update restartvpn playbook to work with nord

plays/restart-vpn.yml

@@ -3,13 +3,54 @@
   become: true
   gather_facts: false
 
+  vars_files:
+    - "{{ inventory_dir }}/vars/vault.yaml"
+
+  vars:
+    openvpn_service: "openvpn@nord"
+    openvpn_remotes: "{{ vaulted_openvpn_remotes }}"
+    openvpn_user: "{{ vaulted_openvpn_user }}"
+    openvpn_pass: "{{ vaulted_openvpn_pass }}"
+
+
   tasks:
-    - name: Restart VPN
-      ansible.builtin.systemd_service:
-        name: openvpn@nord
-        state: restarted
-
-    - name: Restart unbound
-      ansible.builtin.systemd_service:
-        name: unbound
-        state: restarted
+  - name: Select random NordVPN Endpoint
+    ansible.builtin.set_fact:
+      nord_endpoint: "{{ vaulted_openvpn_remotes | random }}"
+
+
+  - name: Set config from chosen endpoint "{{ nord_endpoint.cn }}"
+    ansible.builtin.set_fact:
+      nord_remote: "{{ nord_endpoint.remote }}"
+      nord_cn: "{{ nord_endpoint.cn }}"
+
+
+  - name: Update config file settings
+    ansible.builtin.lineinfile:
+       path: /etc/openvpn/nord.conf
+       regexp: "{{ item.regexp }}"
+       line: "{{ item.line }}"
+    loop:
+      - { "label": "remote", "regexp": "^remote ",          "line": "remote {{ nord_remote }} 443" }
+      - { "label": "cn",     "regexp": "^verify-x509-name", "line": "verify-x509-name CN={{ nord_cn }}" }
+    loop_control:
+      label: "{{ item.label }}"
+
+
+  - name: Update motd script with new endpoint
+    ansible.builtin.lineinfile:
+      path: /usr/local/bin/vpn-endpoint
+      regexp: "^endpoint="
+      line: "endpoint={{ nord_cn }}"
+
+
+  - name: Bounce {{ openvpn_service }} service
+    ansible.builtin.systemd_service:
+      name: "{{ openvpn_service }}"
+      state: restarted
+
+
+  - name: Bounce unbound service
+    ansible.builtin.systemd_service:
+      name: unbound
+      state: restarted