First commit

docs/sample_zone_format.yml

@@ -0,0 +1,98 @@
+---
+# Sample zone file matching the format from the user's request
+# This demonstrates how to use nsupdate_zone with the specified YAML format
+
+list_of_nsupdate_zones:
+  - name: hugs.dk
+    dns_server: ns1.mydns.com
+    records:
+      # To remove a record, set state: absent
+      - record: dnshenet-key
+        type: TXT
+        value: 'c8445a4f-cf4c-4130-94c8-21c2b0da80c0'
+        state: absent
+        
+      # Multiple values are specified in list form.
+      - record: 'hugs.dk.'
+        type: CAA
+        value:
+          - "0 issue letsencrypt.org"
+          - "0 iodef mailto:caa@valid.dk"
+
+      # the 'record' field is prepended to the 'name' of the zone unless it is terminated with a dot '.'.
+      # This record will be 'skibidi.ohio.hugs.dk' and will point to 'doesntexist.hugs.dk.'
+      - record: skibidi.ohio
+        type: CNAME
+        value: doesntexist
+
+      # You CANNOT specify other record types when the name already has a CNAME.
+      # The following example will never be able to make it into the zone file
+      # COMMENTED OUT because it would cause a CNAME conflict error
+      # - record: skibidi.ohio
+      #   type: TXT
+      #   value:
+      #     - "Q: Hey can we add an SPF record to this third party vendors CNAME?"
+      #     - "A: The answer is always no"
+
+      # Star aliases work as expected
+      - record: '*'
+        type: CNAME
+        value: 'hugs.dk.'
+
+      # When referencing the base domain, specify its FQDN followed by a period '.'
+      # Like this
+      - record: 'hugs.dk.'
+        type: TXT
+        value:
+          - "v=spf1 mx a include:_spf.google.com ~all"
+          - "google-site-verification=8PimrghUKUJi9dJhfj1CGyB7s5zzf6ZiiZxukzPALM0"
+
+      # Complex records with multiple fields are simply 
+      # separated by a space in the value field.
+      - record: 'hugs.dk.'
+        type: MX
+        value:
+          - "1 aspmx.l.google.com."
+          - "5 alt2.aspmx.l.google.com."
+          - "5 alt1.aspmx.l.google.com."
+          - "10 alt3.aspmx.l.google.com."
+          - "10 alt4.aspmx.l.google.com."
+
+# Example playbook to use this zone file
+---
+- name: Provision DNS zones efficiently
+  hosts: localhost
+  gather_facts: false
+  
+  vars_files:
+    - sample_zone_format.yml
+  
+  vars:
+    # Your TSIG key for authentication
+    dns_tsig_key_name: "nsupdate"
+    dns_tsig_key_secret: "{{ vault_dns_key }}"  # Store in ansible-vault
+    
+  tasks:
+    - name: Update DNS zones
+      valid.nsupdate_zone.nsupdate_zone:
+        key_name: "{{ dns_tsig_key_name }}"
+        key_secret: "{{ dns_tsig_key_secret }}"
+        key_algorithm: hmac-sha256
+        protocol: tcp
+        # Ignore NS records at zone apex and ACME challenge records
+        ignore_record_types:
+          - NS
+        ignore_record_patterns:
+          - '^_acme-challenge\..*'
+        zones: "{{ list_of_nsupdate_zones }}"
+      register: zone_update_result
+    
+    - name: Display update summary
+      debug:
+        msg: |
+          Zone: {{ item.zone }}
+          Changed: {{ item.changed }}
+          Changes: +{{ item.changes.adds }} -{{ item.changes.deletes }} ~{{ item.changes.updates }}
+      loop: "{{ zone_update_result.results }}"
+      loop_control:
+        label: "{{ item.zone }}"