mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Solved certreap bugs, implemented caching for pictures, optimized CSP policies (stricter), optimized recaptcha implementation for keycloak, solved mariadb wait bug, solved nextcloud plugin bugs, optimized ignore handling of tasks
This commit is contained in:
25
roles/cleanup-domains/README.md
Normal file
25
roles/cleanup-domains/README.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# cleanup-domains
|
||||
|
||||
## Description
|
||||
|
||||
This Ansible role removes Nginx configuration files and revokes and deletes Certbot certificates for domains marked as deprecated.
|
||||
|
||||
## Overview
|
||||
|
||||
Optimized for idempotent cleanup operations, this role:
|
||||
|
||||
- Deletes Nginx server configuration files in `/etc/nginx/conf.d/http/servers/` for each domain listed in `deprecated_domains`.
|
||||
- Revokes and deletes corresponding Certbot certificates.
|
||||
- Ensures cleanup tasks execute only once per playbook run.
|
||||
- Notifies Nginx to restart after removing configurations.
|
||||
|
||||
## Purpose
|
||||
|
||||
Streamline the decommissioning of outdated or deprecated domains by automating the removal of Nginx server blocks and their SSL certificates.
|
||||
|
||||
## Features
|
||||
|
||||
- **Nginx Cleanup:** Safely removes server configuration files.
|
||||
- **Certbot Integration:** Revokes and deletes certificates without manual intervention.
|
||||
- **Idempotent Execution:** Utilizes a `run_once` flag to prevent repeated runs.
|
||||
- **Service Notification:** Triggers an Nginx restart handler upon cleanup.
|
||||
24
roles/cleanup-domains/meta/main.yml
Normal file
24
roles/cleanup-domains/meta/main.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
galaxy_info:
|
||||
author: "Kevin Veen-Birkenbach"
|
||||
description: "Remove Nginx configuration files and revoke/delete Certbot certificates for deprecated domains"
|
||||
license: "CyMaIS NonCommercial License (CNCL)"
|
||||
license_url: "https://s.veen.world/cncl"
|
||||
company: |
|
||||
Kevin Veen-Birkenbach
|
||||
Consulting & Coaching Solutions
|
||||
https://www.veen.world
|
||||
min_ansible_version: "2.9"
|
||||
platforms:
|
||||
- name: Archlinux
|
||||
versions:
|
||||
- rolling
|
||||
galaxy_tags:
|
||||
- nginx
|
||||
- cleanup
|
||||
- certbot
|
||||
- domains
|
||||
repository: "https://s.veen.world/cymais"
|
||||
issue_tracker_url: "https://s.veen.world/cymaisissues"
|
||||
documentation: "https://s.veen.world/cymais"
|
||||
dependencies:
|
||||
- nginx
|
||||
52
roles/cleanup-domains/tasks/main.yml
Normal file
52
roles/cleanup-domains/tasks/main.yml
Normal file
@@ -0,0 +1,52 @@
|
||||
---
|
||||
- name: Include task to remove deprecated nginx configs
|
||||
include_tasks: remove_deprecated_nginx_configs.yml
|
||||
loop: "{{ deprecated_domains }}"
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
vars:
|
||||
domain: "{{ item }}"
|
||||
when:
|
||||
- mode_cleanup | bool
|
||||
- run_once_nginx_domains_cleanup is not defined
|
||||
|
||||
## The revoking just works for the base domain
|
||||
#- name: "Revoke Certbot certificate for {{ item }}"
|
||||
# ansible.builtin.command:
|
||||
# cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
|
||||
# become: true
|
||||
# loop: "{{ deprecated_domains }}"
|
||||
# loop_control:
|
||||
# label: "{{ item }}"
|
||||
# when:
|
||||
# - mode_cleanup | bool
|
||||
# - run_once_nginx_domains_cleanup is not defined
|
||||
# register: certbot_revoke_result
|
||||
# failed_when: >
|
||||
# certbot_revoke_result.rc != 0 and
|
||||
# 'No certificate found with name' not in certbot_revoke_result.stderr
|
||||
# changed_when: >
|
||||
# certbot_revoke_result.rc == 0
|
||||
#
|
||||
## The deleting just works for the base domain
|
||||
#- name: "Delete Certbot certificate for {{ item }}"
|
||||
# ansible.builtin.command:
|
||||
# cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
|
||||
# become: true
|
||||
# loop: "{{ deprecated_domains }}"
|
||||
# loop_control:
|
||||
# label: "{{ item }}"
|
||||
# when:
|
||||
# - mode_cleanup | bool
|
||||
# - run_once_nginx_domains_cleanup is not defined
|
||||
# register: certbot_delete_result
|
||||
# failed_when: >
|
||||
# certbot_delete_result.rc != 0 and
|
||||
# 'No certificate found with name' not in certbot_delete_result.stderr
|
||||
# changed_when: >
|
||||
# certbot_delete_result.rc == 0
|
||||
|
||||
- name: run the nginx_domains_cleanup role once
|
||||
set_fact:
|
||||
run_once_nginx_domains_cleanup: true
|
||||
when: run_once_nginx_domains_cleanup is not defined
|
||||
@@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Find matching nginx configs for {{ domain }}
|
||||
ansible.builtin.find:
|
||||
paths: /etc/nginx/conf.d/http/servers
|
||||
patterns: "*.{{ domain }}.conf"
|
||||
register: find_result
|
||||
|
||||
- name: Remove wildcard nginx configs for {{ domain }}
|
||||
ansible.builtin.file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
loop: "{{ find_result.files | default([]) }}"
|
||||
when: item is defined
|
||||
notify: restart nginx
|
||||
|
||||
- name: Remove exact nginx config for {{ domain }}
|
||||
ansible.builtin.file:
|
||||
path: "/etc/nginx/conf.d/http/servers/{{ domain }}.conf"
|
||||
state: absent
|
||||
notify: restart nginx
|
||||
Reference in New Issue
Block a user