From 1204730924436ef9e1c7c49c9557837f9a5ed0e8 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Wed, 8 Feb 2023 00:40:09 -0800 Subject: fork https://github.com/mattsta/mailweb --- ansible/roles/certreload/tasks/main.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 ansible/roles/certreload/tasks/main.yml (limited to 'ansible/roles/certreload') diff --git a/ansible/roles/certreload/tasks/main.yml b/ansible/roles/certreload/tasks/main.yml new file mode 100644 index 0000000..0e4fcc7 --- /dev/null +++ b/ansible/roles/certreload/tasks/main.yml @@ -0,0 +1,21 @@ +--- +# This is a hack because ansible can't trigger handlers if they don't +# exist, so we can't have our 'certs' role unconditionally fire things +# like "reload nginx" and "reload postfix" because those don't exist +# in every deployment. +# As a hack, just check if /etc/ssl was recently modified then reload +- name: check certificate update recency + stat: + path: /etc/ssl + register: statSSL + +# Have to mock a command resulting in some "changed" status so ansible +# allows itself to trigger handlers. +# The actual restriction on this handler is the 'when' clause, not +# the command itself. +- name: reload because certs are newish + command: /bin/true + when: ((ansible_date_time.epoch |int) - (statSSL.stat.mtime |int)) < 300 + notify: + - "{{ item }}" + loop: "{{ certreload.notifiers }}" -- cgit v1.2.3