Merge "Use a single "ssh-agent" systemd unit"
diff --git a/configs/NetworkManager/10-dnsmasq.conf b/configs/NetworkManager/10-dnsmasq.conf
new file mode 100644
index 0000000..53a8b17
--- /dev/null
+++ b/configs/NetworkManager/10-dnsmasq.conf
@@ -0,0 +1,2 @@
+[main]
+dns=dnsmasq
diff --git a/configs/NetworkManager/10-wikimedia.conf b/configs/NetworkManager/10-wikimedia.conf
new file mode 100644
index 0000000..5d5571b
--- /dev/null
+++ b/configs/NetworkManager/10-wikimedia.conf
@@ -0,0 +1,3 @@
+server=/wmnet/208.80.154.238
+server=/wmnet/208.80.153.231
+server=/wmnet/91.198.174.239
diff --git a/debian/changelog b/debian/changelog
index 6f2ea35..427a0fa 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+wmf-laptop (0.3) buster; urgency=medium
+
+ [ John Bond ]
+ * add wmf-laptop-dnsmasq package which configures NetworkManager to use
+ dnsmasq and forward WMF DNS queries to the wikimedia.org NS set
+
+ -- John Bond <jbond@wikimedia.org> Mon, 31 Aug 2020 11:52:32 +0200
+
wmf-laptop (0.2) buster; urgency=medium
[ Stephen Shirley ]
diff --git a/debian/control b/debian/control
index 560f41d..aff361a 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,15 @@
Provides: wmf-sre-laptop
Replaces: wmf-sre-laptop
Conflicts: wmf-sre-laptop, pwstore
-Depends: ruby, gnupg2, git, git-review (>= 1.27.0-1), colordiff
+Depends: ruby, gnupg2, git, colordiff
+Recommends: git-review (>= 1.27.0-1)
Description: Basic configs/scripts for laptops of WMF SREs
This package ships a number of common scripts and configs to setup a
Debian-based laptop for use by an Wikimedia Foundation SRE.
+
+Package: wmf-laptop-dnsmasq
+Architecture: any
+Depends: network-manager, dnsmasq
+Description: A set of configuration to instruct dnsmasq to query the Wikimedia nameservers
+ for domains private to the Wikimedia foundation. Also update NetworkManager to use this
+ dnsmasq configuration
diff --git a/debian/wmf-laptop-dnsmasq.install b/debian/wmf-laptop-dnsmasq.install
new file mode 100644
index 0000000..da09d1a
--- /dev/null
+++ b/debian/wmf-laptop-dnsmasq.install
@@ -0,0 +1,2 @@
+configs/NetworkManager/10-dnsmasq.conf /etc/NetworkManager/conf.d/
+configs/NetworkManager/10-wikimedia.conf /etc/NetworkManager/dnsmasq.d/
diff --git a/docs/README b/docs/README
index cc6d236..0524f86 100644
--- a/docs/README
+++ b/docs/README
@@ -11,3 +11,13 @@
Setup pwstore (shared encrypted secret storage)
/usr/share/doc/wmf-sre-laptop/SETUP.pwstore
(requires working SSH production access)
+
+# Optional packages:
+users can also `apt install wmf-laptop-dnsmasq` to add NetworkManager
+configuration to instruct the system to use dnsmasq for local name
+resolution. It also configures dnsmasq to automatically forward
+queries for the following domains to the wikimedia name servers
+ * (eqiad|codfw|esams|ulsfo|eqsin).wmnet
+
+Ensure dnsmasq service is correctly running and started via NetworkManager
+/usr/share/doc/wmf-sre-laptop/SETUP.dnsmasq
diff --git a/docs/SETUP.dnsmasq b/docs/SETUP.dnsmasq
new file mode 100644
index 0000000..34ff0d6
--- /dev/null
+++ b/docs/SETUP.dnsmasq
@@ -0,0 +1,10 @@
+- Network manager dnsmasq integration conflicts interferes with the dnsmasq service as such you will need to perform the following steps after installation
+
+ systemctl disable dnsmasq
+
+ systemctl restart NetworkManager
+
+
+- After an update one may also be need to restart NetworkManager
+
+ systemctl restart NetworkManager