Another big round of refactoring and cleaning...

roles/sys-cln-domains/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+- name: Include task to remove deprecated nginx configs
+  include_tasks: remove_deprecated_nginx_configs.yml
+  loop: "{{ deprecated_domains }}"
+  loop_control:
+    label: "{{ item }}"
+  vars:
+    domain: "{{ item }}"
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_domains_cleanup is not defined
+
+## The revoking just works for the base domain
+#- name: "Revoke Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - mode_cleanup | bool
+#    - run_once_nginx_domains_cleanup is not defined
+#  register: certbot_revoke_result
+#  failed_when: >
+#    certbot_revoke_result.rc != 0 and
+#    'No certificate found with name' not in certbot_revoke_result.stderr
+#  changed_when: >
+#    certbot_revoke_result.rc == 0
+#
+## The deleting just works for the base domain
+#- name: "Delete Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - mode_cleanup | bool
+#    - run_once_nginx_domains_cleanup is not defined
+#  register: certbot_delete_result
+#  failed_when: >
+#    certbot_delete_result.rc != 0 and
+#    'No certificate found with name' not in certbot_delete_result.stderr
+#  changed_when: >
+#    certbot_delete_result.rc == 0
+
+- name: run the nginx_domains_cleanup role once
+  set_fact:
+    run_once_nginx_domains_cleanup: true
+  when: run_once_nginx_domains_cleanup is not defined