From a2fbe9b1e6a09de4051294dc80ae21d1e3514ce5 Mon Sep 17 00:00:00 2001
From: Solal Nathan <otthorn@crans.org>
Date: Fri, 5 Feb 2021 00:05:26 +0100
Subject: [PATCH] Post renewal hook for certbot to reload dovecot and postfix

---
 .../renewal-hooks/reload-mail-services.sh.j2        |  6 ++++++
 roles/mail_certificates/tasks/main.yml              | 13 +++++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2

diff --git a/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2 b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2
new file mode 100644
index 0000000..094fc7b
--- /dev/null
+++ b/roles/mail_certificates/letsencrypt/renewal-hooks/reload-mail-services.sh.j2
@@ -0,0 +1,6 @@
+#!/bin/sh
+{{ ansible_manged | comment }}
+# Reload Postcot and Dovecot after certificates are (re)generated
+
+systemctl reload postfix
+systemctl reload dovecot
diff --git a/roles/mail_certificates/tasks/main.yml b/roles/mail_certificates/tasks/main.yml
index 2a4e30f..2ad6314 100644
--- a/roles/mail_certificates/tasks/main.yml
+++ b/roles/mail_certificates/tasks/main.yml
@@ -22,3 +22,16 @@
     dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
     mode: 0644
   notify: Generate certificates
+
+- name: Make sure let's encrypt renewal-hooks exists
+  file:
+    path: /etc/letsencrypt/renewal-hooks/deploy
+    state: directory
+
+- name: Reload Postfix and Dovecot after certificate renewal
+  template:
+    src: letsencrypt/renewal-hooks/deploy/reload-mail-services.sh.j2
+    dest: /etc/letsencrypt/renewal-hooks/deploy/reload-mail-services.sh
+    mode: 0755
+
+# TODO: add motd