5 changed files with 73 additions and 0 deletions
--- a/playbooks/kresd.yml
+++ b/playbooks/kresd.yml
@ -0,0 +1,22 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - dns-1.int.infra.auro.re
+  vars:
+    kresd__listen:
+      - address: 0.0.0.0
+        port: 53
+        kind: dns
+      - address: "::"
+        port: 53
+        kind: dns
+      - address: 0.0.0.0
+        port: 853
+        kind: tls
+      - address: "::"
+        port: 853
+        kind: tls
+    kresd__cache_size: 256
+  roles:
+    - kresd
+...
--- a/roles/kresd/defaults/main.yml
+++ b/roles/kresd/defaults/main.yml
@ -0,0 +1,4 @@
+---
+kresd__listen: []
+kresd__freebind: true
+kresd__cache_size: 128
--- a/roles/kresd/handlers/main.yml
+++ b/roles/kresd/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Restart kresd
+  systemd:
+    name: kresd@1.service
+    state: restarted
--- a/roles/kresd/tasks/main.yml
+++ b/roles/kresd/tasks/main.yml
@ -0,0 +1,21 @@
+---
+- name: Install knot-resolver
+  apt:
+    name: knot-resolver
+
+- name: Configure kresd
+  template:
+    src: kresd.conf.j2
+    dest: /etc/knot-resolver/kresd.conf
+    owner: root
+    group: knot-resolver
+    mode: u=rw,g=r,o=
+  notify:
+    - Restart kresd
+
+- name: Enable and start kresd
+  systemd:
+    name: kresd@1.service
+    state: started
+    enabled: true
+...
--- a/roles/kresd/templates/kresd.conf.j2
+++ b/roles/kresd/templates/kresd.conf.j2
@ -0,0 +1,21 @@
+{{ ansible_managed | comment(decoration="-- ") }}
+
+{% for listen in kresd__listen %}
+net.listen(
+    {{ listen.address | enquote }},
+    {{ listen.port | int }},
+    {
+        kind = {{ listen.kind | enquote }},
+        freebind = {{ listen.freebind
+                      | default(kresd__freebind) }},
+    }
+)
+{% endfor %}
+
+modules = {
+    'hints > iterate',
+    'stats',
+    'predict',
+}
+
+cache.size = {{ kresd__cache_size | int }} * MB