self-hosting/roles/proxy/tasks/ssh-down.yml

---
- name: Kill existing tunnel connections
  shell: |
    CONNECTION_PIDS=$(ps aux | awk '$1 == "{{ proxy_ssh_user }}" && $0 ~ /ssh -N -f/ { print $2 }')
    echo $CONNECTION_PIDS | xargs -r kill
    echo "$CONNECTION_PIDS" | grep -vE '^$' | wc -l
  register: ssh_result
  changed_when: ssh_result.stdout_lines | last | int > 0

- name: Remove tunnel interfaces
  shell:
    cmd: |
      bash -s <<'EOF'
      TUN_INTERFACE_FILES=$(grep -El '^## sshproxy' /etc/network/interfaces.d/tun*)
      IFS=$'\n\t'
      for file in $TUN_INTERFACE_FILES; do
          interface=$(basename $file)
          echo $interface
          rm $file
          ip link delete $interface
      done
      EOF
  register: tun_result
  changed_when: tun_result.stdout_lines | length > 0

- name: Remove tunnel iptables (1/2)
  iptables:
    state: absent
    chain: FORWARD
    in_interface: "{{ proxy_interface }}"
    out_interface: "{{ item }}"
    ctstate:
      - RELATED
      - ESTABLISHED
    jump: ACCEPT
  with_items: "{{ tun_result.stdout_lines }}"
  when: inventory_hostname == proxy_router_hostname

- name: Remove tunnel iptables (2/2)
  iptables:
    state: absent
    chain: FORWARD
    in_interface: "{{ item }}"
    out_interface: "{{ proxy_interface }}"
    jump: ACCEPT
  with_items: "{{ tun_result.stdout_lines }}"
  when: inventory_hostname == proxy_router_hostname

- name: Remove authorized keys file
  file:
    path: "/home/{{ proxy_ssh_user }}/.ssh/authorized_keys"
    state: absent
Tinc setup 2018-09-18 04:00:12 +02:00			`---`
			`- name: Kill existing tunnel connections`
			`shell: \|`
			`CONNECTION_PIDS=$(ps aux \| awk '$1 == "{{ proxy_ssh_user }}" && $0 ~ /ssh -N -f/ { print $2 }')`
			`echo $CONNECTION_PIDS \| xargs -r kill`
			`echo "$CONNECTION_PIDS" \| grep -vE '^$' \| wc -l`
			`register: ssh_result`
			`changed_when: ssh_result.stdout_lines \| last \| int > 0`

			`- name: Remove tunnel interfaces`
			`shell:`
			`cmd: \|`
			`bash -s <<'EOF'`
			`TUN_INTERFACE_FILES=$(grep -El '^## sshproxy' /etc/network/interfaces.d/tun*)`
			`IFS=$'\n\t'`
			`for file in $TUN_INTERFACE_FILES; do`
			`interface=$(basename $file)`
			`echo $interface`
			`rm $file`
			`ip link delete $interface`
			`done`
			`EOF`
			`register: tun_result`
			`changed_when: tun_result.stdout_lines \| length > 0`

			`- name: Remove tunnel iptables (1/2)`
			`iptables:`
			`state: absent`
			`chain: FORWARD`
			`in_interface: "{{ proxy_interface }}"`
			`out_interface: "{{ item }}"`
			`ctstate:`
			`- RELATED`
			`- ESTABLISHED`
			`jump: ACCEPT`
			`with_items: "{{ tun_result.stdout_lines }}"`
			`when: inventory_hostname == proxy_router_hostname`

			`- name: Remove tunnel iptables (2/2)`
			`iptables:`
			`state: absent`
			`chain: FORWARD`
			`in_interface: "{{ item }}"`
			`out_interface: "{{ proxy_interface }}"`
			`jump: ACCEPT`
			`with_items: "{{ tun_result.stdout_lines }}"`
			`when: inventory_hostname == proxy_router_hostname`

			`- name: Remove authorized keys file`
			`file:`
			`path: "/home/{{ proxy_ssh_user }}/.ssh/authorized_keys"`
			`state: absent`