From 1ae978c74a06f14426ccd192776bbe12850a5404 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Mon, 28 Mar 2022 13:27:19 +0200
Subject: [PATCH] minifirewall: restore "force-restart" and fix
 "restart-if-needed"

---
 minifirewall/tasks/config.yml  | 13 +------------
 minifirewall/tasks/install.yml |  2 ++
 minifirewall/tasks/main.yml    |  8 ++++----
 3 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml
index c0afd2b1..57fea0f1 100644
--- a/minifirewall/tasks/config.yml
+++ b/minifirewall/tasks/config.yml
@@ -193,24 +193,13 @@
   register: minifirewall_after
 
 - name: restart minifirewall
-  # service:
-  #   name: minifirewall
-  #   state: restarted
   command: /etc/init.d/minifirewall restart
   register: minifirewall_init_restart
   failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
-  changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
   when:
     - minifirewall_restart_if_needed | bool
     - minifirewall_is_running.rc == 0
-    - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum
-
-- name: restart minifirewall (noop)
-  meta: noop
-  register: minifirewall_init_restart
-  failed_when: False
-  changed_when: False
-  when: not (minifirewall_restart_if_needed | bool)
+    - minifirewall_before.stat.checksum != minifirewall_after.stat.checksum or minifirewall_upgrade_script is changed or minifirewall_upgrade_config is changed
 
 - debug:
     var: minifirewall_init_restart
diff --git a/minifirewall/tasks/install.yml b/minifirewall/tasks/install.yml
index 5eeed116..9c0483b9 100644
--- a/minifirewall/tasks/install.yml
+++ b/minifirewall/tasks/install.yml
@@ -13,6 +13,7 @@
     mode: "0700"
     owner: root
     group: root
+  register: minifirewall_upgrade_script
 
 - name: configuration is copied
   copy:
@@ -22,6 +23,7 @@
     mode: "0600"
     owner: root
     group: root
+  register: minifirewall_upgrade_config
 
 - name: includes directory is present
   file:
diff --git a/minifirewall/tasks/main.yml b/minifirewall/tasks/main.yml
index 5f442eb1..0fbb3ad6 100644
--- a/minifirewall/tasks/main.yml
+++ b/minifirewall/tasks/main.yml
@@ -22,7 +22,7 @@
   when: minifirewall_tail_included | bool
 
 - name: Force restart minifirewall
-  command: /bin/true
-  notify: restart minifirewall
-  changed_when: False
-  when: minifirewall_restart_force | bool
+  command: /etc/init.d/minifirewall restart
+  register: minifirewall_init_restart
+  failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
+  when: minifirewall_restart_force | bool
\ No newline at end of file