From 1bd268d1b0921236ab2047c5481dcfb639f688ff Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 20 Apr 2024 19:12:44 +0100
Subject: Use systemd service instead of service for certbot

To properly reload systemd in case of changes in unit file.
---
 TODO.txt                     | 1 -
 roles/certbot/tasks/main.yml | 6 +++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/TODO.txt b/TODO.txt
index 23d252b..a0b8f22 100644
--- a/TODO.txt
+++ b/TODO.txt
@@ -48,7 +48,6 @@ LATER
 
 * Install fail2ban.
 * Set correct hostname for each host.
-* Do `systemctl daemon-reload` on unit updates?
 
 
 DOTFILES
diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
index bef7fa6..2db3ffc 100644
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@@ -36,7 +36,11 @@
     mode: u+rw,g+r,o+r
 
 - name: Enable certbot systemd timer
-  ansible.builtin.service:
+  # `ansible.builtin.systemd_service` used here intentionally instead of
+  # `ansible.builtin.service` to issue `systemctl daemon-reload` in case of
+  # changes in Ansible managed unit file.
+  ansible.builtin.systemd_service:
     name: certbot.timer
     enabled: yes
     state: started
+    daemon_reload: true
-- 
cgit v1.2.3-70-g09d2