---
- name: DNS Resolver | PATCH | Install systemd-resolved
  ansible.builtin.dnf:
    name: systemd-resolved
    state: latest

- name: DNS Resolver | PATCH | Ensure systemd-resolved is in use
  ansible.builtin.systemd_service:
    name: systemd-resolved
    state: started
    enabled: true
    masked: false

- name: DNS Resolver | PATCH | Remove loopback address entries containing the hostname from /etc/hosts
  ansible.builtin.lineinfile:
    path: /etc/hosts
    regexp: '^(127\.0\.0\.1|::1)\s.*{{ inventory_hostname }}'
    state: absent

- name: DNS Resolver | PATCH | Enable DNSSEC and disable unwanted resolved features
  ansible.builtin.copy:
    src: resolved.conf
    dest: /etc/systemd/resolved.conf
    owner: root
    group: root
    mode: "0644"
  notify: "Restart systemd-resolved"
  become: true

- name: DNS Resolver | PATCH | Ensure /etc/systemd/system/systemd-resolved.service.d exists
  ansible.builtin.file:
    path: /etc/systemd/system/systemd-resolved.service.d
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: DNS Resolver | PATCH | Disable resolved record synthesising
  ansible.builtin.copy:
    src: systemd-resolved-override.conf
    dest: /etc/systemd/system/systemd-resolved.service.d/override.conf
    owner: root
    group: root
    mode: "0644"
  notify: "Restart systemd-resolved"
  become: true