Added nginx-domains-cleanup draft

roles/nginx-domains-cleanup/README.md

@@ -0,0 +1,25 @@
+# nginx-domains-cleanup
+
+## Description
+
+This Ansible role removes Nginx configuration files and revokes and deletes Certbot certificates for domains marked as deprecated.
+
+## Overview
+
+Optimized for idempotent cleanup operations, this role:
+
+- Deletes Nginx server configuration files in `/etc/nginx/conf.d/http/servers/` for each domain listed in `deprecated_domains`.
+- Revokes and deletes corresponding Certbot certificates.
+- Ensures cleanup tasks execute only once per playbook run.
+- Notifies Nginx to restart after removing configurations.
+
+## Purpose
+
+Streamline the decommissioning of outdated or deprecated domains by automating the removal of Nginx server blocks and their SSL certificates.
+
+## Features
+
+- **Nginx Cleanup:** Safely removes server configuration files.
+- **Certbot Integration:** Revokes and deletes certificates without manual intervention.
+- **Idempotent Execution:** Utilizes a `run_once` flag to prevent repeated runs.
+- **Service Notification:** Triggers an Nginx restart handler upon cleanup.

roles/nginx-domains-cleanup/meta/main.yml

@@ -0,0 +1,24 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - nginx
+    - cleanup
+    - certbot
+    - domains
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies:
+  - nginx

roles/nginx-domains-cleanup/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+- name: "Remove Nginx configuration for deprecated domains"
+  ansible.builtin.file:
+    path: "/etc/nginx/conf.d/http/servers/{{ item }}"
+    state: absent
+  loop: "{{ deprecated_domains }}"
+  loop_control:
+    label: "{{ item }}"
+  notify: restart nginx
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_domains_cleanup is not defined
+
+- name: "Revoke Certbot certificate for {{ item }}"
+  ansible.builtin.command:
+    cmd: "certbot revoke -n --cert-name {{ item }}"
+  become: true
+  loop: "{{ deprecated_domains }}"
+  loop_control:
+    label: "{{ item }}"
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_domains_cleanup is not defined
+
+- name: "Delete Certbot certificate for {{ item }}"
+  ansible.builtin.command:
+    cmd: "certbot delete -n --cert-name {{ item }}"
+  become: true
+  loop: "{{ deprecated_domains }}"
+  loop_control:
+    label: "{{ item }}"
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_domains_cleanup is not defined
+
+- name: run the nginx_domains_cleanup role once
+  set_fact:
+    run_once_nginx_domains_cleanup: true
+  when: run_once_nginx_domains_cleanup is not defined