Reload mailserver services on certificate update

jchristgit · jchristgit · commit df3e163ce95b · 2025-03-30T17:48:54.000+02:00
diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml
@@ -3,6 +3,9 @@ all:
     lovelace:
       ansible_host: lovelace.box.pydis.wtf
       wireguard_subnet: 10.2.0.0/16
+      certbot_reload_services:
+        - dovecot
+        - postfix@-
     ldap01:
       ansible_host: ldap01.box.pydis.wtf
       wireguard_subnet: 10.3.0.0/16
diff --git a/ansible/roles/certbot/tasks/main.yml b/ansible/roles/certbot/tasks/main.yml
@@ -76,14 +76,24 @@
     - role::certbot
 
 
-- name: Reload nginx after certificate renewal
+# BEGIN temporary cleanup task
+- name: Remove old hook file
+  ansible.builtin.file:
+    path: /etc/letsencrypt/renewal-hooks/deploy/reload-nginx
+    state: absent
+# END temporary cleanup task
+
+- name: Reload services after certificate renewal
   ansible.builtin.copy:
     content: |
       #!/bin/sh
       set -ex
 
       systemctl reload nginx
-    dest: /etc/letsencrypt/renewal-hooks/deploy/reload-nginx
+      {% if certbot_reload_services %}
+      systemctl reload {{ certbot_reload_services | join(" ") }}
+      {% endif %}
+    dest: /etc/letsencrypt/renewal-hooks/deploy/reload-services
     owner: root
     group: root
     mode: "0500"
