mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-10-31 10:19:09 +00:00
Another big round of refactoring and cleaning...
This commit is contained in:
25
roles/sys-cln-domains/README.md
Normal file
25
roles/sys-cln-domains/README.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# sys-cln-domains
|
||||
|
||||
## Description
|
||||
|
||||
This Ansible role removes Nginx configuration files and revokes and deletes Certbot certificates for domains marked as deprecated.
|
||||
|
||||
## Overview
|
||||
|
||||
Optimized for idempotent cleanup operations, this role:
|
||||
|
||||
- Deletes Nginx server configuration files in `/etc/nginx/conf.d/http/servers/` for each domain listed in `deprecated_domains`.
|
||||
- Revokes and deletes corresponding Certbot certificates.
|
||||
- Ensures cleanup tasks execute only once per playbook run.
|
||||
- Notifies Nginx to restart after removing configurations.
|
||||
|
||||
## Purpose
|
||||
|
||||
Streamline the decommissioning of outdated or deprecated domains by automating the removal of Nginx server blocks and their SSL certificates.
|
||||
|
||||
## Features
|
||||
|
||||
- **Nginx Cleanup:** Safely removes server configuration files.
|
||||
- **Certbot Integration:** Revokes and deletes certificates without manual intervention.
|
||||
- **Idempotent Execution:** Utilizes a `run_once` flag to prevent repeated runs.
|
||||
- **Service Notification:** Triggers an Nginx restart handler upon cleanup.
|
||||
25
roles/sys-cln-domains/meta/main.yml
Normal file
25
roles/sys-cln-domains/meta/main.yml
Normal file
@@ -0,0 +1,25 @@
|
||||
galaxy_info:
|
||||
author: "Kevin Veen-Birkenbach"
|
||||
description: "Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains"
|
||||
license: "CyMaIS NonCommercial License (CNCL)"
|
||||
license_url: "https://s.veen.world/cncl"
|
||||
company: |
|
||||
Kevin Veen-Birkenbach
|
||||
Consulting & Coaching Solutions
|
||||
https://www.veen.world
|
||||
min_ansible_version: "2.9"
|
||||
platforms:
|
||||
- name: Archlinux
|
||||
versions:
|
||||
- rolling
|
||||
galaxy_tags:
|
||||
- nginx
|
||||
- cleanup
|
||||
- certbot
|
||||
- domains
|
||||
repository: "https://s.veen.world/cymais"
|
||||
issue_tracker_url: "https://s.veen.world/cymaisissues"
|
||||
documentation: "https://s.veen.world/cymais"
|
||||
dependencies:
|
||||
- srv-web-7-4-core
|
||||
- sys-rst-daemon
|
||||
52
roles/sys-cln-domains/tasks/main.yml
Normal file
52
roles/sys-cln-domains/tasks/main.yml
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
- name: Include task to remove deprecated nginx configs
|
||||
include_tasks: remove_deprecated_nginx_configs.yml
|
||||
loop: "{{ deprecated_domains }}"
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
vars:
|
||||
domain: "{{ item }}"
|
||||
when:
|
||||
- mode_cleanup | bool
|
||||
- run_once_nginx_domains_cleanup is not defined
|
||||
|
||||
## The revoking just works for the base domain
|
||||
#- name: "Revoke Certbot certificate for {{ item }}"
|
||||
# ansible.builtin.command:
|
||||
# cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
|
||||
# become: true
|
||||
# loop: "{{ deprecated_domains }}"
|
||||
# loop_control:
|
||||
# label: "{{ item }}"
|
||||
# when:
|
||||
# - mode_cleanup | bool
|
||||
# - run_once_nginx_domains_cleanup is not defined
|
||||
# register: certbot_revoke_result
|
||||
# failed_when: >
|
||||
# certbot_revoke_result.rc != 0 and
|
||||
# 'No certificate found with name' not in certbot_revoke_result.stderr
|
||||
# changed_when: >
|
||||
# certbot_revoke_result.rc == 0
|
||||
#
|
||||
## The deleting just works for the base domain
|
||||
#- name: "Delete Certbot certificate for {{ item }}"
|
||||
# ansible.builtin.command:
|
||||
# cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
|
||||
# become: true
|
||||
# loop: "{{ deprecated_domains }}"
|
||||
# loop_control:
|
||||
# label: "{{ item }}"
|
||||
# when:
|
||||
# - mode_cleanup | bool
|
||||
# - run_once_nginx_domains_cleanup is not defined
|
||||
# register: certbot_delete_result
|
||||
# failed_when: >
|
||||
# certbot_delete_result.rc != 0 and
|
||||
# 'No certificate found with name' not in certbot_delete_result.stderr
|
||||
# changed_when: >
|
||||
# certbot_delete_result.rc == 0
|
||||
|
||||
- name: run the nginx_domains_cleanup role once
|
||||
set_fact:
|
||||
run_once_nginx_domains_cleanup: true
|
||||
when: run_once_nginx_domains_cleanup is not defined
|
||||
@@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Find matching nginx configs for {{ domain }}
|
||||
ansible.builtin.find:
|
||||
paths: "{{ nginx.directories.http.servers }}"
|
||||
patterns: "*.{{ domain }}.conf"
|
||||
register: find_result
|
||||
|
||||
- name: Remove wildcard nginx configs for {{ domain }}
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
loop: "{{ find_result.files | default([]) }}"
|
||||
when: item is defined
|
||||
notify: restart nginx
|
||||
|
||||
- name: Remove exact nginx config for {{ domain }}
|
||||
ansible.builtin.file:
|
||||
path: "{{ nginx.directories.http.servers }}{{ domain }}.conf"
|
||||
state: absent
|
||||
notify: restart nginx
|
||||
0
roles/sys-cln-domains/vars/main.yml
Normal file
0
roles/sys-cln-domains/vars/main.yml
Normal file
Reference in New Issue
Block a user