From d24285cfc3be36f7a46be75c23aaa0dc6aef3034 Mon Sep 17 00:00:00 2001
From: Alexander Dietrich <alexander@dietrich.cx>
Date: Fri, 30 Jun 2017 22:24:56 +0200
Subject: [PATCH] certsync changes

- run weekly
- preserve modification times
- reload nginx conditionally
---
 roles/certsync/tasks/main.yml        | 4 ++--
 roles/certsync/templates/certsync.j2 | 7 +++++--
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/roles/certsync/tasks/main.yml b/roles/certsync/tasks/main.yml
index 9c3cd10..00d886e 100644
--- a/roles/certsync/tasks/main.yml
+++ b/roles/certsync/tasks/main.yml
@@ -19,6 +19,6 @@
     name: TLS Zertifikate synchronisieren
     job: "{{ certsync_script }}"
     minute: "0"
-    hour: "6"
-    day: "2"
+    hour: "7"
+    weekday: "1"
   tags: certsync
diff --git a/roles/certsync/templates/certsync.j2 b/roles/certsync/templates/certsync.j2
index 30575ee..3dc2787 100755
--- a/roles/certsync/templates/certsync.j2
+++ b/roles/certsync/templates/certsync.j2
@@ -9,7 +9,7 @@ if [ ! -d $CERT_DIR ]; then
   chmod 750 $CERT_DIR
 fi
 
-sftp -q -i {{ certsync_key }} certsync@{{ certsync_host }}:* "$CERT_DIR/" > /dev/null 2>&1
+sftp -p -q -i {{ certsync_key }} certsync@{{ certsync_host }}:* "$CERT_DIR/" > /dev/null 2>&1
 if [ $? -ne 0 ]; then
   echo "Error getting certificates"
   exit 1
@@ -17,4 +17,7 @@ fi
 chown root.root $CERT_DIR/*
 chmod 440 $CERT_DIR/*
 
-service nginx reload > /dev/null
+COUNT=$(find $CERT_DIR -mtime -7 | wc -l)
+if [ $COUNT -gt 0 ]; then
+  service nginx reload > /dev/null
+fi