Claude assisted cleanup

2026-02-23 23:44:21 -05:00
parent d11167b345
commit 995b7c4070
34 changed files with 925 additions and 282 deletions
--- a/roles/opnsense_dns_override/README.md
+++ b/roles/opnsense_dns_override/README.md
@@ -0,0 +1,61 @@
+# opnsense_dns_override
+
+Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the `oxlorg.opnsense` collection.
+
+Accepts a list of entries, each specifying either a `host` override or a `forward` rule. All tasks delegate to localhost (OPNsense modules are API-based).
+
+## Requirements
+
+- `oxlorg.opnsense` collection
+- `module_defaults` for `group/oxlorg.opnsense.all` must be set at play level (firewall, api_key, api_secret)
+
+## Role Variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `opnsense_dns_override_entries` | `[]` | List of DNS override entries (see below) |
+
+### Entry format
+
+Each entry in `opnsense_dns_override_entries` requires:
+
+| Field | Required | Description |
+|---|---|---|
+| `type` | yes | `host` for Unbound host override, `forward` for domain forwarding |
+| `value` | yes | Target IP address |
+| `hostname` | host only | Subdomain part (e.g. `api.sno`) |
+| `domain` | yes | Parent domain for host type, or full domain for forward type |
+
+## Example Playbook
+
+```yaml
+- name: Configure OPNsense DNS overrides
+  hosts: gate.toal.ca
+  gather_facts: false
+  connection: local
+
+  module_defaults:
+    group/oxlorg.opnsense.all:
+      firewall: "{{ opnsense_host }}"
+      api_key: "{{ opnsense_api_key }}"
+      api_secret: "{{ opnsense_api_secret }}"
+
+  roles:
+    - role: opnsense_dns_override
+      opnsense_dns_override_entries:
+        - hostname: api.sno
+          domain: openshift.toal.ca
+          value: 192.168.40.10
+          type: host
+        - domain: apps.sno.openshift.toal.ca
+          value: 192.168.40.10
+          type: forward
+```
+
+## License
+
+MIT
+
+## Author
+
+ptoal
--- a/roles/opnsense_dns_override/defaults/main.yml
+++ b/roles/opnsense_dns_override/defaults/main.yml
@@ -0,0 +1,26 @@
+---
+# List of DNS override entries to create in OPNsense Unbound.
+#
+# Each entry must have:
+#   type:   "host" for unbound_host (A record override) or
+#           "forward" for unbound_forward (domain forwarding)
+#
+# For type "host":
+#   hostname: subdomain part (e.g. "api.sno")
+#   domain:   parent domain (e.g. "openshift.toal.ca")
+#   value:    target IP address
+#
+# For type "forward":
+#   domain:   full domain to forward (e.g. "apps.sno.openshift.toal.ca")
+#   value:    target IP address
+#
+# Example:
+#   opnsense_dns_override_entries:
+#     - hostname: api.sno
+#       domain: openshift.toal.ca
+#       value: 192.168.40.10
+#       type: host
+#     - domain: apps.sno.openshift.toal.ca
+#       value: 192.168.40.10
+#       type: forward
+opnsense_dns_override_entries: []
--- a/roles/opnsense_dns_override/meta/argument_specs.yml
+++ b/roles/opnsense_dns_override/meta/argument_specs.yml
@@ -0,0 +1,17 @@
+---
+argument_specs:
+  main:
+    short_description: Manage OPNsense Unbound DNS overrides
+    description:
+      - Creates Unbound host overrides (A record) and domain forwards
+        in OPNsense via the oxlorg.opnsense collection.
+      - Requires oxlorg.opnsense module_defaults to be set at play level.
+    options:
+      opnsense_dns_override_entries:
+        description: >-
+          List of DNS override entries. Each entry requires C(type) ("host" or "forward"),
+          C(value) (target IP), and either C(hostname)+C(domain) (for host type) or
+          C(domain) (for forward type).
+        type: list
+        elements: dict
+        default: []
--- a/roles/opnsense_dns_override/meta/main.yml
+++ b/roles/opnsense_dns_override/meta/main.yml
@@ -0,0 +1,16 @@
+---
+galaxy_info:
+  author: ptoal
+  description: Manage OPNsense Unbound DNS host overrides and domain forwards
+  license: MIT
+  min_ansible_version: "2.16"
+  platforms:
+    - name: GenericLinux
+      versions:
+        - all
+  galaxy_tags:
+    - opnsense
+    - dns
+    - unbound
+
+dependencies: []
--- a/roles/opnsense_dns_override/tasks/main.yml
+++ b/roles/opnsense_dns_override/tasks/main.yml
@@ -0,0 +1,24 @@
+---
+- name: Create Unbound host overrides
+  oxlorg.opnsense.unbound_host:
+    hostname: "{{ item.hostname }}"
+    domain: "{{ item.domain }}"
+    value: "{{ item.value }}"
+    match_fields:
+      - hostname
+      - domain
+    state: present
+  delegate_to: localhost
+  loop: "{{ opnsense_dns_override_entries | selectattr('type', 'eq', 'host') }}"
+  loop_control:
+    label: "{{ item.hostname }}.{{ item.domain }} -> {{ item.value }}"
+
+- name: Create Unbound domain forwards
+  oxlorg.opnsense.unbound_forward:
+    domain: "{{ item.domain }}"
+    target: "{{ item.value }}"
+    state: present
+  delegate_to: localhost
+  loop: "{{ opnsense_dns_override_entries | selectattr('type', 'eq', 'forward') }}"
+  loop_control:
+    label: "{{ item.domain }} -> {{ item.value }}"