infra/plays/restart-vpn.yml

---
- hosts: 10.0.0.2
  become: true
  gather_facts: false

  vars_files:
    - "{{ inventory_dir }}/vars/vault.yaml"

  vars:
    openvpn_service: "openvpn@nord"
    openvpn_remotes: "{{ vaulted_openvpn_remotes }}"
    openvpn_user: "{{ vaulted_openvpn_user }}"
    openvpn_pass: "{{ vaulted_openvpn_pass }}"


  tasks:
  - name: Change Nord Endpoint
    ansible.builtin.shell:
      cmd: nordvpn connect

  - name: Query Nord Endpoint Info
    ansible.builtin.shell:
      cmd: "nordvpn status | grep Hostname | awk '{print $2}'"
    register: nord_status

  - name: "NordVPN Endpoint"
    debug:
      msg: "{{ nord_status.stdout }}"

#  - name: Select random NordVPN Endpoint
#    ansible.builtin.set_fact:
#      nord_endpoint: "{{ vaulted_openvpn_remotes | random }}"


#  - name: Set config from chosen endpoint "{{ nord_endpoint.cn }}"
#    ansible.builtin.set_fact:
#      nord_remote: "{{ nord_endpoint.remote }}"
#      nord_cn: "{{ nord_endpoint.cn }}"


#  - name: Update config file settings
#    ansible.builtin.lineinfile:
#       path: /etc/openvpn/nord.conf
#       regexp: "{{ item.regexp }}"
#       line: "{{ item.line }}"
#    loop:
#      - { "label": "remote", "regexp": "^remote ",          "line": "remote {{ nord_remote }} 443" }
#      - { "label": "cn",     "regexp": "^verify-x509-name", "line": "verify-x509-name CN={{ nord_cn }}" }
#    loop_control:
#      label: "{{ item.label }}"


#  - name: Update motd script with new endpoint
#    ansible.builtin.lineinfile:
#      path: /usr/local/bin/vpn-endpoint
#      regexp: "^endpoint="
#      line: "endpoint={{ nord_cn }}"


#  - name: Bounce {{ openvpn_service }} service
#    ansible.builtin.systemd_service:
#      name: "{{ openvpn_service }}"
#      state: restarted


#  - name: Bounce unbound service
#    ansible.builtin.systemd_service:
#      name: unbound
#      state: restarted