diff --git a/roles/system_cleanup/tasks/main.yml b/roles/system_cleanup/tasks/main.yml index 6ef4685..d78eefa 100644 --- a/roles/system_cleanup/tasks/main.yml +++ b/roles/system_cleanup/tasks/main.yml @@ -1,104 +1,178 @@ ---- -- name: Check if Docker is installed - command: docker --version - register: docker_check - ignore_errors: yes - changed_when: false - -- name: Remove unwanted system packages - apt: - name: "{{ cleanup_packages }}" - state: absent - autoremove: "{{ cleanup_autoremove }}" - purge: true - when: cleanup_packages | length > 0 - -- name: Remove specific SSH authorized keys (if any defined) - authorized_key: - user: root - key: "{{ item }}" - state: absent - loop: "{{ cleanup_ssh_keys | default([]) }}" - when: cleanup_ssh_keys | length > 0 - -- name: Prune unused Docker containers - command: docker container prune -f - when: - - cleanup_docker and cleanup_docker_containers - - docker_check.rc == 0 - changed_when: true - -- name: Prune unused Docker images - command: docker image prune -af - when: - - cleanup_docker and cleanup_docker_images - - docker_check.rc == 0 - changed_when: true - -- name: Prune unused Docker volumes - command: docker volume prune -f - when: - - cleanup_docker and cleanup_docker_volumes - - docker_check.rc == 0 - changed_when: true - -- name: Prune unused Docker networks - command: docker network prune -f - when: - - cleanup_docker and cleanup_docker_networks - - docker_check.rc == 0 - changed_when: true - -- name: Remove custom directories (use with caution!) - file: - path: "{{ item }}" - state: absent - loop: "{{ cleanup_directories | default([]) }}" - when: cleanup_directories | length > 0 - -- name: Remove cAdvisor (if cleanup_cadvisor is true) - block: - - name: Check if cAdvisor container exists - shell: docker ps -a --filter name=cadvisor --format "{{ '{{.Names}}' }}" - register: cadvisor_check - changed_when: false - when: docker_check.rc == 0 - - - name: Stop and remove cAdvisor container using docker-compose - community.docker.docker_compose_v2: - project_src: "{{ cadvisor_base_dir | default('/opt/cadvisor') }}" - state: absent - become: yes - when: - - docker_check.rc == 0 - - "'cadvisor' in cadvisor_check.stdout" - - - name: Remove cAdvisor Docker image - command: docker rmi gcr.io/cadvisor/cadvisor || true - when: docker_check.rc == 0 - ignore_errors: yes - - - name: Remove cAdvisor directories - file: - path: "{{ item }}" - state: absent - loop: - - "{{ cadvisor_base_dir | default('/opt/cadvisor') }}" - - "{{ cadvisor_config_dir | default('/opt/cadvisor/config') }}" - ignore_errors: yes - - - name: Verify cAdvisor removal - shell: | - echo "Containers: $(docker ps -a | grep cadvisor | wc -l 2>/dev/null || echo 0)" - echo "Images: $(docker images | grep cadvisor | wc -l 2>/dev/null || echo 0)" - echo "Directories: $(ls -d {{ cadvisor_base_dir | default('/opt/cadvisor') }}* 2>/dev/null | wc -l || echo 0)" - register: cadvisor_removal_check - changed_when: false - when: docker_check.rc == 0 - - - name: Show cAdvisor removal status - debug: - msg: "cAdvisor removal status: {{ cadvisor_removal_check.stdout }}" - when: cadvisor_removal_check is defined - - when: cleanup_cadvisor | default(false) and docker_check.rc == 0 \ No newline at end of file +--- +# ============================================================================= +# SYSTEM CLEANUP ROLE +# ============================================================================= + +# ========== Docker Pre-check ========== +- name: Check if Docker is installed + command: docker --version + register: docker_check + ignore_errors: yes + changed_when: false + tags: [cleanup, docker] + +# ========== APT Cleanup ========== +- name: Remove unwanted system packages + apt: + name: "{{ cleanup_packages }}" + state: absent + autoremove: "{{ cleanup_autoremove }}" + purge: true + when: cleanup_packages | default([]) | length > 0 + become: yes + tags: [cleanup, apt] + +- name: Clean APT cache (remove downloaded .deb files) + command: apt-get clean + changed_when: false + become: yes + tags: [cleanup, apt] + +- name: Remove old configuration files (dpkg --purge rc packages) + shell: dpkg --purge $(dpkg --list | grep '^rc' | awk '{print $2}') 2>/dev/null || true + changed_when: true + become: yes + tags: [cleanup, apt] + +- name: Remove old kernels (keep current + N last) + shell: | + CURRENT_KERNEL=$(uname -r) + dpkg -l 'linux-image-*' 2>/dev/null | awk '/^ii/ {print $2}' | grep -v "$CURRENT_KERNEL" | sort -V | head -n -{{ cleanup_keep_kernels | default(2) }} | xargs -r apt-get purge -y || true + changed_when: true + become: yes + tags: [cleanup, apt, kernels] + +# ========== SSH Keys Cleanup ========== +- name: Remove specific SSH authorized keys (if any defined) + authorized_key: + user: root + key: "{{ item }}" + state: absent + loop: "{{ cleanup_ssh_keys | default([]) }}" + when: cleanup_ssh_keys | default([]) | length > 0 + become: yes + tags: [cleanup, ssh] + +# ========== Docker Cleanup ========== +- name: Prune unused Docker containers + command: docker container prune -f + when: + - cleanup_docker | default(false) + - cleanup_docker_containers | default(false) + - docker_check.rc == 0 + changed_when: true + become: yes + tags: [cleanup, docker] + +- name: Prune unused Docker images + command: docker image prune -af + when: + - cleanup_docker | default(false) + - cleanup_docker_images | default(false) + - docker_check.rc == 0 + changed_when: true + become: yes + tags: [cleanup, docker] + +- name: Prune unused Docker volumes + command: docker volume prune -f + when: + - cleanup_docker | default(false) + - cleanup_docker_volumes | default(false) + - docker_check.rc == 0 + changed_when: true + become: yes + tags: [cleanup, docker] + +- name: Prune unused Docker networks + command: docker network prune -f + when: + - cleanup_docker | default(false) + - cleanup_docker_networks | default(false) + - docker_check.rc == 0 + changed_when: true + become: yes + tags: [cleanup, docker] + +- name: Prune Docker build cache + command: docker builder prune -f + when: + - cleanup_docker | default(false) + - docker_check.rc == 0 + changed_when: true + become: yes + tags: [cleanup, docker] + +# ========== Journal Logs Vacuum ========== +- name: Vacuum systemd journal logs + command: journalctl --vacuum-size={{ cleanup_max_journal_size | default('100M') }} + changed_when: true + become: yes + tags: [cleanup, logs] + +# ========== Old Log Files Cleanup ========== +- name: Find old rotated logs (*.1, *.gz, *.old) + find: + paths: /var/log + patterns: "*.1,*.gz,*.old" + age: "{{ cleanup_logs_age_days | default(7) }}d" + recurse: yes + register: old_logs + become: yes + tags: [cleanup, logs] + +- name: Delete found old log files + file: + path: "{{ item.path }}" + state: absent + loop: "{{ old_logs.files }}" + become: yes + tags: [cleanup, logs] + +# ========== Temporary Files Cleanup ========== +- name: Clean systemd tmpfiles + command: systemd-tmpfiles --clean + changed_when: true + become: yes + tags: [cleanup, tmp] + +- name: Find old files in /tmp (exclude system dirs) + find: + paths: /tmp + age: "{{ cleanup_tmp_age_days | default(3) }}d" + exclude: "systemd-*,ssh-*,tmux-*,.X*,.ICE-unix*" + register: tmp_old_files + become: yes + tags: [cleanup, tmp] + +- name: Delete old /tmp files + file: + path: "{{ item.path }}" + state: absent + loop: "{{ tmp_old_files.files }}" + become: yes + tags: [cleanup, tmp] + +# ========== Custom Directories Removal ========== +- name: Remove custom directories (if defined) + file: + path: "{{ item }}" + state: absent + loop: "{{ cleanup_directories | default([]) }}" + when: cleanup_directories | default([]) | length > 0 + become: yes + tags: [cleanup] + +# ========== Summary: Show Disk Usage After Cleanup ========== +- name: Show disk usage after cleanup + command: df -h / + register: disk_after + changed_when: false + tags: [cleanup, summary] + +- name: Display cleanup summary + debug: + msg: | + === 🧹 Cleanup Summary === + {{ disk_after.stdout_lines | join('\n') }} + tags: [cleanup, summary] \ No newline at end of file