Refactor systemctl services and timers

- Unified service templates into generic systemctl templates - Introduced reusable filter plugins for script path handling - Updated path variables and service/timer definitions - Migrated roles (backup, cleanup, repair, etc.) to use systemctl role - Added sys-daemon role for core systemd cleanup - Simplified timer handling via sys-timer role Note: This is a large refactor and some errors may still exist. Further testing and adjustments will be needed.
2025-08-29 23:08:06 +02:00 · 2025-08-18 21:22:16 +02:00
parent 3a839cfe37
commit 2569abc0be
219 changed files with 618 additions and 1104 deletions
--- a/roles/sys-svc-cln-domains/README.md
+++ b/roles/sys-svc-cln-domains/README.md
@@ -0,0 +1,25 @@
+# sys-svc-cln-domains
+
+## Description
+
+This Ansible role removes Nginx configuration files and revokes and deletes Certbot certificates for domains marked as deprecated.
+
+## Overview
+
+Optimized for idempotent cleanup operations, this role:
+
+- Deletes Nginx server configuration files in `/etc/nginx/conf.d/http/servers/` for each domain listed in `deprecated_domains`.
+- Revokes and deletes corresponding Certbot certificates.
+- Ensures cleanup tasks execute only once per playbook run.
+- Notifies Nginx to restart after removing configurations.
+
+## Purpose
+
+Streamline the decommissioning of outdated or deprecated domains by automating the removal of Nginx server blocks and their SSL certificates.
+
+## Features
+
+- **Nginx Cleanup:** Safely removes server configuration files.
+- **Certbot Integration:** Revokes and deletes certificates without manual intervention.
+- **Idempotent Execution:** Utilizes a `run_once` flag to prevent repeated runs.
+- **Service Notification:** Triggers an Nginx restart handler upon cleanup.
--- a/roles/sys-svc-cln-domains/meta/main.yml
+++ b/roles/sys-svc-cln-domains/meta/main.yml
@@ -0,0 +1,22 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains"
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+  - name: Archlinux
+    versions:
+    - rolling
+  galaxy_tags:
+  - nginx
+  - cleanup
+  - certbot
+  - domains
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://docs.infinito.nexus"
--- a/roles/sys-svc-cln-domains/tasks/main.yml
+++ b/roles/sys-svc-cln-domains/tasks/main.yml
@@ -0,0 +1,54 @@
+- block:
+  - name: Include dependencies
+    include_role:
+      name: '{{ item }}'
+    loop:
+    - srv-web-7-4-core
+
+  - name: Include task to remove deprecated nginx configs
+    include_tasks: remove_deprecated_nginx_configs.yml
+    loop: "{{ deprecated_domains }}"
+    loop_control:
+      label: "{{ item }}"
+    vars:
+      domain: "{{ item }}"
+    when:
+    - MODE_CLEANUP | bool
+
+## The revoking just works for the base domain
+#- name: "Revoke Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - MODE_CLEANUP | bool
+#    - run_once_sys_svc_cln_domains is not defined
+#  register: certbot_revoke_result
+#  failed_when: >
+#    certbot_revoke_result.rc != 0 and
+#    'No certificate found with name' not in certbot_revoke_result.stderr
+#  changed_when: >
+#    certbot_revoke_result.rc == 0
+#
+## The deleting just works for the base domain
+#- name: "Delete Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - MODE_CLEANUP | bool
+#    - run_once_sys_svc_cln_domains is not defined
+#  register: certbot_delete_result
+#  failed_when: >
+#    certbot_delete_result.rc != 0 and
+#    'No certificate found with name' not in certbot_delete_result.stderr
+#  changed_when: >
+#    certbot_delete_result.rc == 0
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_svc_cln_domains is not defined
--- a/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml
+++ b/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml
@@ -0,0 +1,20 @@
+---
+- name: Find matching nginx configs for {{ domain }}
+  ansible.builtin.find:
+    paths: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}"
+    patterns: "*.{{ domain }}.conf"
+  register: find_result
+
+- name: Remove wildcard nginx configs for {{ domain }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_result.files | default([]) }}"
+  when: item is defined
+  notify: restart openresty
+
+- name: Remove exact nginx config for {{ domain }}
+  ansible.builtin.file:
+    path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    state: absent
+  notify: restart openresty