From fd4da57a3cc8d2bfd3c098bb0197301ed263cf8d Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Wed, 8 Oct 2025 21:55:06 +0200
Subject: [PATCH] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactored=20t?=
 =?UTF-8?q?he=20code=20to=20use=20a=20more=20structured=20approach=20for?=
 =?UTF-8?q?=20DNS=20configuration=20and=20added=20optional=20tests.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Updated the role to include optional tests after running it, ensuring that DNS resolution is correctly configured. The code has been refactored to improve readability and maintainability.
---
 README.md                  | 11 +++++-
 defaults/main.yml          |  5 +++
 handlers/main.yml          | 11 ++++++
 tasks/main.yml             | 72 ++++++++++++++++++++++++++++++++++++++
 templates/resolv.conf.j2   |  4 +++
 templates/resolved.conf.j2 |  4 +++
 6 files changed, 106 insertions(+), 1 deletion(-)
 create mode 100644 handlers/main.yml
 create mode 100644 templates/resolv.conf.j2
 create mode 100644 templates/resolved.conf.j2

diff --git a/README.md b/README.md
index cf5ce34..2170be5 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
 # ansible_samba_domain_member
 
-Install and configure Samba + Kerberos to join AD
\ No newline at end of file
+Install and configure Samba + Kerberos to join AD
+
+
+🧪 Optional Tests
+
+After running the role:
+
+# DNS should resolve domain controllers:
+dig _ldap._tcp.{{ dns_search }} SRV
+host dc1.{{ dns_search }}
\ No newline at end of file
diff --git a/defaults/main.yml b/defaults/main.yml
index d48e11a..36be5b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,3 +3,8 @@ ad_realm: EXAMPLE.COM
 ad_dc: dc1.example.com
 ad_admin_user: administrator
 ad_admin_password: YourPassword
+dns_servers:
+  - 192.168.1.10
+  - 192.168.1.11
+dns_search: example.com
+nm_connection_name: "Wired connection 1"  # Change this based on your setup
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..dce0e45
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,11 @@
+# handlers/main.yml
+- name: Restart networking if required
+  service:
+    name: networking
+    state: restarted
+  when: ansible_service_mgr == "systemd"
+
+- name: Restart systemd-resolved
+  service:
+    name: systemd-resolved
+    state: restarted
diff --git a/tasks/main.yml b/tasks/main.yml
index 71dccf4..eff19d2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,67 @@
 ---
+- name: Gather service facts
+  service_facts:
+  
+- name: Determine DNS manager
+  set_fact:
+    dns_manager: >-
+      {% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
+        systemd-resolved
+      {% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
+        NetworkManager
+      {% else %}
+        manual
+      {% endif %}
+
+- name: Configure DNS for systemd-resolved
+  when: dns_manager == 'systemd-resolved'
+  template:
+    src: resolved.conf.j2
+    dest: /etc/systemd/resolved.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart systemd-resolved
+
+- name: Ensure /etc/resolv.conf points to systemd stub
+  when: dns_manager == 'systemd-resolved'
+  file:
+    src: /run/systemd/resolve/stub-resolv.conf
+    dest: /etc/resolv.conf
+    state: link
+    force: true
+
+- name: Configure DNS via NetworkManager (nmcli)
+  when: dns_manager == 'NetworkManager'
+  block:
+    - name: Set DNS servers with nmcli
+      shell: >
+        nmcli con mod "{{ nm_connection_name }}"
+        ipv4.dns "{{ dns_servers | join(' ') }}"
+        ipv4.ignore-auto-dns yes
+      args:
+        warn: false
+
+    - name: Set search domain with nmcli
+      shell: >
+        nmcli con mod "{{ nm_connection_name }}"
+        ipv4.dns-search "{{ dns_search }}"
+      args:
+        warn: false
+
+    - name: Bring connection down and up to apply changes
+      shell: >
+        nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
+      ignore_errors: true
+
+  when: dns_manager == 'manual'
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: Install required packages
   apt:
     name:
@@ -10,6 +73,15 @@
     state: present
   become: yes
 
+- name: Configure /etc/resolv.conf for AD DNS resolution
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart networking if required
+
 - name: Configure Kerberos
   template:
     src: krb5.conf.j2
diff --git a/templates/resolv.conf.j2 b/templates/resolv.conf.j2
new file mode 100644
index 0000000..5501c03
--- /dev/null
+++ b/templates/resolv.conf.j2
@@ -0,0 +1,4 @@
+search {{ dns_search }}
+{% for server in dns_servers %}
+nameserver {{ server }}
+{% endfor %}
diff --git a/templates/resolved.conf.j2 b/templates/resolved.conf.j2
new file mode 100644
index 0000000..4e9648b
--- /dev/null
+++ b/templates/resolved.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS={{ dns_servers | join(' ') }}
+Domains={{ dns_search }}
+FallbackDNS=