ilia
f17a1a3bcc
Some checks failed
CI / skip-ci-check (pull_request) Successful in 7s
CI / lint-and-test (pull_request) Failing after 10s
CI / secret-scanning (pull_request) Successful in 7s
CI / dependency-scan (pull_request) Successful in 16s
CI / sast-scan (pull_request) Successful in 29s
CI / ansible-validation (pull_request) Failing after 54s
CI / license-check (pull_request) Successful in 14s
CI / vault-check (pull_request) Successful in 12s
CI / container-scan (pull_request) Successful in 7s
CI / sonar-analysis (pull_request) Successful in 7s
CI / playbook-test (pull_request) Successful in 25s
CI / workflow-summary (pull_request) Successful in 5s
Cal Authentik OIDC playbook/role (deferred until license), Vikunja OIDC docs and vault secrets, SSO matrix, mailcow LAN proxy fix, extended security audit docs, maintenance_cron role with group_vars split, and inventory updates (vikunja rename, identity/monitoring/cal host_vars). Co-authored-by: Cursor <cursoragent@cursor.com>
maintenance_cron
Weekly cleanup jobs for production hosts.
Scripts
| Script | Schedule | Purpose |
|---|---|---|
system-maintenance |
/etc/cron.weekly/ |
journalctl --vacuum-size=500M, apt autoremove, apt autoclean |
docker-prune |
/etc/cron.weekly/ |
docker system prune -af --filter until=168h |
gitea-archive-prune |
/etc/cron.weekly/ |
Delete Gitea repo-archive files older than 7 days |
Variables
See defaults/main.yml. Enable per host or group:
maintenance_cron_enable_system: true
maintenance_cron_enable_docker: true # Docker hosts only
maintenance_cron_enable_gitea_archive: true # giteaVM only
Applied via playbooks/maintenance.yml (tag maintenance_cron).