From 503de953a9be6d8d57495ef400f1341b3888f3f0 Mon Sep 17 00:00:00 2001
From: clyhtsuriva <aimeric@adjutor.xyz>
Date: Wed, 19 Mar 2025 21:23:18 +0100
Subject: ansible: add notifys to restart ufw w/ handlers

---
 ansible/roles/common/tasks/ufw.yml         | 3 +++
 ansible/roles/k8s/tasks/ufw.yml            | 7 +++++++
 ansible/roles/nginx/handlers/main.yml      | 6 ++++++
 ansible/roles/nginx/tasks/update_nginx.yml | 6 ------
 4 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100644 ansible/roles/nginx/handlers/main.yml

diff --git a/ansible/roles/common/tasks/ufw.yml b/ansible/roles/common/tasks/ufw.yml
index 155579f..aa8777b 100644
--- a/ansible/roles/common/tasks/ufw.yml
+++ b/ansible/roles/common/tasks/ufw.yml
@@ -9,6 +9,7 @@
     rule: allow
     name: OpenSSH
     comment: "Allow SSH"
+  notify: Restart UFW
 
 - name: Allow HTTP
   community.general.ufw:
@@ -16,6 +17,7 @@
     port: 80
     proto: tcp
     comment: "Allow HTTP"
+  notify: Restart UFW
 
 - name: Allow HTTPS
   community.general.ufw:
@@ -23,6 +25,7 @@
     port: 443
     proto: tcp
     comment: "Allow HTTPS"
+  notify: Restart UFW
 
 - name: Enable UFW
   community.general.ufw:
diff --git a/ansible/roles/k8s/tasks/ufw.yml b/ansible/roles/k8s/tasks/ufw.yml
index c4c653a..db4f27b 100644
--- a/ansible/roles/k8s/tasks/ufw.yml
+++ b/ansible/roles/k8s/tasks/ufw.yml
@@ -10,6 +10,7 @@
     port: 6443
     proto: tcp
     comment: "Kubernetes API server"
+  notify: Restart UFW
 
 - name: Allow etcd server client API (2379-2380)
   community.general.ufw:
@@ -17,6 +18,7 @@
     port: "2379:2380"
     proto: tcp
     comment: "etcd server client API"
+  notify: Restart UFW
 
 - name: Allow Kubelet API (10250)
   community.general.ufw:
@@ -24,6 +26,7 @@
     port: 10250
     proto: tcp
     comment: "Kubelet API"
+  notify: Restart UFW
 
 - name: Allow kube-scheduler (10259)
   community.general.ufw:
@@ -31,6 +34,7 @@
     port: 10259
     proto: tcp
     comment: "kube-scheduler"
+  notify: Restart UFW
 
 - name: Allow kube-controller-manager (10257)
   community.general.ufw:
@@ -38,6 +42,7 @@
     port: 10257
     proto: tcp
     comment: "kube-controller-manager"
+  notify: Restart UFW
 
 - name: Allow kube-proxy (10256)
   community.general.ufw:
@@ -45,6 +50,7 @@
     port: 10256
     proto: tcp
     comment: "kube-proxy"
+  notify: Restart UFW
 
 - name: Allow NodePort services (30000-32767)
   community.general.ufw:
@@ -52,6 +58,7 @@
     port: "30000:32767"
     proto: tcp
     comment: "NodePort services"
+  notify: Restart UFW
 
 - name: Enable UFW
   community.general.ufw:
diff --git a/ansible/roles/nginx/handlers/main.yml b/ansible/roles/nginx/handlers/main.yml
new file mode 100644
index 0000000..58ffefd
--- /dev/null
+++ b/ansible/roles/nginx/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- name: Restart Nginx
+  ansible.builtin.service:
+    name: nginx
+    state: restarted
+...
diff --git a/ansible/roles/nginx/tasks/update_nginx.yml b/ansible/roles/nginx/tasks/update_nginx.yml
index 4813e6c..ffe2725 100644
--- a/ansible/roles/nginx/tasks/update_nginx.yml
+++ b/ansible/roles/nginx/tasks/update_nginx.yml
@@ -16,10 +16,4 @@
         name: nginx
         state: started
         enabled: true
-
-  handlers:
-    - name: Restart nginx
-      ansible.builtin.service:
-        name: nginx
-        state: restarted
 ...
-- 
cgit v1.2.3