diff --git a/ansible-playbooks/update-vpn.yml b/ansible-playbooks/update-vpn.yml
new file mode 100644
index 0000000..831e259
--- /dev/null
+++ b/ansible-playbooks/update-vpn.yml
@@ -0,0 +1,24 @@
+---
+- name: Maintain VPN and Pi-hole
+  hosts: vpn
+  become: yes  
+  become_method: sudo
+
+  tasks:
+    - name: Update Pi-hole
+      ansible.builtin.shell: pihole -up
+      args:
+        executable: /bin/bash
+      register: pihole_out
+      changed_when: "'everything is up to date' not in pihole_out.stdout"
+
+    - name: Run PiVPN diagnostics with automated 'Y' responses
+      ansible.builtin.shell: yes Y | pivpn -d
+      args:
+        executable: /bin/bash
+      register: pivpn_diag
+      changed_when: false
+
+    - name: Debug Output (Optional)
+      ansible.builtin.debug:
+        msg: "Pi-hole update finished. Diagnostic ran successfully."