configpolicy/roles/protonvpn/tasks/main.yml

- name: ensure protonvpn ca certificate is installed
  copy:
    src: ProtonVPN_ike_root.pem
    dest: /etc/strongswan/swanctl/x509ca/
    mode: '0644'
  notify: reload strongswan config
  tags:
  - strongswan-cacert

- name: ensure protonvpn configuration is set
  template:
    src: protonvpn.conf.j2
    dest: /etc/strongswan/swanctl/conf.d/protonvpn.conf
    mode: '0640'
  notify: reload strongswan config
  tags:
  - strongswan-config
  - protonvpn-config
- name: ensure protonvpn remote address is configured
  copy:
    dest: /etc/strongswan/swanctl/conf.d/protonvpn.remote_addrs
    mode: '0640'
    content: >
      remote_addrs = {{ protonvpn_server }}
    force: false
  notify: reload strongswan config
  tags:
  - strongswan-config
  - protonvpn-config

- name: ensure protonvpn-watchdog script is installed
  copy:
    src: protonvpn-watchdog.py
    dest: /usr/local/bin/protonvpn-watchdog
    mode: '0755'
  notify: restart protonvpn-watchdog
  tags:
  - protonvpn-watchdog
- name: ensure protonvpn-watchdog systemd unit is installed
  copy:
    src: protonvpn-watchdog.service
    dest: /etc/systemd/system/protonvpn-watchdog.service
    mode: '0644'
  notify:
  - reload systemd
  - restart protonvpn-watchdog
  tags:
  - protonvpn-watchdog
  - systemd
- name: ensure protonvpn-watchdog service is enabled
  service:
    name: protonvpn-watchdog
    enabled: true
  tags:
  - service
- name: ensure protonvpn-watchdog service is running
  service:
    name: protonvpn-watchdog
    state: started
  tags:
  - service