Name=%H
      Type=_ssh._tcp
      Port=22
    state: 'present'

  - name: 'sftp-ssh.dnssd'
    comment: 'Publish information about the SFTP service'
    raw: |
      [Service]
      Name=%H
      Type=_sftp-ssh._tcp
      Port=22
    state: 'present'
resolved__units

List of systemd-resolved units which should be present on all hosts in the Ansible inventory.

resolved__units: []
resolved__group_units

List of systemd-resolved units which should be present on hosts in a specific Ansible inventory group.

resolved__group_units: []
resolved__host_units

List of systemd-resolved units which should be present on specific hosts in the Ansible inventory.

resolved__host_units: []
resolved__dependent_units

List of systemd-resolved units which are defined by other Ansible roles using dependent role variables.

resolved__dependent_units: []
resolved__combined_units

Variable which combines all of the systemd-resolved unit lists and is used in role tasks and templates.

resolved__combined_units: '{{ resolved__default_units
                              + resolved__dependent_units
                              + resolved__units
                              + resolved__group_units
                              + resolved__host_units }}'

Configuration for other Ansible roles

resolved__dpkg_cleanup__dependent_packages

Configuration for the debops.dpkg_cleanup Ansible role.

resolved__dpkg_cleanup__dependent_packages:

  - name: 'systemd-resolved'
    ansible_fact: 'resolved'
    state: '{{ "absent"
               if (ansible_distribution_release in
                   (["stretch", "buster", "bullseye",
                     "bionic", "focal", "jammy"]))
               else "present" }}'