Claude assisted cleanup

roles/opnsense_dns_override/README.md

@@ -0,0 +1,61 @@
+# opnsense_dns_override
+
+Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the `oxlorg.opnsense` collection.
+
+Accepts a list of entries, each specifying either a `host` override or a `forward` rule. All tasks delegate to localhost (OPNsense modules are API-based).
+
+## Requirements
+
+- `oxlorg.opnsense` collection
+- `module_defaults` for `group/oxlorg.opnsense.all` must be set at play level (firewall, api_key, api_secret)
+
+## Role Variables
+
+| Variable | Default | Description |
+|---|---|---|
+| `opnsense_dns_override_entries` | `[]` | List of DNS override entries (see below) |
+
+### Entry format
+
+Each entry in `opnsense_dns_override_entries` requires:
+
+| Field | Required | Description |
+|---|---|---|
+| `type` | yes | `host` for Unbound host override, `forward` for domain forwarding |
+| `value` | yes | Target IP address |
+| `hostname` | host only | Subdomain part (e.g. `api.sno`) |
+| `domain` | yes | Parent domain for host type, or full domain for forward type |
+
+## Example Playbook
+
+```yaml
+- name: Configure OPNsense DNS overrides
+  hosts: gate.toal.ca
+  gather_facts: false
+  connection: local
+
+  module_defaults:
+    group/oxlorg.opnsense.all:
+      firewall: "{{ opnsense_host }}"
+      api_key: "{{ opnsense_api_key }}"
+      api_secret: "{{ opnsense_api_secret }}"
+
+  roles:
+    - role: opnsense_dns_override
+      opnsense_dns_override_entries:
+        - hostname: api.sno
+          domain: openshift.toal.ca
+          value: 192.168.40.10
+          type: host
+        - domain: apps.sno.openshift.toal.ca
+          value: 192.168.40.10
+          type: forward
+```
+
+## License
+
+MIT
+
+## Author
+
+ptoal