Nebula-Ansible-Role/nebula-dns-register.yml

---
# =============================================================
# nebula-dns-register.yml
#
# Registriert alle Nebula-Nodes (Lighthouses + Server) aus dem
# Inventory im Technitium DNS-Server unter der Zone nebula.network.
#
# Variablen (z. B. via Semaphore oder -e):
#   dns_server   - IP/Hostname des Technitium DNS-Servers (Default: 192.168.0.51)
#   dns_zone     - DNS-Zone (Default: nebula.network)
#   api_token    - API-Token für Technitium (als Secret übergeben)
#
# Voraussetzung im Inventory:
#   - Lighthouses: als Liste nebula_lighthouses mit Feldern
#                  hostname und internal_ip  (Multi-LH-Modus)
#                  ODER nebula_lighthouse_hostname + nebula_lighthouse_internal_ip_addr (Legacy)
#   - Server:      Host-Variable nebula_internal_ip_addr gesetzt
#
# Beispiel-Aufruf:
#   ansible-playbook -i inventory nebula-dns-register.yml \
#     -e dns_server=192.168.0.51 \
#     -e dns_zone=nebula.network \
#     -e api_token=$API_TOKEN
# =============================================================

- name: Nebula DNS-Einträge in Technitium registrieren
  hosts: all
  gather_facts: false
  become: false

  vars:
    dns_server: "192.168.0.51"
    dns_zone: "nebula.network"
    api_token: "CHANGEME"

  tasks:

    # ------------------------------------------------------------------
    # 1) LIGHTHOUSES – Multi-Lighthouse-Modus (nebula_lighthouses Liste)
    # ------------------------------------------------------------------
    - name: "[Lighthouse] DNS-Eintrag setzen (Multi-LH-Modus)"
      when:
        - inventory_hostname in groups['nebula_lighthouse']
        - nebula_lighthouses is defined
        - nebula_lighthouses | length > 0
      vars:
        # Suche den passenden Lighthouse-Eintrag anhand des inventory_hostname
        _lh: >-
          {{
            nebula_lighthouses
            | selectattr('hostname', 'equalto', inventory_hostname)
            | list
            | first
            | default({})
          }}
      uri:
        url: >-
          http://{{ dns_server }}:5380/api/zones/records/add
          ?domain={{ _lh.hostname }}.{{ dns_zone }}
          &zone={{ dns_zone }}
          &type=A
          &overwrite=true
          &IPAddress={{ _lh.internal_ip }}
          &token={{ api_token }}
        method: GET
        return_content: true
        timeout: 10
      register: _lh_dns_result
      failed_when: >
        _lh_dns_result.status != 200 or
        ('status' in (_lh_dns_result.content | from_json) and
         (_lh_dns_result.content | from_json).status != 'ok')
      delegate_to: localhost

    - name: "[Lighthouse] DNS-Rückmeldung anzeigen (Multi-LH-Modus)"
      when:
        - inventory_hostname in groups['nebula_lighthouse']
        - nebula_lighthouses is defined
        - nebula_lighthouses | length > 0
        - _lh_dns_result is defined
      debug:
        msg: "✅ DNS gesetzt: {{ (nebula_lighthouses | selectattr('hostname', 'equalto', inventory_hostname) | list | first | default({})).hostname }}.{{ dns_zone }} → {{ (nebula_lighthouses | selectattr('hostname', 'equalto', inventory_hostname) | list | first | default({})).internal_ip }}"

    # ------------------------------------------------------------------
    # 2) LIGHTHOUSES – Legacy-Modus (einzelne nebula_lighthouse_* Variablen)
    # ------------------------------------------------------------------
    - name: "[Lighthouse] DNS-Eintrag setzen (Legacy-Modus)"
      when:
        - inventory_hostname in groups['nebula_lighthouse']
        - nebula_lighthouses is not defined or nebula_lighthouses | length == 0
        - nebula_lighthouse_hostname is defined
        - nebula_lighthouse_internal_ip_addr is defined
      uri:
        url: >-
          http://{{ dns_server }}:5380/api/zones/records/add
          ?domain={{ nebula_lighthouse_hostname }}.{{ dns_zone }}
          &zone={{ dns_zone }}
          &type=A
          &overwrite=true
          &IPAddress={{ nebula_lighthouse_internal_ip_addr }}
          &token={{ api_token }}
        method: GET
        return_content: true
        timeout: 10
      register: _lh_legacy_dns_result
      failed_when: >
        _lh_legacy_dns_result.status != 200 or
        ('status' in (_lh_legacy_dns_result.content | from_json) and
         (_lh_legacy_dns_result.content | from_json).status != 'ok')
      delegate_to: localhost

    - name: "[Lighthouse] DNS-Rückmeldung anzeigen (Legacy-Modus)"
      when:
        - inventory_hostname in groups['nebula_lighthouse']
        - nebula_lighthouses is not defined or nebula_lighthouses | length == 0
        - _lh_legacy_dns_result is defined
      debug:
        msg: "✅ DNS gesetzt: {{ nebula_lighthouse_hostname }}.{{ dns_zone }} → {{ nebula_lighthouse_internal_ip_addr }}"

    # ------------------------------------------------------------------
    # 3) SERVER – DNS-Eintrag via nebula_internal_ip_addr
    # ------------------------------------------------------------------
    - name: "[Server] DNS-Eintrag setzen"
      when:
        - inventory_hostname in groups.get('servers', [])
        - nebula_internal_ip_addr is defined
      uri:
        url: >-
          http://{{ dns_server }}:5380/api/zones/records/add
          ?domain={{ inventory_hostname_short }}.{{ dns_zone }}
          &zone={{ dns_zone }}
          &type=A
          &overwrite=true
          &IPAddress={{ nebula_internal_ip_addr }}
          &token={{ api_token }}
        method: GET
        return_content: true
        timeout: 10
      register: _srv_dns_result
      failed_when: >
        _srv_dns_result.status != 200 or
        ('status' in (_srv_dns_result.content | from_json) and
         (_srv_dns_result.content | from_json).status != 'ok')
      delegate_to: localhost

    - name: "[Server] DNS-Rückmeldung anzeigen"
      when:
        - inventory_hostname in groups.get('servers', [])
        - nebula_internal_ip_addr is defined
        - _srv_dns_result is defined
      debug:
        msg: "✅ DNS gesetzt: {{ inventory_hostname_short }}.{{ dns_zone }} → {{ nebula_internal_ip_addr }}"

    # ------------------------------------------------------------------
    # 4) Warnung für Hosts ohne Nebula-IP
    # ------------------------------------------------------------------
    - name: "⚠️  Kein Nebula-Eintrag – nebula_internal_ip_addr fehlt"
      when:
        - inventory_hostname in groups.get('servers', [])
        - nebula_internal_ip_addr is not defined
      debug:
        msg: "⚠️  Host {{ inventory_hostname }} hat keine nebula_internal_ip_addr – übersprungen."