kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-30 07:18:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Refactor role naming for TLS and proxy stack

Browse Source 
- Renamed role `srv-tls-core` → `sys-svc-certs`
- Renamed role `srv-https-stack` → `sys-stk-front-pure`
- Renamed role `sys-stk-front` → `sys-stk-front-proxy`
- Updated all includes, READMEs, meta, and dependent roles accordingly

This improves clarity and consistency of naming conventions for certificate management and proxy orchestration.

See: https://chatgpt.com/share/68b19f2c-22b0-800f-ba9b-3f2c8fd427b0
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-29 14:38:20 +02:00
parent 4c7bb6d9db
commit 009bee531b
42 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
roles/sys-stk-front-pure/README.md Normal file
View File

@@ -0,0 +1,65 @@
# Webserver HTTPS Provisioning 🚀
## Description
The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
1. Ensures your Nginx server is configured for SSL/TLS.
2. Pulls in Lets Encrypt ACME challenge handling.
3. Applies global cleanup of unused domain configs.
This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
---
## Overview
When you apply **sys-stk-front-pure**, it will:
1. **Include** the `srv-core` role to install and configure Nginx.
2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.
3. **Deploy** the Lets Encrypt challenge-and-redirect snippet from `srv-letsencrypt`.
4. **Reload** Nginx automatically when any template changes.
All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.
---
## Features
- 🔒 **Automatic HTTPS Redirect**
Sets up port 80 → 443 redirect and serves `/.well-known/acme-challenge/` for Certbot.
- 🔑 **Lets Encrypt Integration**
Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.
- 🧹 **Domain Cleanup**
Removes obsolete or orphaned server blocks before enabling HTTPS.
- 🚦 **Handler-Safe**
Triggers an Nginx reload only when necessary, minimizing service interruptions.
---
## Requirements
- A working `srv-core` setup.
- DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow.
- Variables:
- `LETSENCRYPT_WEBROOT_PATH`
- `LETSENCRYPT_LIVE_PATH`
- `on_calendar_renew_lets_encrypt_certificates`
---
## License
This role is released under the **Infinito.Nexus NonCommercial License**.
See [https://s.infinito.nexus/license](https://s.infinito.nexus/license) for details.
---
## Author
Developed and maintained by **Kevin Veen-Birkenbach**
Consulting & Coaching Solutions
[https://www.veen.world](https://www.veen.world)