add resolved dataset

2023-07-31 16:34:57 +02:00 · 2023-07-31 16:34:57 +02:00 · c9fa6cf0e5
commit c9fa6cf0e5
parent 9d2c456c59
5 changed files with 62 additions and 0 deletions
--- a/seed/resolved/applicationservice.yml
+++ b/seed/resolved/applicationservice.yml
@ -0,0 +1,3 @@
+format: '0.1'
+description: Resolved
+website: https://systemd.io/
--- a/seed/resolved/dictionaries/20_resolved.xml
+++ b/seed/resolved/dictionaries/20_resolved.xml
@ -0,0 +1,15 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<rougail version="0.10">
+  <services>
+    <service name="systemd-resolved">
+      <file engine="ansible">/etc/systemd/resolved.conf</file>
+      <file engine="ansible">/etc/dnssec-trust-anchors.d/risotto.positive</file>
+      <file engine="ansible">/etc/dnssec-trust-anchors.d/risotto.negative</file>
+    </service>
+  </services>
+  <variables>
+    <family name="network">
+      <variable name="dnssec_ds" provider="LocalDNS:DNSSEC_DS" hidden="True" multi="True"/>
+    </family>
+  </variables>
+</rougail>
--- a/seed/resolved/templates/resolved.conf
+++ b/seed/resolved/templates/resolved.conf
@ -0,0 +1,37 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it under the
+#  terms of the GNU Lesser General Public License as published by the Free
+#  Software Foundation; either version 2.1 of the License, or (at your option)
+#  any later version.
+#
+# Entries in this file show the compile time defaults. Local configuration
+# should be created by either modifying this file, or by creating "drop-ins" in
+# the resolved.conf.d/ subdirectory. The latter is generally recommended.
+# Defaults can be restored by simply deleting this file and all drop-ins.
+#
+# Use 'systemd-analyze cat-config systemd/resolved.conf' to display the full config.
+#
+# See resolved.conf(5) for details.
+
+[Resolve]
+# Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
+# Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloudflare-dns.com 2606:4700:4700::1001#cloudflare-dns.com
+# Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:4860::8844#dns.google
+# Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net
+#DNS=
+#FallbackDNS=
+#Domains=
+#DNSSEC=no
+#DNSOverTLS=no
+#MulticastDNS=no
+#LLMNR=resolve
+#>GNUNUX
+LLMNR=no
+#<GNUNUX
+#Cache=yes
+#CacheFromLocalhost=no
+#DNSStubListener=yes
+#DNSStubListenerExtra=
+#ReadEtcHosts=yes
+#ResolveUnicastSingleLabel=no
--- a/seed/resolved/templates/risotto.negative
+++ b/seed/resolved/templates/risotto.negative
@ -0,0 +1,3 @@
+#RISOTTO: do not compare
+# to remove default exception
+home.arpa
--- a/seed/resolved/templates/risotto.positive
+++ b/seed/resolved/templates/risotto.positive
@ -0,0 +1,4 @@
+#RISOTTO: do not compare
+{% for dnssec in dnssec_ds %}
+{{ dnssec }}
+{% endfor %}