# opnsense_dns_override

Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the `oxlorg.opnsense` collection.

Accepts a list of entries, each specifying either a `host` override or a `forward` rule. All tasks delegate to localhost (OPNsense modules are API-based).

## Requirements

- `oxlorg.opnsense` collection
- `module_defaults` for `group/oxlorg.opnsense.all` must be set at play level (firewall, api_key, api_secret)

## Role Variables

| Variable | Default | Description |
|---|---|---|
| `opnsense_dns_override_entries` | `[]` | List of DNS override entries (see below) |

### Entry format

Each entry in `opnsense_dns_override_entries` requires:

| Field | Required | Description |
|---|---|---|
| `type` | yes | `host` for Unbound host override, `forward` for domain forwarding |
| `value` | yes | Target IP address |
| `hostname` | host only | Subdomain part (e.g. `api.sno`) |
| `domain` | yes | Parent domain for host type, or full domain for forward type |

## Example Playbook

```yaml
- name: Configure OPNsense DNS overrides
  hosts: gate.toal.ca
  gather_facts: false
  connection: local

  module_defaults:
    group/oxlorg.opnsense.all:
      firewall: "{{ opnsense_host }}"
      api_key: "{{ opnsense_api_key }}"
      api_secret: "{{ opnsense_api_secret }}"

  roles:
    - role: opnsense_dns_override
      opnsense_dns_override_entries:
        - hostname: api.sno
          domain: openshift.toal.ca
          value: 192.168.40.10
          type: host
        - domain: apps.sno.openshift.toal.ca
          value: 192.168.40.10
          type: forward
```

## License

MIT

## Author

ptoal