50 lines
1.5 KiB
YAML
50 lines
1.5 KiB
YAML
---
|
|
- name: Cleanup expired VPN configuration
|
|
hosts: vpn_servers
|
|
become: yes
|
|
vars:
|
|
client_dir: /etc/wireguard/clients
|
|
test_client_dir: /etc/wireguard/test_clients
|
|
wg_interface: wg0
|
|
is_test: false # Default to production mode
|
|
|
|
tasks:
|
|
- name: Debug cleanup information
|
|
debug:
|
|
msg:
|
|
- "Cleaning up subscription ID: {{ subscription_id }}"
|
|
- "Test mode: {{ is_test }}"
|
|
|
|
# Set working directory based on mode
|
|
- name: Set working directory based on mode
|
|
set_fact:
|
|
working_client_dir: "{{ test_client_dir if is_test else client_dir }}"
|
|
|
|
- name: Remove client configuration directory
|
|
file:
|
|
path: "{{ working_client_dir }}/{{ subscription_id }}"
|
|
state: absent
|
|
|
|
- name: Remove client from server config
|
|
blockinfile:
|
|
path: "/etc/wireguard/{{ wg_interface }}.conf"
|
|
marker: "# {mark} ANSIBLE MANAGED BLOCK FOR {{ subscription_id }}"
|
|
state: absent
|
|
notify: restart wireguard
|
|
|
|
# Remove cleanup cron job if it exists (for test configs)
|
|
- name: Remove cleanup cronjob
|
|
when: is_test
|
|
cron:
|
|
name: "cleanup_test_vpn_{{ subscription_id }}"
|
|
state: absent
|
|
|
|
- name: Log cleanup
|
|
shell: |
|
|
logger -t vpn-cleanup "Cleaned up VPN configuration for {{ subscription_id }} ({{ 'test' if is_test else 'production' }})"
|
|
|
|
handlers:
|
|
- name: restart wireguard
|
|
service:
|
|
name: "wg-quick@{{ wg_interface }}"
|
|
state: restarted |