kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-06 02:11:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-08 23:43:13 +02:00
parent 6b87a049d4
commit 563d5fd528
1242 changed files with 2301 additions and 1355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/cleanup-certs/README.md
View File

@@ -8,8 +8,8 @@ This Ansible role automates the detection, revocation and deletion of unused Let
- Installs the `certreap` cleanup tool using the `pkgmgr-install` role
- Deploys and configures a `cleanup-certs.cymais.service` systemd unit
- (Optionally) Sets up a recurring cleanup via a systemd timer using the `systemd-timer` role
- Integrates with `systemd-notifier` to send failure notifications
- (Optionally) Sets up a recurring cleanup via a systemd timer using the `generic-timer` role
- Integrates with `alert-core` to send failure notifications
- Ensures idempotent execution with a `run_once_cleanup_certs` flag
## Features
@@ -21,13 +21,13 @@ This Ansible role automates the detection, revocation and deletion of unused Let
Deploys `cleanup-certs.cymais.service` and reloads/restarts it on changes.
- **Systemd Timer Scheduling**
Optionally wires in a timer via the `systemd-timer` role, controlled by the `on_calendar_cleanup_certs` variable.
Optionally wires in a timer via the `generic-timer` role, controlled by the `on_calendar_cleanup_certs` variable.
- **Smart Execution Logic**
Prevents multiple runs in one play by setting a `run_once_cleanup_certs` fact.
- **Failure Notification**
Triggers `systemd-notifier.cymais@cleanup-certs.cymais.service` on failure.
Triggers `alert-core.cymais@cleanup-certs.cymais.service` on failure.
## Further Resources

2
roles/cleanup-certs/meta/main.yml
View File

@@ -24,4 +24,4 @@ galaxy_info:
documentation: "https://github.com/kevinveenbirkenbach/certreap#readme"
dependencies:
- systemd-notifier
- alert-core

4
roles/cleanup-certs/tasks/main.yml
View File

@@ -17,9 +17,9 @@
service_name: "{{ role_name }}"
when: run_once_cleanup_certs is not defined
- name: "include role for systemd-timer for {{service_name}}"
- name: "include role for generic-timer for {{service_name}}"
include_role:
name: systemd-timer
name: generic-timer
vars:
on_calendar: "{{ on_calendar_cleanup_certs }}"
when: run_once_cleanup_certs is not defined

2
roles/cleanup-certs/templates/cleanup-certs.service.j2
View File

@@ -1,6 +1,6 @@
[Unit]
Description=Detect, revoke, and delete unused Let's Encrypt certificates based on active NGINX configuration files.
OnFailure=systemd-notifier.cymais@%n.service
OnFailure=alert-core.cymais@%n.service
[Service]
Type=oneshot