From 24e8c87356d908455b875965b3a00e0223beeef8 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Fri, 18 Nov 2022 16:10:19 -0500
Subject: [PATCH] openvpn: restart openvpn when the gateway certificate changes

If it is not restarted, the certificate is not picked up.
---
 config/roles/openvpn/tasks/credentials.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/config/roles/openvpn/tasks/credentials.yml b/config/roles/openvpn/tasks/credentials.yml
index b7e5dec0..316d6218 100644
--- a/config/roles/openvpn/tasks/credentials.yml
+++ b/config/roles/openvpn/tasks/credentials.yml
@@ -9,6 +9,12 @@
       ca: "{{ credentials_dir }}/common/api_ca.crt"
       ca_key: "{{ credentials_dir }}/common/api_ca.key"
 
+- name: Restart openvpn because gateway certificate has changed
+  systemd:
+    name: docker-openvpn-openvpn.service
+    state: restarted
+  when: sspki_sign.changed
+
 - name: Add the docker-openvpn user to the openvpn-sspki group
   user:
     name: docker-openvpn
-- 
GitLab