I created a small Ansible role yesterday/today that is actually part of an Ansible Galaxy collection. A small side project I’m running that is somehow expanding into a larger project.
Anyway, you guys may have had a little more traffic since yesterday because of the testing procedure. And I would love to test more.
The main focus with this role is to be part of the collection and mainly provide your dyndns service in combination with the wg-easy (wireguard) role. But more options are always good.
For now it just creates an account, a domain, updating the IP and installs ddclient (with configuration).
If anyone is interested, take a look at codeberg.org.
I’ve been managing my DNS zones with Ansible for a while now and thought I’d share my setup. It’s built around deSEC as the DNS provider and uses their REST API directly.
What it does:
Generates normalized zone files from a simple YAML config
Applies changes directly to deSEC API with full prune support
Separates defaults from zone-specific records
Keeps everything in Git with clear diffs
Key features:
Single source of truth in vars/zones.yml
Automatic merging with defaults from vars/dns_defaults.yml
Provider-managed records (NS/SOA) are ignored automatically
Workflow: make generate → review diff → make apply
Stack:
Ansible with native uri module
deSEC API (REST)
If you’re looking for a Git-driven DNS workflow with deSEC, this might be a good starting point. Happy to answer questions!