From 61a891ae241aafeb5596289a88175c3ae66fe6a0 Mon Sep 17 00:00:00 2001
From: Massaki Archambault <marchambault@badjware.dev>
Date: Sat, 28 Dec 2024 16:41:41 -0500
Subject: [PATCH] cleanup bastion deployment a bit

---
 reboot-rpi.yml                            | 3 +++
 roles/haproxy/tasks/main.yml              | 6 ------
 roles/haproxy/templates/certbot-deploy.sh | 1 +
 roles/wireguard/tasks/main.yml            | 6 ++++--
 4 files changed, 8 insertions(+), 8 deletions(-)
 create mode 100644 reboot-rpi.yml

diff --git a/reboot-rpi.yml b/reboot-rpi.yml
new file mode 100644
index 0000000..19ec0fd
--- /dev/null
+++ b/reboot-rpi.yml
@@ -0,0 +1,3 @@
+- hosts: k3s-agent0,k3s-agent1,k3s-agent2,k3s-agent3
+  tasks:
+    - reboot:
\ No newline at end of file
diff --git a/roles/haproxy/tasks/main.yml b/roles/haproxy/tasks/main.yml
index 7f88ad0..803a9c3 100644
--- a/roles/haproxy/tasks/main.yml
+++ b/roles/haproxy/tasks/main.yml
@@ -42,9 +42,3 @@
     dest: /opt/certbot/certbot-deploy.sh
     mode: '0700'
   notify: Run certbot
-
-- name: Install weekly haproxy reload
-  cron:
-    name: "haproxy reload"
-    special_time: weekly
-    job: "/bin/systemctl reload haproxy"
\ No newline at end of file
diff --git a/roles/haproxy/templates/certbot-deploy.sh b/roles/haproxy/templates/certbot-deploy.sh
index b7c4e92..0a28262 100644
--- a/roles/haproxy/templates/certbot-deploy.sh
+++ b/roles/haproxy/templates/certbot-deploy.sh
@@ -1,2 +1,3 @@
 #!/bin/sh
 cat /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/fullchain.pem /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/privkey.pem >/etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem
+systemctl restart haproxy
\ No newline at end of file
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index a66640f..24c779f 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -22,17 +22,19 @@
     creates: /etc/wireguard/private.key
   register: private_key_gen
 
-- name: Fetch private key
+- name: Read private key
   command: cat /etc/wireguard/private.key
   register: private_key
+  changed_when: false
 
 - name: Generate public key
   shell: cat /etc/wireguard/private.key | wg pubkey >/etc/wireguard/public.key
   when: not public_key_stats.stat.exists or private_key_gen.changed
 
-- name: Fetch public key
+- name: Read public key
   command: cat /etc/wireguard/public.key
   register: public_key
+  changed_when: false
 
 - name: Print public key
   debug: