From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001
From: clarkzjw <i@jinwei.me>
Date: Wed, 8 Feb 2023 00:40:09 -0800
Subject: fork https://github.com/mattsta/mailweb

---
 ansible/roles/certreload/tasks/main.yml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 ansible/roles/certreload/tasks/main.yml

(limited to 'ansible/roles/certreload')

diff --git a/ansible/roles/certreload/tasks/main.yml b/ansible/roles/certreload/tasks/main.yml
new file mode 100644
index 0000000..0e4fcc7
--- /dev/null
+++ b/ansible/roles/certreload/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+# This is a hack because ansible can't trigger handlers if they don't
+# exist, so we can't have our 'certs' role unconditionally fire things
+# like "reload nginx" and "reload postfix" because those don't exist
+# in every deployment.
+# As a hack, just check if /etc/ssl was recently modified then reload
+- name: check certificate update recency
+  stat:
+    path: /etc/ssl
+  register: statSSL
+
+# Have to mock a command resulting in some "changed" status so ansible
+# allows itself to trigger handlers.
+# The actual restriction on this handler is the 'when' clause, not
+# the command itself.
+- name: reload because certs are newish
+  command: /bin/true
+  when: ((ansible_date_time.epoch |int) - (statSSL.stat.mtime |int)) < 300
+  notify:
+    - "{{ item }}"
+  loop: "{{ certreload.notifiers }}"
-- 
cgit v1.2.3