noticket - updated ansible, letsencrypt crontab

2025-08-01 15:12:46 -04:00
parent b07404a8fa
commit ff8c73cf98
2 changed files with 11 additions and 2 deletions
--- a/ansible/roles/ssl/tasks/cron.yml
+++ b/ansible/roles/ssl/tasks/cron.yml
@@ -7,3 +7,12 @@
    job: >-
      certbot renew --post-hook "chown -R {{ podman_user }}:{{ podman_user }} /etc/letsencrypt && su -s /bin/sh podman -c 'cd; podman restart nginx'"
  tags: cron
+
+- name: monitor and fix letsencrypt permissions 
+  become: true
+  ansible.builtin.cron:
+    name: letsencrypt_permission_monitor
+    minute: "*/5"
+    job: >-
+      if [ "$(stat -c '%U:%G' /etc/letsencrypt)" != "{{ podman_user }}:{{ podman_user }}" ]; then chown -R {{ podman_user }}:{{ podman_user }} /etc/letsencrypt && logger "Fixed letsencrypt permissions for podman user" && sudo -H -u {{ podman_user }} bash -c 'cd; podman restart nginx' 2>/dev/null || true; fi
+  tags: cron
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,2 @@
-ansible==8.2.0
-yamllint==1.32.0
+ansible==11.0.0
+yamllint==1.37.1