ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
995b7c4070e2c0d7d07ce0615297adff5f3c3628
toallab-automation/roles/opnsense_dns_override
History
Patrick Toal 995b7c4070 Claude assisted cleanup
2026-02-23 23:44:21 -05:00
..
defaults
Claude assisted cleanup
2026-02-23 23:44:21 -05:00
meta
Claude assisted cleanup
2026-02-23 23:44:21 -05:00
tasks
Claude assisted cleanup
2026-02-23 23:44:21 -05:00
README.md
Claude assisted cleanup
2026-02-23 23:44:21 -05:00

README.md

opnsense_dns_override

Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the oxlorg.opnsense collection.

Accepts a list of entries, each specifying either a host override or a forward rule. All tasks delegate to localhost (OPNsense modules are API-based).

Requirements

  • oxlorg.opnsense collection
  • module_defaults for group/oxlorg.opnsense.all must be set at play level (firewall, api_key, api_secret)

Role Variables

Variable Default Description
opnsense_dns_override_entries [] List of DNS override entries (see below)

Entry format

Each entry in opnsense_dns_override_entries requires:

Field Required Description
type yes host for Unbound host override, forward for domain forwarding
value yes Target IP address
hostname host only Subdomain part (e.g. api.sno)
domain yes Parent domain for host type, or full domain for forward type

Example Playbook

- name: Configure OPNsense DNS overrides
  hosts: gate.toal.ca
  gather_facts: false
  connection: local

  module_defaults:
    group/oxlorg.opnsense.all:
      firewall: "{{ opnsense_host }}"
      api_key: "{{ opnsense_api_key }}"
      api_secret: "{{ opnsense_api_secret }}"

  roles:
    - role: opnsense_dns_override
      opnsense_dns_override_entries:
        - hostname: api.sno
          domain: openshift.toal.ca
          value: 192.168.40.10
          type: host
        - domain: apps.sno.openshift.toal.ca
          value: 192.168.40.10
          type: forward

License

MIT

Author

ptoal