Use valkyrie's resolv.conf

.gitignore

@@ -1,3 +1,4 @@
 group_vars/the_nine_worlds
 host_vars/valkyrie
 host_vars/yggdrasil
+playbooks/filesystem/tmp/valkyrie/etc/resolv.conf

playbooks/filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/nginx.conf

@@ -48,7 +48,6 @@ http {
     # OCSP Stapling.
     ssl_stapling on;
     ssl_stapling_verify on;
-    resolver 1.1.1.1 1.0.0.1 valid=300s;
     resolver_timeout 5s;
 
     # HTTP Strict Transport Security.

playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-rproxy/.config/systemd/user/container-rproxy-nginx.service.j2

@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-rproxy-nginx.pid %t/container-rproxy-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-rproxy-nginx.pid --cidfile %t/container-rproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-rproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro -v var_lib_letsencrypt:/var/lib/letsencrypt:ro -v ./.config/pod-rproxy/html:/var/www/html --name=pod-rproxy-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-rproxy-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-rproxy-nginx.ctr-id
 PIDFile=%t/container-rproxy-nginx.pid

playbooks/filesystem/valkyrie/var/lib/valkyrie/home/pod-www/.config/systemd/user/container-www-nginx.service.j2

@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-www-nginx.pid %t/container-www-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-www-nginx.pid --cidfile %t/container-www-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-www.pod-id --replace -dt -v /etc/resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-www/wojciechkozlowski.eu/public:/usr/share/nginx/html:ro --name=pod-www-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-www-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-www-nginx.ctr-id
 PIDFile=%t/container-www-nginx.pid

playbooks/filesystem/yggdrasil/var/lib/yggdrasil/home/pod-lrproxy/.config/systemd/user/container-lrproxy-nginx.service.j2

@@ -11,7 +11,7 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
 Restart=on-failure
 TimeoutStopSec=70
 ExecStartPre=/bin/rm -f %t/container-lrproxy-nginx.pid %t/container-lrproxy-nginx.ctr-id
-ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
+ExecStart=/usr/bin/podman run --conmon-pidfile %t/container-lrproxy-nginx.pid --cidfile %t/container-lrproxy-nginx.ctr-id --cgroups=no-conmon --pod-id-file %t/pod-lrproxy.pod-id --replace -dt {{ service_rproxy_hosts }} -v /var/lib/yggdrasil/valkyrie-resolv.conf:/etc/resolv.conf:ro -v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro -v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro -v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro -v etc_letsencrypt:/etc/letsencrypt:ro --name=pod-lrproxy-nginx docker.io/library/nginx
 ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-nginx.ctr-id
 PIDFile=%t/container-lrproxy-nginx.pid

playbooks/services-setup.yml

@@ -7,3 +7,4 @@
     - import_tasks: tasks/services/setup/01-zfs-datasets.yml
       when: is_zfs
     - import_tasks: tasks/services/setup/01-directories.yml
+    - import_tasks: tasks/services/setup/02-nameserver.yml

playbooks/tasks/services/setup/02-nameserver.yml

@@ -0,0 +1,13 @@
+- name: Fetch valkyrie's resolv.conf
+  fetch:
+    src: "/etc/resolv.conf"
+    dest: "./filesystem/tmp/"
+  when:
+    ansible_hostname == 'valkyrie'
+
+- name: Copy valkyrie's resolv.conf to yggdrasil
+  copy:
+    src: "./filesystem/tmp/valkyrie/etc/resolv.conf"
+    dest: "/var/lib/{{ ansible_hostname }}/valkyrie-resolv.conf"
+  when:
+    ansible_hostname == 'yggdrasil'