Post-Tyranny-Tech-Infrastru.../ansible/playbooks/cleanup.yml

---
# Cleanup playbook - run before destroying servers
# Removes SMTP credentials and other cloud resources

- name: Cleanup server resources before destruction
  hosts: all
  become: no
  gather_facts: no

  pre_tasks:
    - name: Determine client name from hostname
      set_fact:
        client_name: "{{ inventory_hostname }}"

    - name: Load client secrets
      community.sops.load_vars:
        file: "{{ playbook_dir }}/../../secrets/clients/{{ client_name }}.sops.yaml"
        name: client_secrets
        age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"
      no_log: true

  tasks:
    - name: Delete Mailgun SMTP credentials
      include_role:
        name: mailgun
        tasks_from: delete

    - name: Display cleanup summary
      debug:
        msg: |
          ============================================================
          Cleanup complete for: {{ client_name }}
          ============================================================

          Removed:
          ✓ Mailgun SMTP credential ({{ inventory_hostname }}@mg.vrije.cloud)

          You can now safely destroy the server with:
          cd ../tofu && tofu destroy -target='hcloud_server.client["{{ client_name }}"]'
          ============================================================
fix: Resolve Authentik email delivery issues Fixed email FROM address formatting that was breaking Django's email parser. The display name contained an '@' symbol which violated RFC 5322 format. Changes: - Fix Authentik email FROM address (remove @ from display name) - Add Mailgun SMTP credential cleanup on server destruction - Fix Mailgun delete task to use EU API endpoint - Add cleanup playbook for graceful resource removal This ensures: ✓ Recovery emails work immediately on new deployments ✓ SMTP credentials are automatically cleaned up when destroying servers ✓ Email configuration works correctly across all environments 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com> 2026-01-13 09:52:23 +01:00			`---`
			`# Cleanup playbook - run before destroying servers`
			`# Removes SMTP credentials and other cloud resources`

			`- name: Cleanup server resources before destruction`
			`hosts: all`
			`become: no`
			`gather_facts: no`

			`pre_tasks:`
			`- name: Determine client name from hostname`
			`set_fact:`
			`client_name: "{{ inventory_hostname }}"`

			`- name: Load client secrets`
			`community.sops.load_vars:`
			`file: "{{ playbook_dir }}/../../secrets/clients/{{ client_name }}.sops.yaml"`
			`name: client_secrets`
			`age_keyfile: "{{ lookup('env', 'SOPS_AGE_KEY_FILE') }}"`
			`no_log: true`

			`tasks:`
			`- name: Delete Mailgun SMTP credentials`
			`include_role:`
			`name: mailgun`
			`tasks_from: delete`

			`- name: Display cleanup summary`
			`debug:`
			`msg: \|`
			`============================================================`
			`Cleanup complete for: {{ client_name }}`
			`============================================================`

			`Removed:`
			`✓ Mailgun SMTP credential ({{ inventory_hostname }}@mg.vrije.cloud)`

			`You can now safely destroy the server with:`
			`cd ../tofu && tofu destroy -target='hcloud_server.client["{{ client_name }}"]'`
			`============================================================`