Use a vault password file

Avoid us having to type the password on every invocation.

While here ensure ipsec is running.

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..b36779c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vault_pass

diff --git a/ansible/README.txt b/ansible/README.txt
index 43a93f1..2a0f0a0 100644 (file)
--- a/ansible/README.txt
+++ b/ansible/README.txt
@@ -5,4 +5,4 @@ py39-ansible-sysrc
 
 Push
 =====
-ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook --ask-vault-pass -i inventory.yaml playbook-push.yaml
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook --vault-password-file=.vault_pass -i inventory.yaml playbook-push.yaml

diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml
index 5c7b6b7..315573e 100644 (file)
--- a/ansible/roles/router/tasks/main.yaml
+++ b/ansible/roles/router/tasks/main.yaml
@@ -78,3 +78,8 @@
   community.general.sysrc:
     name: strongswan_enable
     value: "YES"
+- name: Start strongswam
+  ansible.builtin.service:
+    name:  strongswan
+    state: started
+  become: true