Solved certreap bugs, implemented caching for pictures, optimized CSP policies (stricter), optimized recaptcha implementation for keycloak, solved mariadb wait bug, solved nextcloud plugin bugs, optimized ignore handling of tasks

2025-08-29 15:06:26 +02:00 · 2025-05-08 09:51:38 +02:00
parent f71c9e4b31
commit d5f194b2c0
19 changed files with 162 additions and 64 deletions
--- a/roles/cleanup-domains/tasks/main.yml
+++ b/roles/cleanup-domains/tasks/main.yml
@@ -0,0 +1,52 @@
+---
+- name: Include task to remove deprecated nginx configs
+  include_tasks: remove_deprecated_nginx_configs.yml
+  loop: "{{ deprecated_domains }}"
+  loop_control:
+    label: "{{ item }}"
+  vars:
+    domain: "{{ item }}"
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_domains_cleanup is not defined
+
+## The revoking just works for the base domain
+#- name: "Revoke Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - mode_cleanup | bool
+#    - run_once_nginx_domains_cleanup is not defined
+#  register: certbot_revoke_result
+#  failed_when: >
+#    certbot_revoke_result.rc != 0 and
+#    'No certificate found with name' not in certbot_revoke_result.stderr
+#  changed_when: >
+#    certbot_revoke_result.rc == 0
+#
+## The deleting just works for the base domain
+#- name: "Delete Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - mode_cleanup | bool
+#    - run_once_nginx_domains_cleanup is not defined
+#  register: certbot_delete_result
+#  failed_when: >
+#    certbot_delete_result.rc != 0 and
+#    'No certificate found with name' not in certbot_delete_result.stderr
+#  changed_when: >
+#    certbot_delete_result.rc == 0
+
+- name: run the nginx_domains_cleanup role once
+  set_fact:
+    run_once_nginx_domains_cleanup: true
+  when: run_once_nginx_domains_cleanup is not defined
--- a/roles/cleanup-domains/tasks/remove_deprecated_nginx_configs.yml
+++ b/roles/cleanup-domains/tasks/remove_deprecated_nginx_configs.yml
@@ -0,0 +1,20 @@
+---
+- name: Find matching nginx configs for {{ domain }}
+  ansible.builtin.find:
+    paths: /etc/nginx/conf.d/http/servers
+    patterns: "*.{{ domain }}.conf"
+  register: find_result
+
+- name: Remove wildcard nginx configs for {{ domain }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_result.files | default([]) }}"
+  when: item is defined
+  notify: restart nginx
+
+- name: Remove exact nginx config for {{ domain }}
+  ansible.builtin.file:
+    path: "/etc/nginx/conf.d/http/servers/{{ domain }}.conf"
+    state: absent
+  notify: restart nginx