Make sure openvpn is restarted when the gw certificate changes.

author: Micah Anderson <micah@riseup.net> 2022-06-14 11:14:57 -0400
committer: Micah Anderson <micah@riseup.net> 2022-06-14 11:18:16 -0400
commit: 470fbcbce59c4c4f6183e1c19ef645347a25ca9a (patch)
tree: 213d9b839b8b546e5371dc75abed3cff6704c3d5
parent: 6d579242df315671252c38a183bce44551ee4cb5 (diff)
2 files changed, 7 insertions, 1 deletions
diff --git a/config/roles/openvpn/handlers/main.yml b/config/roles/openvpn/handlers/main.yml
index 2c3168a..8178e77 100644
--- a/config/roles/openvpn/handlers/main.yml
+++ b/config/roles/openvpn/handlers/main.yml
@@ -5,7 +5,7 @@
     name: firewall.service
     state: restarted
 
-- listen: "restart docker-openvpn-openvpn"
+- listen: "restart openvpn"
   systemd:
     name: "docker-openvpn-openvpn.service"
     state: restarted
diff --git a/config/roles/openvpn/tasks/credentials.yml b/config/roles/openvpn/tasks/credentials.yml
index 0559455..35632d2 100644
--- a/config/roles/openvpn/tasks/credentials.yml
+++ b/config/roles/openvpn/tasks/credentials.yml
@@ -9,6 +9,12 @@
       ca: "{{ credentials_dir }}/common/api_ca.crt"
       ca_key: "{{ credentials_dir }}/common/api_ca.key"
 
+- name: Restart openvpn because gateway certificate has changed
+  systemd:
+    name: docker-openvpn-openvpn.service
+    state: restarted
+  when: sspki_sign.changed
+
 - name: Add the docker-openvpn user to the openvpn-sspki group
   user:
     name: docker-openvpn
author	Micah Anderson <micah@riseup.net>	2022-06-14 11:14:57 -0400
committer	Micah Anderson <micah@riseup.net>	2022-06-14 11:18:16 -0400
commit	470fbcbce59c4c4f6183e1c19ef645347a25ca9a (patch)
tree	213d9b839b8b546e5371dc75abed3cff6704c3d5
parent	6d579242df315671252c38a183bce44551ee4cb5 (diff)