Delete unconfigured acmetool certificates

163a8a79 · Robin Sonnabend · c4b6160f · 163a8a79 · 163a8a79
Commit 163a8a79 authored Dec 26, 2018 by Robin Sonnabend
--- a/acmetool/tasks/main.yml
+++ b/acmetool/tasks/main.yml
@@ -85,6 +85,29 @@
    - acmetool
    - certificates

+- name: get activated certificates
+  find:
+    paths: /var/lib/acme/desired
+    pattern: "*"
+    file_type: file
+  register: active_certificates
+  tags:
+    - acmetool
+    - certificates
+
+- name: deactivate unconfigured certificates
+  file:
+    path: "/var/lib/acme/desired/{{item}}"
+    state: absent
+  loop: "{{active_certificates.files|map(attribute='path')|map('basename')|difference(acmetool_certificates|map(attribute='hostnames')|map('first'))|list}}"
+  loop_control:
+    label: "{{item}}"
+  notify:
+    - update certificates
+  tags:
+    - acmetool
+    - certificates
+
 - name: test if the desired certificates are present
  stat:
    path: "/var/lib/acme/live/{{item.hostnames[0]}}"

--- a/webserver/tasks/main.yml
+++ b/webserver/tasks/main.yml
@@ -74,7 +74,7 @@
    - webservices
    - pam

- name: "ensure the pam login for group {{pam_group}} is configured"
+- name: "ensure the pam login is configured"
  template:
    src: nginx-pam.conf
    dest: /etc/pam.d/nginx-{{pam_group}}