Respect POSIX capabilities / cap_net_admin

If 'cap_net_admin' POSIX capability is not present, 'debops.tinc' will not try and reconfigure VPN interface automatically; tincd will still be configured but not restarted / reloaded.
debops · May 21, 2015 · 8769788 · 8769788
1 parent 0a4175c
commit 8769788
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -2,9 +2,15 @@
 
 - name: Reload tinc configuration
   command: tincd -n {{ tinc_network }} -kHUP
+  when: (ansible_local|d() and ansible_local.cap12s|d() and
+         (not ansible_local.cap12s.enabled | bool or
+          (ansible_local.cap12s.enabled | bool and "cap_net_admin" in ansible_local.cap12s.list)))
 
 - name: Restart tinc VPN connection
   shell: test -d /run/systemd/system &&
          ( systemctl restart ifup@{{ tinc_interface }}.service ) ||
          ( ifdown {{ tinc_interface }} ; ifup {{ tinc_interface }} )
+  when: (ansible_local|d() and ansible_local.cap12s|d() and
+         (not ansible_local.cap12s.enabled | bool or
+          (ansible_local.cap12s.enabled | bool and "cap_net_admin" in ansible_local.cap12s.list)))