From ff8c73cf98958df715bcef61f77a9ad7d9ea602f Mon Sep 17 00:00:00 2001
From: Bastian de Byl <bastian@debyl.io>
Date: Fri, 1 Aug 2025 15:12:46 -0400
Subject: [PATCH] noticket - updated ansible, letsencrypt crontab

---
 ansible/roles/ssl/tasks/cron.yml | 9 +++++++++
 requirements.txt                 | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/ssl/tasks/cron.yml b/ansible/roles/ssl/tasks/cron.yml
index 26b61dd..c76bdf6 100644
--- a/ansible/roles/ssl/tasks/cron.yml
+++ b/ansible/roles/ssl/tasks/cron.yml
@@ -7,3 +7,12 @@
     job: >-
       certbot renew --post-hook "chown -R {{ podman_user }}:{{ podman_user }} /etc/letsencrypt && su -s /bin/sh podman -c 'cd; podman restart nginx'"
   tags: cron
+
+- name: monitor and fix letsencrypt permissions 
+  become: true
+  ansible.builtin.cron:
+    name: letsencrypt_permission_monitor
+    minute: "*/5"
+    job: >-
+      if [ "$(stat -c '%U:%G' /etc/letsencrypt)" != "{{ podman_user }}:{{ podman_user }}" ]; then chown -R {{ podman_user }}:{{ podman_user }} /etc/letsencrypt && logger "Fixed letsencrypt permissions for podman user" && sudo -H -u {{ podman_user }} bash -c 'cd; podman restart nginx' 2>/dev/null || true; fi
+  tags: cron
diff --git a/requirements.txt b/requirements.txt
index b32fb3f..02953e5 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1,2 @@
-ansible==8.2.0
-yamllint==1.32.0
+ansible==11.0.0
+yamllint==1.37.1