From 82ca6a94c1cbb095d74ebf3e42468c363ab8a8f9 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Tue, 22 Oct 2024 10:02:26 +0200
Subject: [PATCH] nginx: reload server for renewed LE certificates

---
 roles/nginx/files/reload-nginx.sh | 3 +++
 roles/nginx/tasks/main.yml        | 6 ++++++
 2 files changed, 9 insertions(+)
 create mode 100644 roles/nginx/files/reload-nginx.sh

diff --git a/roles/nginx/files/reload-nginx.sh b/roles/nginx/files/reload-nginx.sh
new file mode 100644
index 0000000..e93198d
--- /dev/null
+++ b/roles/nginx/files/reload-nginx.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+service nginx reload
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index fb5d0ba..2fb8a50 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -29,6 +29,12 @@
     cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }}
     creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
 
+- name: Install certificate renewal deployment hook
+  copy:
+    dest: /etc/letsencrypt/renewal-hooks/deploy/
+    src: reload-nginx.sh
+    mode: 0755
+
 - name: Enable certbot renewal
   cron:
     name: "certbot renew"