adds resolved role

.github/workflows/molecule-resolved.yml

@@ -0,0 +1,45 @@
+---
+
+name: molecule-resolved
+
+on:
+  pull_request:
+    paths:
+      - .config/molecule
+      - .github/workflows/molecule-resolved.yml
+      - roles/systemd_resolved
+  push:
+    branches:
+      - main
+      - wip/next
+    paths:
+      - .config/molecule
+      - .github/workflows/molecule-resolved.yml
+      - roles/systemd_resolved
+
+jobs:
+
+  molecule:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        distro:
+          - archlinux
+        scenario:
+          - default
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.x'
+      - run: pip3 install ansible molecule molecule-plugins[docker] docker
+      - run: ansible --version
+      - run: molecule --version
+      - run: molecule test -p ${{ matrix.distro }} -s ${{ matrix.scenario }}
+        working-directory: ./roles/systemd_resolved
+        env:
+          ANSIBLE_DIFF_ALWAYS: 'True'
+          PY_COLORS: '1'
+
+...

README.md

@@ -2,3 +2,4 @@
 
 -   [idiv_biodiversity.systemd.systemd_journald](roles/systemd_journald/README.md)
 -   [idiv_biodiversity.systemd.systemd_networkd](roles/systemd_networkd/README.md)
+-   [idiv_biodiversity.systemd.systemd_resolved](roles/systemd_resolved/README.md)

roles/systemd_resolved/README.md

@@ -0,0 +1,116 @@
+Ansible Role: systemd_resolved
+==============================
+
+An Ansible role that configures **systemd-resolved**.
+
+Table of Contents
+-----------------
+
+<!-- toc -->
+
+- [Role Variables](#role-variables)
+- [Dependencies](#dependencies)
+- [Example Playbook](#example-playbook)
+  * [Top-Level Playbook](#top-level-playbook)
+  * [Role Dependency](#role-dependency)
+
+<!-- tocstop -->
+
+Role Variables
+--------------
+
+For a detailed description see `man 5 resolved.conf`.
+
+Define your DNS servers:
+
+```yml
+systemd_resolved_servers:
+  - a.b.c.1
+  - a.b.c.2
+
+systemd_resolved_fallback_servers:
+  - d.e.f.1
+  - d.e.f.2
+```
+
+Define your domains:
+
+```yml
+systemd_resolved_domains:
+  - example.com
+```
+
+Other variables in the order they show up along with their default values:
+
+```yml
+systemd_resolved_dnssec: no
+systemd_resolved_dns_over_tls: no
+systemd_resolved_multicast_dns: yes
+systemd_resolved_llmnr: yes
+systemd_resolved_cache: yes
+systemd_resolved_cache_from_localhost: no
+systemd_resolved_dns_stub_listener: yes
+systemd_resolved_dns_stub_listener_extra: ''
+systemd_resolved_read_etc_hosts: yes
+systemd_resolved_resolve_unicast_single_label: no
+systemd_resolved_stale_retention_sec: 0
+```
+
+
+Dependencies
+------------
+
+```yml
+---
+
+# requirements.yml
+
+collections:
+
+  - name: ansible.posix
+
+  - name: idiv_biodiversity.systemd
+    version: X.Y.Z
+
+...
+```
+
+
+Example Playbook
+----------------
+
+### Top-Level Playbook
+
+Write a top-level playbook:
+
+```yml
+---
+
+- name: head server
+  hosts: head
+
+  roles:
+    - role: idiv_biodiversity.systemd.systemd_resolved
+      tags:
+        - systemd
+        - systemd-resolved
+
+...
+```
+
+### Role Dependency
+
+Define the role dependency in `meta/main.yml`:
+
+```yml
+---
+
+dependencies:
+
+  - role: idiv_biodiversity.systemd.systemd_resolved
+    tags:
+      - systemd
+      - systemd-resolved
+
+...
+```

roles/systemd_resolved/meta/main.yml

@@ -0,0 +1,20 @@
+---
+
+galaxy_info:
+  author: Christian Krause
+  description: install and configure systemd-resolved
+  company: German Centre for Integrative Biodiversity Research (iDiv)
+  license: MIT
+  min_ansible_version: '2.9'
+
+  platforms:
+
+    - name: ArchLinux
+      versions:
+        - all
+
+  galaxy_tags:
+    - systemd
+    - resolved
+
+...

roles/systemd_resolved/molecule/default/converge.yml

@@ -0,0 +1,24 @@
+---
+
+- name: converge
+  hosts: all
+
+  pre_tasks:
+
+    - name: update package cache
+      ansible.builtin.package:
+        update_cache: yes
+      become: yes
+      changed_when: no
+      register: __update_package_cache
+      until: __update_package_cache is success
+      retries: 10
+      delay: 2
+
+  tasks:
+
+    - name: include the role
+      ansible.builtin.include_role:
+        name: idiv_biodiversity.systemd.systemd_resolved
+
+...

roles/systemd_resolved/molecule/default/molecule.yml

@@ -0,0 +1,3 @@
+---
+
+...

roles/systemd_resolved/molecule/default/verify.yml

@@ -0,0 +1,99 @@
+---
+
+- name: verify
+  hosts: all
+  tasks:
+
+    # -------------------------------------------------------------------------
+    # check package
+    # -------------------------------------------------------------------------
+
+    - name: check package installation
+      ansible.builtin.package:
+        name: systemd
+        state: present
+      check_mode: yes
+      register: __systemd_resolved_installation
+
+    - name: debug package installation
+      ansible.builtin.debug:
+        var: __systemd_resolved_installation
+
+    - name: assert on package installation
+      ansible.builtin.assert:
+        that:
+          - not __systemd_resolved_installation.failed
+          - not __systemd_resolved_installation.changed
+        success_msg: 'package is installed'
+
+    # -------------------------------------------------------------------------
+    # check configuration
+    # -------------------------------------------------------------------------
+
+    - name: check configuration file
+      ansible.builtin.stat:
+        path: /etc/systemd/resolved.conf.d/60-ansible.conf
+        get_attributes: no
+        get_checksum: no
+        get_mime: no
+      check_mode: yes
+      register: __systemd_resolved_configuration
+
+    - name: debug configuration file
+      ansible.builtin.debug:
+        var: __systemd_resolved_configuration
+
+    - name: assert on configuration file
+      ansible.builtin.assert:
+        that:
+          - __systemd_resolved_configuration.stat.exists
+        success_msg: 'configuration file exists'
+
+    # -------------------------------------------------------------------------
+    # check service
+    # -------------------------------------------------------------------------
+
+    - name: check service
+      ansible.builtin.service:
+        name: systemd-resolved
+        enabled: yes
+        state: started
+      check_mode: yes
+      register: __systemd_resolved_service
+
+    - name: debug service
+      ansible.builtin.debug:
+        var: __systemd_resolved_service
+
+    - name: assert on service
+      ansible.builtin.assert:
+        that:
+          - not __systemd_resolved_service.failed
+          - not __systemd_resolved_service.changed
+          - __systemd_resolved_service.state == 'started'
+          - __systemd_resolved_service.enabled
+        success_msg: 'service is both enabled and started'
+
+    # -------------------------------------------------------------------------
+    # check commands
+    # -------------------------------------------------------------------------
+
+    - name: 'check if `resolvectl status` works'
+      ansible.builtin.command: resolvectl status
+      changed_when: no
+      register: __systemd_resolved_resolvectl_status
+
+    - name: 'debug `resolvectl status`'
+      ansible.builtin.debug:
+        var: __systemd_resolved_resolvectl_status
+
+    - name: 'check if `systemd-resolve` can resolve'
+      ansible.builtin.command: systemd-resolve archlinux.org
+      changed_when: no
+      register: __systemd_resolved_systemd_resolve
+
+    - name: 'debug `systemd-resolve`'
+      ansible.builtin.debug:
+        var: __systemd_resolved_systemd_resolve
+
+...

roles/systemd_resolved/requirements.yml

@@ -0,0 +1,7 @@
+---
+
+collections:
+
+  - name: ansible.posix
+
+...