---
# DNS Client Configuration Playbook
#
# Usage: ansible-playbook -i inventory.ini playbooks/dns-client.yml
#
# Configures all VMs to use the internal Unbound DNS server.
# Run AFTER dns.yml has configured the server.

- name: Configure DNS Clients
  hosts: all
  become: true
  vars:
    dns_server: "{{ hostvars['dns']['nebula_ip'] }}"
  tasks:
    - name: Configure resolv.conf to use internal DNS
      copy:
        dest: /etc/resolv.conf
        content: |
          # Managed by Ansible - changes will be overwritten
          # Internal DNS server on Nebula overlay
          nameserver {{ dns_server }}
          # Fallback to public DNS if internal is unreachable
          nameserver 1.1.1.1
          nameserver 8.8.8.8
          # Search domain for short hostnames
          search nebula
        owner: root
        group: root
        mode: '0644'

    - name: Test DNS resolution
      command: getent hosts lighthouse.nebula
      register: dns_test
      changed_when: false
      failed_when: dns_test.rc != 0