From 846f8bcbb4cf4fa1f4cf286b76d1cd27cc7485b2 Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Fri, 10 Sep 2021 20:26:03 +0100
Subject: [PATCH] Configure the resolver on dnsmasq

The current options are: external (google), or internal (pointing at a
specific float service, "frontend" by default).
---
 roles/float-base-dns-resolver/defaults/main.yml   | 12 +++++-------
 roles/float-base-dns-resolver/handlers/main.yml   |  4 ++++
 roles/float-base-dns-resolver/tasks/main.yml      |  8 ++++----
 .../templates/dnsmasq.conf.j2                     | 10 ++++++++++
 .../templates/resolv.conf.j2                      | 15 ---------------
 5 files changed, 23 insertions(+), 26 deletions(-)
 create mode 100644 roles/float-base-dns-resolver/handlers/main.yml
 create mode 100644 roles/float-base-dns-resolver/templates/dnsmasq.conf.j2
 delete mode 100644 roles/float-base-dns-resolver/templates/resolv.conf.j2

diff --git a/roles/float-base-dns-resolver/defaults/main.yml b/roles/float-base-dns-resolver/defaults/main.yml
index bbe15054..1eab7fa8 100644
--- a/roles/float-base-dns-resolver/defaults/main.yml
+++ b/roles/float-base-dns-resolver/defaults/main.yml
@@ -1,7 +1,5 @@
-# How to configure resolv.conf, one of the following options:
-# 'ignore' - do nothing and leave resolv.conf alone
-# 'localhost' - use localhost as the name server (presumably a cache)
-# 'internal:NET' - use the frontend hosts as resolvers, over the
-#   specified overlay network NET
-# 'external' - use Google Public DNS.
-resolver_mode: "ignore"
+resolver:
+  # Mode should be one of 'internal', 'default'.
+  mode: internal
+  service: frontend
+  overlay_network: vpn0
diff --git a/roles/float-base-dns-resolver/handlers/main.yml b/roles/float-base-dns-resolver/handlers/main.yml
new file mode 100644
index 00000000..46ee32c5
--- /dev/null
+++ b/roles/float-base-dns-resolver/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- listen: reload dnsmasq
+  command: "systemctl reload dnsmasq.service"
diff --git a/roles/float-base-dns-resolver/tasks/main.yml b/roles/float-base-dns-resolver/tasks/main.yml
index 08c88d50..98fdc9d8 100644
--- a/roles/float-base-dns-resolver/tasks/main.yml
+++ b/roles/float-base-dns-resolver/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 
-- name: Configure resolv.conf
+- name: Configure upstream resolver for dnsmasq
   template:
-    src: "resolv.conf.j2"
-    dest: "/etc/resolv.conf"
-  when: "resolver_mode != 'ignore'"
+    src: "dnsmasq.conf.j2"
+    dest: "/etc/dnsmasq.conf"
+  notify: reload dnsmasq
diff --git a/roles/float-base-dns-resolver/templates/dnsmasq.conf.j2 b/roles/float-base-dns-resolver/templates/dnsmasq.conf.j2
new file mode 100644
index 00000000..c6fa80a0
--- /dev/null
+++ b/roles/float-base-dns-resolver/templates/dnsmasq.conf.j2
@@ -0,0 +1,10 @@
+{% if resolver.mode == 'internal' %}
+{% set dns_overlay_net = resolver.get('overlay_network', net_overlays[0].name) %}
+{% set dns_service_group = services[resolver.get('service', 'frontend')].group_name %}
+{% for h in groups[dns_service_group] | sort %}
+server={{ hostvars[h]['ip_' + dns_overlay_net] }}
+{% endfor %}
+{% else %}
+server=8.8.8.8
+server=8.8.4.4
+{% endif %}
diff --git a/roles/float-base-dns-resolver/templates/resolv.conf.j2 b/roles/float-base-dns-resolver/templates/resolv.conf.j2
deleted file mode 100644
index 515fb0cb..00000000
--- a/roles/float-base-dns-resolver/templates/resolv.conf.j2
+++ /dev/null
@@ -1,15 +0,0 @@
-{% if resolver_mode == 'localhost' %}
-nameserver 127.0.0.1
-options edns0
-{% elif resolver_mode.startswith('internal:') %}
-{% set dns_overlay_net = resolver_mode[9:] %}
-{% for h in services['dns'].hosts | sort %}
-nameserver {{ hostvars[h]['ip_' + dns_overlay_net] }}
-{% endfor %}
-options edns0 rotate
-{% else %}
-nameserver 8.8.8.8
-nameserver 8.8.4.4
-options edns0
-{% endif %}
-
-- 
GitLab