cleanup bastion deployment a bit

reboot-rpi.yml

@@ -0,0 +1,3 @@
+- hosts: k3s-agent0,k3s-agent1,k3s-agent2,k3s-agent3
+  tasks:
+    - reboot:

roles/haproxy/tasks/main.yml

@@ -42,9 +42,3 @@
     dest: /opt/certbot/certbot-deploy.sh
     mode: '0700'
   notify: Run certbot
-
-- name: Install weekly haproxy reload
-  cron:
-    name: "haproxy reload"
-    special_time: weekly
-    job: "/bin/systemctl reload haproxy"

roles/haproxy/templates/certbot-deploy.sh

@@ -1,2 +1,3 @@
 #!/bin/sh
 cat /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/fullchain.pem /etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/privkey.pem >/etc/letsencrypt/live/{{ letsencrypt.domains[0] }}/{{ letsencrypt.domains[0] }}.pem
+systemctl restart haproxy

roles/wireguard/tasks/main.yml

@@ -22,17 +22,19 @@
     creates: /etc/wireguard/private.key
   register: private_key_gen
 
-- name: Fetch private key
+- name: Read private key
   command: cat /etc/wireguard/private.key
   register: private_key
+  changed_when: false
 
 - name: Generate public key
   shell: cat /etc/wireguard/private.key | wg pubkey >/etc/wireguard/public.key
   when: not public_key_stats.stat.exists or private_key_gen.changed
 
-- name: Fetch public key
+- name: Read public key
   command: cat /etc/wireguard/public.key
   register: public_key
+  changed_when: false
 
 - name: Print public key
   debug: