From f6996a0139f36e772eb38d72e2dbad7d312a83dd Mon Sep 17 00:00:00 2001
From: Stefan Mewes <stefan.mewes@mewes-chen.de>
Date: Sat, 11 Apr 2026 20:17:32 +0200
Subject: [PATCH] =?UTF-8?q?DNS=20Eintr=C3=A4ge=20f=C3=BCr=20Nebula=20Nodes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 nebula-dns-register.yml | 162 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 162 insertions(+)
 create mode 100644 nebula-dns-register.yml

diff --git a/nebula-dns-register.yml b/nebula-dns-register.yml
new file mode 100644
index 0000000..ae58aad
--- /dev/null
+++ b/nebula-dns-register.yml
@@ -0,0 +1,162 @@
+---
+# =============================================================
+# nebula-dns-register.yml
+#
+# Registriert alle Nebula-Nodes (Lighthouses + Server) aus dem
+# Inventory im Technitium DNS-Server unter der Zone nebula.network.
+#
+# Variablen (z. B. via Semaphore oder -e):
+#   dns_server   - IP/Hostname des Technitium DNS-Servers (Default: 192.168.0.51)
+#   dns_zone     - DNS-Zone (Default: nebula.network)
+#   api_token    - API-Token für Technitium (als Secret übergeben)
+#
+# Voraussetzung im Inventory:
+#   - Lighthouses: als Liste nebula_lighthouses mit Feldern
+#                  hostname und internal_ip  (Multi-LH-Modus)
+#                  ODER nebula_lighthouse_hostname + nebula_lighthouse_internal_ip_addr (Legacy)
+#   - Server:      Host-Variable nebula_internal_ip_addr gesetzt
+#
+# Beispiel-Aufruf:
+#   ansible-playbook -i inventory nebula-dns-register.yml \
+#     -e dns_server=192.168.0.51 \
+#     -e dns_zone=nebula.network \
+#     -e api_token=$API_TOKEN
+# =============================================================
+
+- name: Nebula DNS-Einträge in Technitium registrieren
+  hosts: all
+  gather_facts: false
+  become: false
+
+  vars:
+    dns_server: "192.168.0.51"
+    dns_zone: "nebula.network"
+    api_token: "CHANGEME"
+
+  tasks:
+
+    # ------------------------------------------------------------------
+    # 1) LIGHTHOUSES – Multi-Lighthouse-Modus (nebula_lighthouses Liste)
+    # ------------------------------------------------------------------
+    - name: "[Lighthouse] DNS-Eintrag setzen (Multi-LH-Modus)"
+      when:
+        - inventory_hostname in groups['nebula_lighthouse']
+        - nebula_lighthouses is defined
+        - nebula_lighthouses | length > 0
+      vars:
+        # Suche den passenden Lighthouse-Eintrag anhand des inventory_hostname
+        _lh: >-
+          {{
+            nebula_lighthouses
+            | selectattr('hostname', 'equalto', inventory_hostname)
+            | list
+            | first
+            | default({})
+          }}
+      uri:
+        url: >-
+          http://{{ dns_server }}:5380/api/zones/records/add
+          ?domain={{ _lh.hostname }}.{{ dns_zone }}
+          &zone={{ dns_zone }}
+          &type=A
+          &overwrite=true
+          &IPAddress={{ _lh.internal_ip }}
+          &token={{ api_token }}
+        method: GET
+        return_content: true
+        timeout: 10
+      register: _lh_dns_result
+      failed_when: >
+        _lh_dns_result.status != 200 or
+        ('status' in (_lh_dns_result.content | from_json) and
+         (_lh_dns_result.content | from_json).status != 'ok')
+      delegate_to: localhost
+
+    - name: "[Lighthouse] DNS-Rückmeldung anzeigen (Multi-LH-Modus)"
+      when:
+        - inventory_hostname in groups['nebula_lighthouse']
+        - nebula_lighthouses is defined
+        - nebula_lighthouses | length > 0
+        - _lh_dns_result is defined
+      debug:
+        msg: "✅ DNS gesetzt: {{ (nebula_lighthouses | selectattr('hostname', 'equalto', inventory_hostname) | list | first | default({})).hostname }}.{{ dns_zone }} → {{ (nebula_lighthouses | selectattr('hostname', 'equalto', inventory_hostname) | list | first | default({})).internal_ip }}"
+
+    # ------------------------------------------------------------------
+    # 2) LIGHTHOUSES – Legacy-Modus (einzelne nebula_lighthouse_* Variablen)
+    # ------------------------------------------------------------------
+    - name: "[Lighthouse] DNS-Eintrag setzen (Legacy-Modus)"
+      when:
+        - inventory_hostname in groups['nebula_lighthouse']
+        - nebula_lighthouses is not defined or nebula_lighthouses | length == 0
+        - nebula_lighthouse_hostname is defined
+        - nebula_lighthouse_internal_ip_addr is defined
+      uri:
+        url: >-
+          http://{{ dns_server }}:5380/api/zones/records/add
+          ?domain={{ nebula_lighthouse_hostname }}.{{ dns_zone }}
+          &zone={{ dns_zone }}
+          &type=A
+          &overwrite=true
+          &IPAddress={{ nebula_lighthouse_internal_ip_addr }}
+          &token={{ api_token }}
+        method: GET
+        return_content: true
+        timeout: 10
+      register: _lh_legacy_dns_result
+      failed_when: >
+        _lh_legacy_dns_result.status != 200 or
+        ('status' in (_lh_legacy_dns_result.content | from_json) and
+         (_lh_legacy_dns_result.content | from_json).status != 'ok')
+      delegate_to: localhost
+
+    - name: "[Lighthouse] DNS-Rückmeldung anzeigen (Legacy-Modus)"
+      when:
+        - inventory_hostname in groups['nebula_lighthouse']
+        - nebula_lighthouses is not defined or nebula_lighthouses | length == 0
+        - _lh_legacy_dns_result is defined
+      debug:
+        msg: "✅ DNS gesetzt: {{ nebula_lighthouse_hostname }}.{{ dns_zone }} → {{ nebula_lighthouse_internal_ip_addr }}"
+
+    # ------------------------------------------------------------------
+    # 3) SERVER – DNS-Eintrag via nebula_internal_ip_addr
+    # ------------------------------------------------------------------
+    - name: "[Server] DNS-Eintrag setzen"
+      when:
+        - inventory_hostname in groups.get('servers', [])
+        - nebula_internal_ip_addr is defined
+      uri:
+        url: >-
+          http://{{ dns_server }}:5380/api/zones/records/add
+          ?domain={{ inventory_hostname_short }}.{{ dns_zone }}
+          &zone={{ dns_zone }}
+          &type=A
+          &overwrite=true
+          &IPAddress={{ nebula_internal_ip_addr }}
+          &token={{ api_token }}
+        method: GET
+        return_content: true
+        timeout: 10
+      register: _srv_dns_result
+      failed_when: >
+        _srv_dns_result.status != 200 or
+        ('status' in (_srv_dns_result.content | from_json) and
+         (_srv_dns_result.content | from_json).status != 'ok')
+      delegate_to: localhost
+
+    - name: "[Server] DNS-Rückmeldung anzeigen"
+      when:
+        - inventory_hostname in groups.get('servers', [])
+        - nebula_internal_ip_addr is defined
+        - _srv_dns_result is defined
+      debug:
+        msg: "✅ DNS gesetzt: {{ inventory_hostname_short }}.{{ dns_zone }} → {{ nebula_internal_ip_addr }}"
+
+    # ------------------------------------------------------------------
+    # 4) Warnung für Hosts ohne Nebula-IP
+    # ------------------------------------------------------------------
+    - name: "⚠️  Kein Nebula-Eintrag – nebula_internal_ip_addr fehlt"
+      when:
+        - inventory_hostname in groups.get('servers', [])
+        - nebula_internal_ip_addr is not defined
+      debug:
+        msg: "⚠️  Host {{ inventory_hostname }} hat keine nebula_internal_ip_addr – übersprungen."
\ No newline at end of file