Accueil Explorer Aide
Connexion
blaine
/
infra
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 7a719be65a
Branches Tags
infra
/
plays
/
restart-vpn.yml

restart-vpn.yml 2.1 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 
  1. ---
    2. 

  2. - hosts: 10.0.0.2
    3. 

  3.   become: true
    4. 

  4.   gather_facts: false
    5. 

  5. 

  6.   vars_files:
    7. 

  7.     - "{{ inventory_dir }}/vars/vault.yaml"
    8. 

  8. 

  9.   vars:
    10. 

  10.     openvpn_service: "openvpn@nord"
    11. 

  11.     openvpn_remotes: "{{ vaulted_openvpn_remotes }}"
    12. 

  12.     openvpn_user: "{{ vaulted_openvpn_user }}"
    13. 

  13.     openvpn_pass: "{{ vaulted_openvpn_pass }}"
    14. 

  14. 

  15. 

  16.   tasks:
    17. 

  17.   - name: Query Nord Endpoint Info (Pre-Change)
    18. 

  18.     ansible.builtin.shell:
    19. 

  19.       cmd: "nordvpn status | grep Hostname | awk '{print $2}'"
    20. 

  20.     changed_when: false
    21. 

  21.     register: nord_status_pre
    22. 

  22. 

  23. 

  24.   - name: Change Nord Endpoint
    25. 

  25.     ansible.builtin.shell:
    26. 

  26.       cmd: nordvpn connect
    27. 

  27. 

  28. 

  29.   - name: Query Nord Endpoint Info (Post-Change)
    30. 

  30.     ansible.builtin.shell:
    31. 

  31.       cmd: "nordvpn status | grep Hostname | awk '{print $2}'"
    32. 

  32.     changed_when: false
    33. 

  33.     register: nord_status_post
    34. 

  34. 

  35. 

  36.   - name: "Display VPN Endpoint Change"
    37. 

  37.     debug:
    38. 

  38.       msg: "{{ nord_status_pre.stdout }} -> {{ nord_status_post.stdout }}"
    39. 

  39. 

  40. #  - name: Select random NordVPN Endpoint
    41. 

  41. #    ansible.builtin.set_fact:
    42. 

  42. #      nord_endpoint: "{{ vaulted_openvpn_remotes | random }}"
    43. 

  43. 

  44. 

  45. #  - name: Set config from chosen endpoint "{{ nord_endpoint.cn }}"
    46. 

  46. #    ansible.builtin.set_fact:
    47. 

  47. #      nord_remote: "{{ nord_endpoint.remote }}"
    48. 

  48. #      nord_cn: "{{ nord_endpoint.cn }}"
    49. 

  49. 

  50. 

  51. #  - name: Update config file settings
    52. 

  52. #    ansible.builtin.lineinfile:
    53. 

  53. #       path: /etc/openvpn/nord.conf
    54. 

  54. #       regexp: "{{ item.regexp }}"
    55. 

  55. #       line: "{{ item.line }}"
    56. 

  56. #    loop:
    57. 

  57. #      - { "label": "remote", "regexp": "^remote ",          "line": "remote {{ nord_remote }} 443" }
    58. 

  58. #      - { "label": "cn",     "regexp": "^verify-x509-name", "line": "verify-x509-name CN={{ nord_cn }}" }
    59. 

  59. #    loop_control:
    60. 

  60. #      label: "{{ item.label }}"
    61. 

  61. 

  62. 

  63. #  - name: Update motd script with new endpoint
    64. 

  64. #    ansible.builtin.lineinfile:
    65. 

  65. #      path: /usr/local/bin/vpn-endpoint
    66. 

  66. #      regexp: "^endpoint="
    67. 

  67. #      line: "endpoint={{ nord_cn }}"
    68. 

  68. 

  69. 

  70. #  - name: Bounce {{ openvpn_service }} service
    71. 

  71. #    ansible.builtin.systemd_service:
    72. 

  72. #      name: "{{ openvpn_service }}"
    73. 

  73. #      state: restarted
    74. 

  74. 

  75. 

  76. #  - name: Bounce unbound service
    77. 

  77. #    ansible.builtin.systemd_service:
    78. 

  78. #      name: unbound
    79. 

  79. #      state: restarted
    80.