From 5f09f66cb64cac9f52f88662fde33ae7e91ecf7f Mon Sep 17 00:00:00 2001
From: Kristof Provost <kp@FreeBSD.org>
Date: Sun, 28 Apr 2024 21:29:07 +0200
Subject: [PATCH] Use a vault password file

Avoid us having to type the password on every invocation.

While here ensure ipsec is running.
---
 .gitignore                           | 1 +
 ansible/README.txt                   | 2 +-
 ansible/roles/router/tasks/main.yaml | 5 +++++
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b36779c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vault_pass
diff --git a/ansible/README.txt b/ansible/README.txt
index 43a93f1..2a0f0a0 100644
--- a/ansible/README.txt
+++ b/ansible/README.txt
@@ -5,4 +5,4 @@ py39-ansible-sysrc
 
 Push
 =====
-ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook --ask-vault-pass -i inventory.yaml playbook-push.yaml
+ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook --vault-password-file=.vault_pass -i inventory.yaml playbook-push.yaml
diff --git a/ansible/roles/router/tasks/main.yaml b/ansible/roles/router/tasks/main.yaml
index 5c7b6b7..315573e 100644
--- a/ansible/roles/router/tasks/main.yaml
+++ b/ansible/roles/router/tasks/main.yaml
@@ -78,3 +78,8 @@
   community.general.sysrc:
     name: strongswan_enable
     value: "YES"
+- name: Start strongswam
+  ansible.builtin.service:
+    name:  strongswan
+    state: started
+  become: true
-- 
2.51.0