refactor ♻️: Refactoring the main.yml files to include NTP server configuration and backup of original ntp.conf.

Updated the `defaults/main.yml`, `handlers/main.yml`, and `tasks/main.yml` files to add NTP server configuration and a backup of the original `ntp.conf` file. This ensures that the system uses AD DCs as time sources and maintains a backup for future reference.
refactor ♻️: Refactored the code to use a more structured approach for DNS configuration and added optional tests.
2025-10-08 22:03:21 +02:00 · 2025-10-08 21:55:06 +02:00
6 changed files with 141 additions and 1 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,12 @@
 # ansible_samba_domain_member

-Install and configure Samba + Kerberos to join AD
+Install and configure Samba + Kerberos to join AD
+
+
+🧪 Optional Tests
+
+After running the role:
+
+# DNS should resolve domain controllers:
+dig _ldap._tcp.{{ dns_search }} SRV
+host dc1.{{ dns_search }}
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,3 +3,10 @@ ad_realm: EXAMPLE.COM
 ad_dc: dc1.example.com
 ad_admin_user: administrator
 ad_admin_password: YourPassword
+dns_servers:
+  - 192.168.1.10
+  - 192.168.1.11
+dns_search: example.com
+nm_connection_name: "Wired connection 1"  # Change this based on your setup
+ntp_servers:
+  - "{{ ad_dc }}"  # Your AD DC as time source
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,16 @@
+# handlers/main.yml
+- name: Restart networking if required
+  service:
+    name: networking
+    state: restarted
+  when: ansible_service_mgr == "systemd"
+
+- name: Restart systemd-resolved
+  service:
+    name: systemd-resolved
+    state: restarted
+
+- name: Restart ntp
+  service:
+    name: ntp
+    state: restarted
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,67 @@
 ---
+- name: Gather service facts
+  service_facts:
+  
+- name: Determine DNS manager
+  set_fact:
+    dns_manager: >-
+      {% if 'systemd-resolved.service' in ansible_facts.services and ansible_facts.services['systemd-resolved.service'].state == 'running' %}
+        systemd-resolved
+      {% elif 'NetworkManager.service' in ansible_facts.services and ansible_facts.services['NetworkManager.service'].state == 'running' %}
+        NetworkManager
+      {% else %}
+        manual
+      {% endif %}
+
+- name: Configure DNS for systemd-resolved
+  when: dns_manager == 'systemd-resolved'
+  template:
+    src: resolved.conf.j2
+    dest: /etc/systemd/resolved.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart systemd-resolved
+
+- name: Ensure /etc/resolv.conf points to systemd stub
+  when: dns_manager == 'systemd-resolved'
+  file:
+    src: /run/systemd/resolve/stub-resolv.conf
+    dest: /etc/resolv.conf
+    state: link
+    force: true
+
+- name: Configure DNS via NetworkManager (nmcli)
+  when: dns_manager == 'NetworkManager'
+  block:
+    - name: Set DNS servers with nmcli
+      shell: >
+        nmcli con mod "{{ nm_connection_name }}"
+        ipv4.dns "{{ dns_servers | join(' ') }}"
+        ipv4.ignore-auto-dns yes
+      args:
+        warn: false
+
+    - name: Set search domain with nmcli
+      shell: >
+        nmcli con mod "{{ nm_connection_name }}"
+        ipv4.dns-search "{{ dns_search }}"
+      args:
+        warn: false
+
+    - name: Bring connection down and up to apply changes
+      shell: >
+        nmcli con down "{{ nm_connection_name }}" && nmcli con up "{{ nm_connection_name }}"
+      ignore_errors: true
+
+  when: dns_manager == 'manual'
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: '0644'
+
 - name: Install required packages
  apt:
    name:
@@ -7,9 +70,46 @@
      - winbind
      - libpam-winbind
      - libnss-winbind
+      - ntp
    state: present
  become: yes

+- name: Configure /etc/resolv.conf for AD DNS resolution
+  template:
+    src: resolv.conf.j2
+    dest: /etc/resolv.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify: Restart networking if required
+
+# Backup original ntp.conf (optional safety)
+- name: Backup original ntp.conf
+  copy:
+    src: /etc/ntp.conf
+    dest: /etc/ntp.conf.bak
+    remote_src: yes
+    force: no
+  ignore_errors: yes
+
+# Configure ntp.conf to use AD DCs
+- name: Configure ntp.conf with AD domain controllers
+  blockinfile:
+    path: /etc/ntp.conf
+    marker: "# {mark} ANSIBLE_MANAGED_AD_NTP"
+    block: |
+      {% for server in ntp_servers %}
+      server {{ server }} iburst
+      {% endfor %}
+  notify: Restart ntp
+
+# Enable and start ntp service
+- name: Ensure ntp is running and enabled
+  service:
+    name: ntp
+    state: started
+    enabled: yes
+
 - name: Configure Kerberos
  template:
    src: krb5.conf.j2
--- a/templates/resolv.conf.j2
+++ b/templates/resolv.conf.j2
@@ -0,0 +1,4 @@
+search {{ dns_search }}
+{% for server in dns_servers %}
+nameserver {{ server }}
+{% endfor %}
--- a/templates/resolved.conf.j2
+++ b/templates/resolved.conf.j2
@@ -0,0 +1,4 @@
+[Resolve]
+DNS={{ dns_servers | join(' ') }}
+Domains={{ dns_search }}
+FallbackDNS=