Refactor role naming for TLS and proxy stack

- Renamed role `srv-tls-core` → `sys-svc-certs` - Renamed role `srv-https-stack` → `sys-stk-front-pure` - Renamed role `sys-stk-front` → `sys-stk-front-proxy` - Updated all includes, READMEs, meta, and dependent roles accordingly This improves clarity and consistency of naming conventions for certificate management and proxy orchestration. See: https://chatgpt.com/share/68b19f2c-22b0-800f-ba9b-3f2c8fd427b0
2025-08-30 15:28:12 +02:00 · 2025-08-29 14:38:20 +02:00
parent 4c7bb6d9db
commit 009bee531b
42 changed files with 45 additions and 45 deletions
--- a/roles/sys-stk-front-proxy/tasks/cloudflare/01_cleanup.yml
+++ b/roles/sys-stk-front-proxy/tasks/cloudflare/01_cleanup.yml
@@ -0,0 +1,13 @@
+- name: "Purge everything from Cloudflare cache for domain {{ domain }}"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/purge_cache"
+    method: POST
+    headers:
+      Authorization: "Bearer {{ CLOUDFLARE_API_TOKEN }}"
+      Content-Type: "application/json"
+    body:
+      purge_everything: true
+    body_format: json
+    return_content: yes
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/sys-stk-front-proxy/tasks/cloudflare/02_enable_cf_dev_mode.yml
+++ b/roles/sys-stk-front-proxy/tasks/cloudflare/02_enable_cf_dev_mode.yml
@@ -0,0 +1,35 @@
+---
+# Enables Cloudflare Development Mode (bypasses cache for ~3 hours).
+# Uses the same auth token as in 01_cleanup.yml: CLOUDFLARE_API_TOKEN
+# Assumes `domain` and (optionally) `cf_zone_id` are available.
+# Safe to run repeatedly; only changes when the mode is not already "on".
+
+- name: "Read current Cloudflare development_mode setting"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/settings/development_mode"
+    method: GET
+    headers:
+      Authorization: "Bearer {{ CLOUDFLARE_API_TOKEN }}"
+      Content-Type: "application/json"
+    return_content: yes
+  register: cf_dev_mode_current
+  when: ASYNC_ENABLED | bool
+
+- name: "Enable Cloudflare Development Mode"
+  ansible.builtin.uri:
+    url: "https://api.cloudflare.com/client/v4/zones/{{ cf_zone_id }}/settings/development_mode"
+    method: PATCH
+    headers:
+      Authorization: "Bearer {{ CLOUDFLARE_API_TOKEN }}"
+      Content-Type: "application/json"
+    body:
+      value: "on"
+    body_format: json
+    return_content: yes
+  register: cf_dev_mode_enable
+  changed_when: >
+    ASYNC_ENABLED | bool and
+    cf_dev_mode_current.json.result.value is defined and
+    cf_dev_mode_current.json.result.value != 'on'
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"