matrix.archlinux.org: Configure static DNS via networking role

Hetzner DNS has been delaying many responses for 5 seconds, causing outgoing federation work to pile up, almost running into OOM before we noticed. I don't know if were being throttled because federation makes a *lot* of requests. Anyway, using Cloudflare DNS seems to solve it. Enable DNSOverTLS for this because we can.
2024-05-19 08:26:06 +02:00 · 2021-08-15 00:39:22 +02:00 · 2021-08-15 00:39:22 +02:00 · 6c4f215b3c
parent 94de7e216a
commit 6c4f215b3c
3 changed files with 44 additions and 6 deletions
--- a/host_vars/matrix.archlinux.org/misc
+++ b/host_vars/matrix.archlinux.org/misc
@ -1,4 +1,5 @@
 ---
 filesystem: btrfs
+static_dns: true
 wireguard_address: 10.0.0.15
 wireguard_public_key: QWkTL58mJd0+Lz5AvGVmbdSSk29y/W60WUdhTgyGLCk=
--- a/roles/networking/files/dns.conf
+++ b/roles/networking/files/dns.conf
@ -0,0 +1,15 @@
+[DHCPv4]
+UseDNS=false
+
+[DHCPv6]
+UseDNS=false
+
+[IPv6AcceptRA]
+UseDNS=false
+
+[Network]
+DNS=2606:4700:4700::1111#1dot1dot1dot1.cloudflare-dns.com
+DNS=2606:4700:4700::1001#1dot1dot1dot1.cloudflare-dns.com
+DNS=1.1.1.1#1dot1dot1dot1.cloudflare-dns.com
+DNS=1.0.0.1#1dot1dot1dot1.cloudflare-dns.com
+DNSOverTLS=true
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@ -1,14 +1,36 @@
 ---
 - name: configure network (static)
-  template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
-  notify:
-    - restart networkd
+  block:
+    - name: install 10-static-ethernet.network
+      template: src=10-static-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network owner=root group=root mode=0644
+      notify:
+        - restart networkd
+
+    - name: create drop-in directory for 10-static-ethernet.network
+      file: path=/etc/systemd/network/10-static-ethernet.network.d state=directory owner=root group=root mode=0755
+
+    - name: configure static dns (static)
+      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-static-ethernet.network.d/dns.conf owner=root group=root mode=0644
+      notify:
+        - restart networkd
+      when: static_dns|default(false)
  when: not dhcp|default(false)

 - name: configure network (dhcp)
-  template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
-  notify:
-    - restart networkd
+  block:
+    - name: install 10-dhcp-ethernet.network
+      template: src=10-dhcp-ethernet.network.j2 dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network owner=root group=root mode=0644
+      notify:
+        - restart networkd
+
+    - name: create drop-in directory for 10-dhcp-ethernet.network
+      file: path=/etc/systemd/network/10-dhcp-ethernet.network.d state=directory owner=root group=root mode=0755
+
+    - name: configure static dns (dhcp)
+      copy: src=dns.conf dest={{ chroot_path }}/etc/systemd/network/10-dhcp-ethernet.network.d/dns.conf owner=root group=root mode=0644
+      notify:
+        - restart networkd
+      when: static_dns|default(false)
  when: dhcp|default(false)

 - name: create symlink to resolv.conf