diff --git a/roles/protonvpn/files/protonvpn-watchdog.py b/roles/protonvpn/files/protonvpn-watchdog.py index ad1cc1a..41b9f9a 100644 --- a/roles/protonvpn/files/protonvpn-watchdog.py +++ b/roles/protonvpn/files/protonvpn-watchdog.py @@ -102,7 +102,7 @@ class AsyncDaemon(BaseAsyncDaemon): ) CONFIG = os.environ.get( 'PROTONVPN_CONFIG', - '/etc/strongswan/swanctl/conf.d/protonvpn.remote_addrs', + '/var/lib/protonvpn/remote_addrs', ) def __init__(self) -> None: @@ -215,6 +215,8 @@ class AsyncDaemon(BaseAsyncDaemon): if not self.serverlist: log.error('Cannot reconfigure: no known servers!') return + if not os.path.isdir(os.path.dirname(self.CONFIG)): + os.makedirs(os.path.dirname(self.CONFIG)) fd = os.open(self.CONFIG, os.O_CREAT | os.O_RDWR, 0o644) with open(fd, 'r+', encoding='utf-8') as f: line = f.readline() diff --git a/roles/protonvpn/tasks/main.yml b/roles/protonvpn/tasks/main.yml index a1c8833..df24820 100644 --- a/roles/protonvpn/tasks/main.yml +++ b/roles/protonvpn/tasks/main.yml @@ -16,9 +16,19 @@ tags: - strongswan-config - protonvpn-config +- name: ensure protonvpn state directory exists + file: + path: /var/lib/protonvpn + mode: u=rwx,go=rx + owner: root + group: root + state: directory + tags: + - strongswan-config + - protonvpn-config - name: ensure protonvpn remote address is configured copy: - dest: /etc/strongswan/swanctl/conf.d/protonvpn.remote_addrs + dest: /var/lib/protonvpn/remote_addrs mode: '0640' content: > remote_addrs = {{ protonvpn_server }} diff --git a/roles/protonvpn/templates/protonvpn.conf.j2 b/roles/protonvpn/templates/protonvpn.conf.j2 index 880cced..1182cac 100644 --- a/roles/protonvpn/templates/protonvpn.conf.j2 +++ b/roles/protonvpn/templates/protonvpn.conf.j2 @@ -1,7 +1,7 @@ connections { protonvpn { local_addrs = %any - include protonvpn.remote_addrs + include /var/lib/protonvpn/remote_addrs vips = 0.0.0.0,:: keyingtries = 0 dpd_delay = 10s