---  

# remove cosmos VPN
- name: remove cosmos openvpn profile 
  shell: |
    systemctl stop openvpn-client@cosmos-client.service
    systemctl disable openvpn-client@cosmos-client.service
    systemctl daemon-reload

- name: Install Packages  
  apt:
    name:
      - bridge-utils
    state: present

- name: get current interface name
  shell: cat /etc/network/interfaces | grep iface | grep -v loopback | awk '{print $2}'
  register: current_iface_output

- name: set current_iface
  set_fact:
    current_iface: '{{ current_iface_output.stdout_lines[0] }}'

- name: display interface name
  debug:
    msg: "Current interface is {{ current_iface }}"

- name: update interfaces file
  block:

  - name: backup original interfaces file
    shell: "cp /etc/network/interfaces /opt/interfaces-backup"
  
  - name: Comment out allow-hotplug line for main interface
    lineinfile:
      dest: /etc/network/interfaces
      regexp: '^#? *allow-hotplug {{ current_iface }}'
      line: '# allow-hotplug {{ current_iface }}'
      backrefs: yes
  
  - name: Comment out iface line for main interface
    lineinfile:
      dest: /etc/network/interfaces
      regexp: '^#? *iface {{ current_iface }} inet dhcp'
      line: '# iface {{ current_iface }} inet dhcp'
      backrefs: yes
  
#  - name: Create auto iface line for main interface
#    lineinfile:
#      dest: /etc/network/interfaces
#      regexp: '^#? *auto {{ current_iface }}'
#      line: 'auto {{ current_iface }}'
#      backrefs: yes
#  
#  - name: Create iface manual line for main interface
#    lineinfile:
#      dest: /etc/network/interfaces
#      regexp: '^#? *iface {{ current_iface }} inet manual'
#      line: 'iface {{ current_iface }} inet manual'
#      backrefs: yes

- name: Create new bridge interface file
  template:
    src: bridge.j2
    dest: /etc/network/interfaces.d/{{ bridge_name }}

- name: restart networking
  shell: |
    systemctl daemon-reload
    systemctl restart networking

- name: show bridge
  shell: |
    brctl show
    bridge link
  register: bridge_status

# enable routing on bridge
- name: "Enable routing on {{ bridge_name }}"
  shell: "iptables -A FORWARD -i {{ bridge_name }} -o {{ bridge_name }} -j ACCEPT"
  
# Make iptables rules persistent
- name: Persistence - iptables
  shell: |
    netfilter-persistent save
    netfilter-persistent reload  

- name: show bridge status
  debug:
    msg: 
      - "{{ bridge_status.stdout_lines }}"
      

...