mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-07-04 15:46:16 +00:00
Remove stale cloudflared service from copenhagen-a (PESO-138)
cloudflared was retired in #56 when Caddy + Authelia replaced Cloudflare Tunnels, but copenhagen-a was unreachable at the time so its cloudflared.service was never stopped and is still running. Add a cleanup task to the common role that stops, disables and purges cloudflared wherever the unit lingers. Gated on the unit file existing so it self-targets copenhagen-a and is a no-op everywhere else, and explicitly excludes copenhagen-c, which legitimately runs a hand-configured tunnel.
This commit is contained in:
parent
3871dc8f90
commit
1b3cf7401f
2 changed files with 40 additions and 0 deletions
|
|
@ -7,3 +7,7 @@
|
|||
- name: Reload ufw
|
||||
community.general.ufw:
|
||||
state: reloaded
|
||||
|
||||
- name: Reload systemd daemon
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
|
|
|||
|
|
@ -126,3 +126,39 @@
|
|||
community.general.ufw:
|
||||
state: enabled
|
||||
when: common_ufw_enabled | bool
|
||||
|
||||
# --- Cleanup: orphaned cloudflared (PESO-138) ---
|
||||
# Cloudflare Tunnels were retired in favour of Caddy + Authelia (PESO-134, #56),
|
||||
# which removed cloudflared from ansible config. copenhagen-a was unreachable at
|
||||
# the time, so its cloudflared.service was never actually stopped and is still
|
||||
# running. Remove it wherever the unit lingers. copenhagen-c legitimately runs a
|
||||
# hand-configured cloudflared tunnel — never touch it.
|
||||
- name: Detect lingering cloudflared unit
|
||||
ansible.builtin.stat:
|
||||
path: /etc/systemd/system/cloudflared.service
|
||||
register: common_cloudflared_unit
|
||||
when: inventory_hostname != 'copenhagen-c'
|
||||
|
||||
- name: Remove orphaned cloudflared
|
||||
when:
|
||||
- inventory_hostname != 'copenhagen-c'
|
||||
- common_cloudflared_unit.stat.exists | default(false)
|
||||
block:
|
||||
- name: Stop and disable cloudflared
|
||||
ansible.builtin.systemd:
|
||||
name: cloudflared
|
||||
state: stopped
|
||||
enabled: false
|
||||
failed_when: false
|
||||
|
||||
- name: Remove cloudflared systemd unit
|
||||
ansible.builtin.file:
|
||||
path: /etc/systemd/system/cloudflared.service
|
||||
state: absent
|
||||
notify: Reload systemd daemon
|
||||
|
||||
- name: Uninstall cloudflared package
|
||||
ansible.builtin.apt:
|
||||
name: cloudflared
|
||||
state: absent
|
||||
purge: true
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue