|
|
@@ -3,13 +3,54 @@
|
|
|
become: true
|
|
|
gather_facts: false
|
|
|
|
|
|
+ vars_files:
|
|
|
+ - "{{ inventory_dir }}/vars/vault.yaml"
|
|
|
+
|
|
|
+ vars:
|
|
|
+ openvpn_service: "openvpn@nord"
|
|
|
+ openvpn_remotes: "{{ vaulted_openvpn_remotes }}"
|
|
|
+ openvpn_user: "{{ vaulted_openvpn_user }}"
|
|
|
+ openvpn_pass: "{{ vaulted_openvpn_pass }}"
|
|
|
+
|
|
|
+
|
|
|
tasks:
|
|
|
- - name: Restart VPN
|
|
|
- ansible.builtin.systemd_service:
|
|
|
- name: openvpn@nord
|
|
|
- state: restarted
|
|
|
-
|
|
|
- - name: Restart unbound
|
|
|
- ansible.builtin.systemd_service:
|
|
|
- name: unbound
|
|
|
- state: restarted
|
|
|
+ - name: Select random NordVPN Endpoint
|
|
|
+ ansible.builtin.set_fact:
|
|
|
+ nord_endpoint: "{{ vaulted_openvpn_remotes | random }}"
|
|
|
+
|
|
|
+
|
|
|
+ - name: Set config from chosen endpoint "{{ nord_endpoint.cn }}"
|
|
|
+ ansible.builtin.set_fact:
|
|
|
+ nord_remote: "{{ nord_endpoint.remote }}"
|
|
|
+ nord_cn: "{{ nord_endpoint.cn }}"
|
|
|
+
|
|
|
+
|
|
|
+ - name: Update config file settings
|
|
|
+ ansible.builtin.lineinfile:
|
|
|
+ path: /etc/openvpn/nord.conf
|
|
|
+ regexp: "{{ item.regexp }}"
|
|
|
+ line: "{{ item.line }}"
|
|
|
+ loop:
|
|
|
+ - { "label": "remote", "regexp": "^remote ", "line": "remote {{ nord_remote }} 443" }
|
|
|
+ - { "label": "cn", "regexp": "^verify-x509-name", "line": "verify-x509-name CN={{ nord_cn }}" }
|
|
|
+ loop_control:
|
|
|
+ label: "{{ item.label }}"
|
|
|
+
|
|
|
+
|
|
|
+ - name: Update motd script with new endpoint
|
|
|
+ ansible.builtin.lineinfile:
|
|
|
+ path: /usr/local/bin/vpn-endpoint
|
|
|
+ regexp: "^endpoint="
|
|
|
+ line: "endpoint={{ nord_cn }}"
|
|
|
+
|
|
|
+
|
|
|
+ - name: Bounce {{ openvpn_service }} service
|
|
|
+ ansible.builtin.systemd_service:
|
|
|
+ name: "{{ openvpn_service }}"
|
|
|
+ state: restarted
|
|
|
+
|
|
|
+
|
|
|
+ - name: Bounce unbound service
|
|
|
+ ansible.builtin.systemd_service:
|
|
|
+ name: unbound
|
|
|
+ state: restarted
|
Blaine Story