Joakim
cf71fb3a8d
Major Changes: - Add dual SSH mode system (passthrough default, dedicated fallback) - Refactor domain configuration to use direct specification pattern - Fix critical fail2ban security gap in dedicated mode - Separate HTTP and SSH domains for cleaner Git URLs
37 lines
701 B
YAML
37 lines
701 B
YAML
---
|
|
# Gitea Role Handlers
|
|
|
|
- name: reload systemd
|
|
systemd:
|
|
daemon_reload: yes
|
|
|
|
- name: restart gitea
|
|
systemd:
|
|
name: gitea
|
|
state: restarted
|
|
when: gitea_service_state == "started"
|
|
|
|
- name: reload caddy
|
|
systemd:
|
|
name: caddy
|
|
state: reloaded
|
|
when: caddy_service_enabled | default(false)
|
|
|
|
- name: reload nftables
|
|
systemd:
|
|
name: nftables
|
|
state: reloaded
|
|
# Safety: only reload if service is active
|
|
when: ansible_connection != 'local'
|
|
|
|
- name: restart fail2ban
|
|
systemd:
|
|
name: fail2ban
|
|
state: restarted
|
|
|
|
- name: restart sshd
|
|
systemd:
|
|
name: sshd
|
|
state: restarted
|
|
# Safety: only restart if not running locally
|
|
when: ansible_connection != 'local' |