r/protonvpn: Move remote_addrs file to /var

If `/` is mounted read-only, as is usually the case, the Proton VPN watchdog cannot update the `remote_addrs` configuration file. It needs to be stored in a directory that is guaranteed to be writable.
2022-08-20 18:15:58 -05:00
parent b6a35f9ce9
commit b7bbafd189
3 changed files with 15 additions and 3 deletions
--- a/roles/protonvpn/tasks/main.yml
+++ b/roles/protonvpn/tasks/main.yml
@@ -16,9 +16,19 @@
  tags:
  - strongswan-config
  - protonvpn-config
+- name: ensure protonvpn state directory exists
+  file:
+    path: /var/lib/protonvpn
+    mode: u=rwx,go=rx
+    owner: root
+    group: root
+    state: directory
+  tags:
+  - strongswan-config
+  - protonvpn-config
 - name: ensure protonvpn remote address is configured
  copy:
-    dest: /etc/strongswan/swanctl/conf.d/protonvpn.remote_addrs
+    dest: /var/lib/protonvpn/remote_addrs
    mode: '0640'
    content: >
      remote_addrs = {{ protonvpn_server }}