mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
Remove stale cloudflared service from copenhagen-a (PESO-138)
cloudflared was retired in #56 when Caddy + Authelia replaced Cloudflare Tunnels, but copenhagen-a was unreachable at the time so its cloudflared.service was never stopped and is still running. Add a cleanup task to the common role that stops, disables and purges cloudflared wherever the unit lingers. Gated on the unit file existing so it self-targets copenhagen-a and is a no-op everywhere else, and explicitly excludes copenhagen-c, which legitimately runs a hand-configured tunnel.
This commit is contained in:
parent
3871dc8f90
commit
1b3cf7401f
2 changed files with 40 additions and 0 deletions
|
|
@ -7,3 +7,7 @@
|
||||||
- name: Reload ufw
|
- name: Reload ufw
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: Reload systemd daemon
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
daemon_reload: true
|
||||||
|
|
|
||||||
|
|
@ -126,3 +126,39 @@
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
state: enabled
|
state: enabled
|
||||||
when: common_ufw_enabled | bool
|
when: common_ufw_enabled | bool
|
||||||
|
|
||||||
|
# --- Cleanup: orphaned cloudflared (PESO-138) ---
|
||||||
|
# Cloudflare Tunnels were retired in favour of Caddy + Authelia (PESO-134, #56),
|
||||||
|
# which removed cloudflared from ansible config. copenhagen-a was unreachable at
|
||||||
|
# the time, so its cloudflared.service was never actually stopped and is still
|
||||||
|
# running. Remove it wherever the unit lingers. copenhagen-c legitimately runs a
|
||||||
|
# hand-configured cloudflared tunnel — never touch it.
|
||||||
|
- name: Detect lingering cloudflared unit
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/systemd/system/cloudflared.service
|
||||||
|
register: common_cloudflared_unit
|
||||||
|
when: inventory_hostname != 'copenhagen-c'
|
||||||
|
|
||||||
|
- name: Remove orphaned cloudflared
|
||||||
|
when:
|
||||||
|
- inventory_hostname != 'copenhagen-c'
|
||||||
|
- common_cloudflared_unit.stat.exists | default(false)
|
||||||
|
block:
|
||||||
|
- name: Stop and disable cloudflared
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: cloudflared
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
failed_when: false
|
||||||
|
|
||||||
|
- name: Remove cloudflared systemd unit
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/systemd/system/cloudflared.service
|
||||||
|
state: absent
|
||||||
|
notify: Reload systemd daemon
|
||||||
|
|
||||||
|
- name: Uninstall cloudflared package
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: cloudflared
|
||||||
|
state: absent
|
||||||
|
purge: true
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue