diff options
| -rw-r--r-- | ansible/inventory/hosts.yaml | 3 | ||||
| -rw-r--r-- | ansible/roles/certbot/tasks/main.yml | 14 |
2 files changed, 15 insertions, 2 deletions
diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml index 1c4ae82..e499002 100644 --- a/ansible/inventory/hosts.yaml +++ b/ansible/inventory/hosts.yaml @@ -3,6 +3,9 @@ all: lovelace: ansible_host: lovelace.box.pydis.wtf wireguard_subnet: 10.2.0.0/16 + certbot_reload_services: + - dovecot + - postfix@- ldap01: ansible_host: ldap01.box.pydis.wtf wireguard_subnet: 10.3.0.0/16 diff --git a/ansible/roles/certbot/tasks/main.yml b/ansible/roles/certbot/tasks/main.yml index c6df7a1..e6691a1 100644 --- a/ansible/roles/certbot/tasks/main.yml +++ b/ansible/roles/certbot/tasks/main.yml @@ -76,14 +76,24 @@ - role::certbot -- name: Reload nginx after certificate renewal +# BEGIN temporary cleanup task +- name: Remove old hook file + ansible.builtin.file: + path: /etc/letsencrypt/renewal-hooks/deploy/reload-nginx + state: absent +# END temporary cleanup task + +- name: Reload services after certificate renewal ansible.builtin.copy: content: | #!/bin/sh set -ex systemctl reload nginx - dest: /etc/letsencrypt/renewal-hooks/deploy/reload-nginx + {% if certbot_reload_services %} + systemctl reload {{ certbot_reload_services | join(" ") }} + {% endif %} + dest: /etc/letsencrypt/renewal-hooks/deploy/reload-services owner: root group: root mode: "0500" |