From 987a7d388e10816d20157836f5c923c8ea294bcc Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Wed, 22 Jan 2020 19:08:01 -0800
Subject: [PATCH] move openresolv to its own role

---
 playbook.yml                                  |  1 +
 roles/nettools/tasks/main.yml                 |  5 -----
 roles/openresolv/tasks/main.yml               | 10 ++++++++++
 roles/openresolv/templates/resolvconf.conf.j2 |  5 +++++
 roles/unbound/tasks/main.yml                  |  6 ------
 5 files changed, 16 insertions(+), 11 deletions(-)
 create mode 100644 roles/openresolv/tasks/main.yml
 create mode 100644 roles/openresolv/templates/resolvconf.conf.j2

diff --git a/playbook.yml b/playbook.yml
index 78ca042..ae5f260 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -25,6 +25,7 @@
     - { role: ntp, tags: ['ntp'] }
     - { role: firejail, tags: ['firejail'] }
     - { role: tor, tags: ['tor'], when: "tor is defined" }
+    - { role: openresolv, tags: ['openresolv'] }
     - { role: unbound, tags: ['unbound'] }
     - { role: editors, tags: ['editors'] }
     - { role: filesystems, tags: ['filesystems'] }
diff --git a/roles/nettools/tasks/main.yml b/roles/nettools/tasks/main.yml
index c78b62e..4d658a1 100644
--- a/roles/nettools/tasks/main.yml
+++ b/roles/nettools/tasks/main.yml
@@ -60,8 +60,3 @@
       - wireguard-tools
       - wireguard-dkms
     state: present
-
-- name: Install openresolv
-  pacman:
-    name: openresolv
-    state: present
diff --git a/roles/openresolv/tasks/main.yml b/roles/openresolv/tasks/main.yml
new file mode 100644
index 0000000..872e929
--- /dev/null
+++ b/roles/openresolv/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+- name: Install openresolv
+  pacman:
+    name: openresolv
+    state: present
+
+- name: Push resolvconf.conf
+  template:
+    src: resolvconf.conf.j2
+    dest: /etc/resolvconf.conf
diff --git a/roles/openresolv/templates/resolvconf.conf.j2 b/roles/openresolv/templates/resolvconf.conf.j2
new file mode 100644
index 0000000..30b7e45
--- /dev/null
+++ b/roles/openresolv/templates/resolvconf.conf.j2
@@ -0,0 +1,5 @@
+# Configuration for resolvconf(8)
+# See resolvconf.conf(5) for details
+
+resolv_conf=/etc/resolv.conf
+{% if unbound %}name_servers=127.0.0.1{% endif %}
diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index 0bd7d09..9da01be 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -23,12 +23,6 @@
     enabled: yes
     state: started
 
-- name: Configure resolvconf to use Unbound
-  lineinfile:
-    dest: /etc/resolvconf.conf
-    state: present
-    line: "name_servers=127.0.0.1"
-
 - name: Push Unbound root hits update service file
   copy:
     src: roothints.service