From feb4733b725224387db32fd2c1c4ca81fd503b17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven!=20Ragnar=C3=B6k?= <steven@nuclearsandwich.com>
Date: Wed, 16 Apr 2025 17:00:27 -0700
Subject: [PATCH 1/3] Restart ssh after updating host keys.

---
 recipes/repo.rb | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/recipes/repo.rb b/recipes/repo.rb
index 061254d..c7365d7 100644
--- a/recipes/repo.rb
+++ b/recipes/repo.rb
@@ -5,6 +5,10 @@
 
 package 'openssh-server'
 
+service 'ssh' do
+  action [:start, :enable]
+end
+
 host_keys = data_bag_item('ros_buildfarm_host_keys', 'repo')[node.chef_environment]
 %w(dsa ecdsa ed25519 rsa).each do |type|
   file "/etc/ssh/ssh_host_#{type}_key" do
@@ -15,8 +19,11 @@
     content host_keys[type]['public']
     mode '0644'
   end
+
+  notifies :restart, 'service[ssh]'
 end
 
+
 # Update attributes to get a "building repository" agent instead of a generic
 # "buildagent".
 node.default['ros_buildfarm']['agent']['nodename'] = 'building_repository'

From c587ffdb99d76ba9c72d82a7c52f05c6387cc2c0 Mon Sep 17 00:00:00 2001
From: Crola1702 <cristobal.arroyo@ekumenlabs.com>
Date: Fri, 18 Apr 2025 11:29:25 -0500
Subject: [PATCH 2/3] Fix undefined method notifies without resources

Repo recipe run is showing:
* NoMethodError: undefined method `notifies' for cookbook: ros_buildfarm"

Signed-off-by: Crola1702 <cristobal.arroyo@ekumenlabs.com>
---
 recipes/repo.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/recipes/repo.rb b/recipes/repo.rb
index c7365d7..b070e1f 100644
--- a/recipes/repo.rb
+++ b/recipes/repo.rb
@@ -19,11 +19,14 @@
     content host_keys[type]['public']
     mode '0644'
   end
+end
 
+# This block is only needed to notify ssh restart
+ruby_block 'notify-ssh-restart' do
+  block {}
   notifies :restart, 'service[ssh]'
 end
 
-
 # Update attributes to get a "building repository" agent instead of a generic
 # "buildagent".
 node.default['ros_buildfarm']['agent']['nodename'] = 'building_repository'

From 4169add0ff4f8216d890575216b6dc2e0f59fb02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Steven!=20Ragnar=C3=B6k?= <steven@nuclearsandwich.com>
Date: Fri, 18 Apr 2025 10:36:52 -0700
Subject: [PATCH 3/3] Notify in each file rather than at the end of a loop.

This was the intent and operating in the context of a file resource will
mean that sshd only restarts when one of these files actually changes.
Which is preferred rather than notifying unconditionally as it would
with the ruby_block resource.
---
 recipes/repo.rb | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/recipes/repo.rb b/recipes/repo.rb
index b070e1f..bcc2a08 100644
--- a/recipes/repo.rb
+++ b/recipes/repo.rb
@@ -14,19 +14,15 @@
   file "/etc/ssh/ssh_host_#{type}_key" do
     content host_keys[type]['private']
     mode '0600'
+    notifies :restart, 'service[ssh]'
   end
   file "/etc/ssh/ssh_host_#{type}_key.pub" do
     content host_keys[type]['public']
     mode '0644'
+    notifies :restart, 'service[ssh]'
   end
 end
 
-# This block is only needed to notify ssh restart
-ruby_block 'notify-ssh-restart' do
-  block {}
-  notifies :restart, 'service[ssh]'
-end
-
 # Update attributes to get a "building repository" agent instead of a generic
 # "buildagent".
 node.default['ros_buildfarm']['agent']['nodename'] = 'building_repository'