From 30b83f9067c91bb5a728e52997a61c278c98619b Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Fri, 16 Aug 2019 17:11:52 +0200
Subject: [PATCH] Cleanup fetched tinc certificates

---
 roles/tinc/tasks/main.yml | 38 ++++++++++++++++++++++++--------------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/roles/tinc/tasks/main.yml b/roles/tinc/tasks/main.yml
index 0119275..8a77498 100644
--- a/roles/tinc/tasks/main.yml
+++ b/roles/tinc/tasks/main.yml
@@ -93,21 +93,31 @@
   notify:
     - restart tinc
 
-- name: Fetch tinc hosts file after key creation
-  fetch:
-    src: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
-    dest: fetch/{{ inventory_hostname }}
-    flat: yes
-  notify:
-    - reload tinc
+- block:
+  - name: Fetch tinc hosts file after key creation
+    fetch:
+      src: /etc/tinc/{{ netname }}/hosts/{{ inventory_hostname }}
+      dest: fetch/{{ inventory_hostname }}
+      flat: yes
+    changed_when: false
+
+  - name: Sync the fetched tinc hosts files on each host
+    synchronize:
+      src: fetch/
+      dest: /etc/tinc/{{ netname }}/hosts/
+      use_ssh_args: yes
+    notify:
+      - reload tinc
+
+  always:
+  - name: Remove fetched files
+    local_action:
+      module: file
+      path: fetch
+      state: absent
+    run_once: True
+    changed_when: false
 
-- name: Sync the fetched tinc hosts files on each host
-  synchronize:
-    src: fetch/
-    dest: /etc/tinc/{{ netname }}/hosts/
-    use_ssh_args: yes
-  notify:
-    - reload tinc
 
 - meta: flush_handlers