From 6674224dcfcee5ff726bca423e6a5c6fca1affcc Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Thu, 26 Sep 2024 14:00:18 +0200
Subject: [PATCH] Update to 2024-09-26 14:00

---
 roles/nomad/tasks/conf.yml                     | 11 ++++++-----
 roles/vault_agent/templates/nomad/nomad.hcl.j2 |  2 +-
 roles/vault_bin/defaults/main.yml              |  4 ++--
 3 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml
index 08304e7..2d352ac 100644
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -38,17 +38,18 @@
       template: src=jwks-proxy.conf.j2 dest={{ nomad_root_dir }}/jwks-proxy/nginx.conf
       notify: reload nomad-jwks-proxy
 
-    - name: Deploy jwks-proxy unit
-      template: src=jwks-proxy.service.j2 dest=/etc/systemd/system/nomad-jwks-proxy.service
-      register: nomad_jwks_proxy_unit
-
     - name: Deploy logrotate conf
       template: src=logrotate.conf.j2 dest=/etc/logrotate.d/nomad-jwks-proxy
   tags: nomad
 
+- name: Deploy jwks-proxy unit
+  template: src=jwks-proxy.service.j2 dest=/etc/systemd/system/nomad-jwks-proxy.service
+  register: nomad_jwks_proxy_unit
+  tags: nomad
+
 - name: Reload systemd
   systemd: daemon_reload=true
-  when: nomad_jwks_proxy_unit is defined and nomad_jwks_proxy_unit.changed
+  when: nomad_jwks_proxy_unit.changed
   tags: nomad
 
 - name: Copy consul cert as consul CA
diff --git a/roles/vault_agent/templates/nomad/nomad.hcl.j2 b/roles/vault_agent/templates/nomad/nomad.hcl.j2
index 642d9bf..77cdb72 100644
--- a/roles/vault_agent/templates/nomad/nomad.hcl.j2
+++ b/roles/vault_agent/templates/nomad/nomad.hcl.j2
@@ -21,7 +21,7 @@ template {
   perms           = 0640
   exec {
     # Wait a few sec before reloading Nomad as it fails if reloaded while not fully initialized yet
-    command = ["sh", "-c", "sleep 15 && systemctl reload nomad || true"]
+    command = ["sh", "-c", "sleep 15 && systemctl reload nomad{% if nomad_conf.tls.http and nomad_conf.server.enabled %} nomad-jwks-proxy{% endif %} || true"]
   }
 }
 
diff --git a/roles/vault_bin/defaults/main.yml b/roles/vault_bin/defaults/main.yml
index 37a32e8..57c520d 100644
--- a/roles/vault_bin/defaults/main.yml
+++ b/roles/vault_bin/defaults/main.yml
@@ -1,7 +1,7 @@
 # Version of Vault to install
-vault_version: 1.17.5
+vault_version: 1.17.6
 # URL of the archive
 vault_archive_url: https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip
 # Expected sha256 of the archive
-vault_archive_sha256: 67eb9f95d37975e2525bbd455e19528a7759f3a56022de064bf8605fc220be47
+vault_archive_sha256: 0cddc1fbbb88583b5ba5b845f9f8fae47c6fb39a6d48cd543c6ba6fd3ac1a669