fix(security,common)!: moved sysctl and resolvconf tasks from common to security role to fix DNS resolution fail due to firewall rules

collections/ansible_collections/nullified/infrastructure/roles/security/tasks/main.yml

@@ -4,6 +4,49 @@
     gather_subset:
       - distribution
 
+- name: '[system] setup DNS server'
+  block:
+    - name: disable resolv.conf updates from dhclient
+      ansible.builtin.copy:
+        dest: /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
+        content: |
+          #!/bin/sh
+          make_resolv_conf(){
+            :
+          }
+        owner: root
+        group: root
+        mode: '0755'
+    - name: update resolv.conf
+      ansible.builtin.template:
+        src: ../templates/system/debian/resolv.conf.j2
+        dest: /etc/resolv.conf
+        mode: '0644'
+        owner: root
+        group: root
+  become: true
+  when: security_configure_resolve_conf is truthy
+
+- name: '[system] re-allow DHCP client to setup DNS resolvers'
+  become: true
+  ansible.builtin.file:
+    path: /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
+    state: absent
+  failed_when: false
+  when : security_configure_resolve_conf is falsy
+
+- name: '[system] add sysctl tweaks'
+  become: true
+  ansible.builtin.template:
+    src: ../templates/system/debian/sysctld.local.conf.j2
+    dest: /etc/sysctl.d/local.conf
+    mode: '0644'
+  when: security_sysctl_configuration is truthy
+  vars:
+    sysctl_values: "{{ security_sysctl_configuration }}"
+  notify:
+    - 'security : [system] reload sysctl configuration'
+
 - ansible.builtin.include_tasks:
     file: firewall.yml
     apply: