ptoal/toallab-automation
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d31b14cd7210b23db3f6fd4a67d49a22fbbf6b54
toallab-automation/roles/opnsense_dns_override/README.md

62 lines
1.6 KiB
Markdown
Raw Blame History

# opnsense_dns_override
Manages OPNsense Unbound DNS host overrides (A record) and domain forwards via the `oxlorg.opnsense` collection.
Accepts a list of entries, each specifying either a `host` override or a `forward` rule. All tasks delegate to localhost (OPNsense modules are API-based).
## Requirements
- `oxlorg.opnsense` collection
- `module_defaults` for `group/oxlorg.opnsense.all` must be set at play level (firewall, api_key, api_secret)
## Role Variables
| Variable | Default | Description |
|---|---|---|
| `opnsense_dns_override_entries` | `[]` | List of DNS override entries (see below) |
### Entry format
Each entry in `opnsense_dns_override_entries` requires:
| Field | Required | Description |
|---|---|---|
| `type` | yes | `host` for Unbound host override, `forward` for domain forwarding |
| `value` | yes | Target IP address |
| `hostname` | host only | Subdomain part (e.g. `api.sno`) |
| `domain` | yes | Parent domain for host type, or full domain for forward type |
## Example Playbook
```yaml
- name: Configure OPNsense DNS overrides
hosts: gate.toal.ca
gather_facts: false
connection: local
module_defaults:
group/oxlorg.opnsense.all:
firewall: "{{ opnsense_host }}"
api_key: "{{ opnsense_api_key }}"
api_secret: "{{ opnsense_api_secret }}"
roles:
- role: opnsense_dns_override
opnsense_dns_override_entries:
- hostname: api.sno
domain: openshift.toal.ca
value: 192.168.40.10
type: host
- domain: apps.sno.openshift.toal.ca
value: 192.168.40.10
type: forward
```
## License
MIT
## Author
ptoal
Reference in New Issue View Git Blame Copy Permalink