Fix StrongSwan handlers - handlers cannot be blocks

Ansible handlers cannot be blocks. Fixed by:

1. Making each handler a separate task that can notify the next handler
2. restart strongswan -> notifies -> wait for strongswan
3. rereadcrls -> notifies -> purgecrls

This maintains the proper execution order while conforming to Ansible's
handler constraints. The wait and retry logic is preserved.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

roles/strongswan/handlers/main.yml

@@ -1,16 +1,15 @@
 ---
 - name: restart strongswan
-  block:
+  service: name={{ strongswan_service }} state=restarted
-    - name: restart strongswan service
+  notify: wait for strongswan
-      service: name={{ strongswan_service }} state=restarted
 
-    - name: wait for strongswan to be ready
+- name: wait for strongswan
-      wait_for:
+  wait_for:
-        port: 500
+    port: 500
-        host: 127.0.0.1
+    host: 127.0.0.1
-        delay: 2
+    delay: 2
-        timeout: 30
+    timeout: 30
-        state: started
+    state: started
 
 - name: daemon-reload
   systemd: daemon_reload=true
@@ -19,13 +18,12 @@
   service: name=apparmor state=restarted
 
 - name: rereadcrls
-  block:
+  command: ipsec rereadcrls
-    - name: reload certificate revocation lists
+  register: rereadcrls_result
-      command: ipsec rereadcrls
+  retries: 3
-      register: rereadcrls_result
+  delay: 2
-      retries: 3
+  until: rereadcrls_result.rc == 0
-      delay: 2
+  notify: purgecrls
-      until: rereadcrls_result.rc == 0
 
-    - name: purge old certificate revocation lists
+- name: purgecrls
-      command: ipsec purgecrls
+  command: ipsec purgecrls