From 725ce256270a7486574e505f94df075ad4daf63c Mon Sep 17 00:00:00 2001 From: ninotosh <6128440+ninotosh@users.noreply.github.com> Date: Sun, 15 Mar 2026 17:46:36 +0900 Subject: [PATCH 1/3] stops a stub resolver to free port 53 --- .../openvpn/tasks/server/prepare/main.yml | 3 +++ .../openvpn/tasks/server/prepare/resolved.yml | 27 +++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 ansible/roles/openvpn/tasks/server/prepare/resolved.yml diff --git a/ansible/roles/openvpn/tasks/server/prepare/main.yml b/ansible/roles/openvpn/tasks/server/prepare/main.yml index 32988a0..daf4dbe 100644 --- a/ansible/roles/openvpn/tasks/server/prepare/main.yml +++ b/ansible/roles/openvpn/tasks/server/prepare/main.yml @@ -1,6 +1,9 @@ - name: import system tasks ansible.builtin.import_tasks: system.yml +- name: import resolved tasks + ansible.builtin.import_tasks: resolved.yml + - name: update package cache action: "{{ ansible_pkg_mgr }} update_cache=yes" changed_when: False diff --git a/ansible/roles/openvpn/tasks/server/prepare/resolved.yml b/ansible/roles/openvpn/tasks/server/prepare/resolved.yml new file mode 100644 index 0000000..6037068 --- /dev/null +++ b/ansible/roles/openvpn/tasks/server/prepare/resolved.yml @@ -0,0 +1,27 @@ +- name: check if UDP port 53 is in use + ansible.builtin.shell: + cmd: ss -nlu | tr '\t' ' ' | tr -s ' ' | cut -d ' ' -f 4 | grep ':53$' + register: ss_udp_53_result + ignore_errors: true + changed_when: False + +- name: stop the stub listener + when: ss_udp_53_result is succeeded + block: + - name: ln + ansible.builtin.file: + state: link + force: true + src: ../run/systemd/resolve/resolv.conf + path: /etc/resolv.conf + + - name: resolved.conf + ansible.builtin.lineinfile: + path: /etc/systemd/resolved.conf + regexp: '^DNSStubListener=' + line: DNSStubListener=no + + - name: restart resolved + ansible.builtin.service: + name: systemd-resolved + state: restarted # reload unsupported From 279376c751d29e1c054ccf9ea1b6b8010024829b Mon Sep 17 00:00:00 2001 From: ninotosh <6128440+ninotosh@users.noreply.github.com> Date: Sun, 15 Mar 2026 17:50:38 +0900 Subject: [PATCH 2/3] stops counting apt update --- ansible/roles/openvpn/tasks/server/prepare/install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/roles/openvpn/tasks/server/prepare/install.yml b/ansible/roles/openvpn/tasks/server/prepare/install.yml index 259a923..68f2038 100644 --- a/ansible/roles/openvpn/tasks/server/prepare/install.yml +++ b/ansible/roles/openvpn/tasks/server/prepare/install.yml @@ -36,6 +36,7 @@ - name: update cache ansible.builtin.apt: update_cache: yes + changed_when: False - name: install openvpn ansible.builtin.apt: From f06601eb1903e3deb270eab2f4c8e521b8b487a7 Mon Sep 17 00:00:00 2001 From: ninotosh <6128440+ninotosh@users.noreply.github.com> Date: Sun, 15 Mar 2026 17:51:21 +0900 Subject: [PATCH 3/3] improved README --- .github/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index f530477..1e26169 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -94,7 +94,7 @@ In the `molecule-bash` container, run `ansible-playbook` as in [deploy.yml](work On the host, ``` -docker cp molecule-bash:${path_to_download_dir} . +docker cp molecule-bash:/tmp/download . ``` Edit the `ovpn` file if necessary, and establish a VPN connection.