infra/plays/restart-vpn.yml

---
- hosts: dhcp
  become: True
  gather_facts: False
  tasks:
    - name: Load potential endpoints
      include_vars:
        file: ../vars/vault.yaml

    - name: Select a random endpoint
      set_fact:
        wg_info: "{{ vaulted_wg_info | shuffle | first }}"

    - name: Update settings to connect to {{ wg_info.name }}
      set_fact:
        wg_private_key: "{{ wg_info.private_key }}"
        wg_address: "{{ wg_info.address }}"
        wg_public_key: "{{ wg_info.pubkey }}"
        wg_endpoint: "{{ wg_info.endpoint }}"


    - name: Update wireguard config
      template:
        src: ../roles/wg-gateway/templates/wg.conf.j2
        dest: /etc/wireguard/{{ wg_interface }}.conf
        owner: root
        group: root
        mode: '0644'

    - name: Restart wireguard interface
      systemd:
        name: wg-quick@{{ wg_interface }}
        state: restarted

    - name: Edit /etc/motd
      lineinfile:
        path: /etc/motd
        regex: "^VPN Traffic tunneled through server: "
        line: "VPN Traffic tunneled through server: {{ wg_info.name }}"
      delegate_to: nas

    - name: Restart unbound
      systemd:
        name: unbound
        state: restarted