From 7579429a0dde1cea89d2544e057dbc8f36e9259b Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Thu, 20 Jun 2024 19:42:13 -0500
Subject: [PATCH] r/samba-cert: Save firewall configuration

Without making the firewall changes permanent, when a server tries to
renew its certificate after rebooting, it will fail as the ACME server
cannot connect to the HTTP port.
---
 roles/samba-cert/handlers/main.yml | 2 ++
 roles/samba-cert/tasks/main.yml    | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/roles/samba-cert/handlers/main.yml b/roles/samba-cert/handlers/main.yml
index 6bea0db..3c02ff6 100644
--- a/roles/samba-cert/handlers/main.yml
+++ b/roles/samba-cert/handlers/main.yml
@@ -3,3 +3,5 @@
     name: samba-cert-renew.timer
     state: restarted
 
+- name: save firewalld-configuration
+  command: firewall-cmd --runtime-to-permanent
diff --git a/roles/samba-cert/tasks/main.yml b/roles/samba-cert/tasks/main.yml
index 9310a35..3d38c47 100644
--- a/roles/samba-cert/tasks/main.yml
+++ b/roles/samba-cert/tasks/main.yml
@@ -28,6 +28,8 @@
   - 80/tcp
   - 5000/tcp
   when: host_uses_firewalld|d(true)
+  notify:
+  - save firewalld configuration
   tags:
   - firewalld