Role service-bird + service-bird-icvpn: add systemd unit + timer to update roa+peers+tinc hosts

roles/service-bird-icvpn/tasks/main.yml

@@ -39,7 +39,7 @@
   file:
     path: "{{ item }}"
     mode: 0640
-    owner: bird
+    owner: admin
     group: bird
   notify:
     - reload bird4
@@ -51,10 +51,34 @@
   file:
     path: "{{ item }}"
     mode: 0640
-    owner: bird
+    owner: admin
     group: bird
   notify:
     - reload bird6
   with_items:
     - /etc/bird/icvpn_ipv6_peers.conf
     - /etc/bird/icvpn_ipv6_roa.conf
+
+- name: write systemd unit icvpn-update.service
+  template:
+    src: icvpn-update.service.j2
+    dest: /etc/systemd/system/icvpn-update.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: write systemd timer icvpn-update.timer
+  template:
+    src: icvpn-update.timer.j2
+    dest: /etc/systemd/system/icvpn-update.timer
+    owner: root
+    group: root
+    mode: 0644
+  notify: reload systemd
+
+- name: configure systemd unit/timer icvpn-update
+  systemd:
+    name: icvpn-update.timer
+    enabled: yes
+    state: started

roles/service-bird-icvpn/templates/icvpn-update.service.j2

@@ -0,0 +1,10 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Update tinc hosts and bgp peers for icvpn
+
+[Service]
+ExecStart=/home/admin/clones/backend-scripts/gen_icvpn_bgp_gw.sh
+User=admin
+Group=admin

roles/service-bird-icvpn/templates/icvpn-update.timer.j2

@@ -0,0 +1,12 @@
+#
+# {{ ansible_managed }}
+#
+[Unit]
+Description=Timer which schedules icvpn-update.service
+
+[Timer]
+OnBootSec=1h
+OnUnitActiveSec=2d
+
+[Install]
+WantedBy=timers.target

roles/service-bird/tasks/main.yml

@@ -8,6 +8,12 @@
     - bird-bgp
     - bird-doc
 
+- name: set directory permissions for /etc/bird
+  file:
+    path: /etc/bird
+    state: directory
+    mode: 0755
+
 - name: write bird configuration
   template:
     src: bird{{ item }}.conf.j2