Refactor role naming for TLS and proxy stack

- Renamed role `srv-tls-core` → `sys-svc-certs` - Renamed role `srv-https-stack` → `sys-stk-front-pure` - Renamed role `sys-stk-front` → `sys-stk-front-proxy` - Updated all includes, READMEs, meta, and dependent roles accordingly This improves clarity and consistency of naming conventions for certificate management and proxy orchestration. See: https://chatgpt.com/share/68b19f2c-22b0-800f-ba9b-3f2c8fd427b0
2025-11-03 03:38:15 +00:00 · 2025-08-29 14:38:20 +02:00
parent 4c7bb6d9db
commit 009bee531b
42 changed files with 45 additions and 45 deletions
--- a/roles/sys-svc-certs/tasks/flavors/dedicated.yml
+++ b/roles/sys-svc-certs/tasks/flavors/dedicated.yml
@@ -0,0 +1,30 @@
+- name: "Check if certificate already exists for '{{ domain }}'"
+  cert_check_exists:
+    domain: "{{ domain }}"
+    cert_base_path: "{{ LETSENCRYPT_LIVE_PATH }}"
+  register: cert_check
+
+- name: "receive certificate for '{{ domain }}'"
+  command: >-
+    certbot certonly 
+    --agree-tos 
+    --email {{ users.administrator.email }}
+    --non-interactive 
+    {% if CERTBOT_ACME_CHALLENGE_METHOD != "webroot" %}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-credentials {{ CERTBOT_CREDENTIALS_FILE }}
+    --dns-{{ CERTBOT_ACME_CHALLENGE_METHOD }}-propagation-seconds {{ CERTBOT_DNS_PROPAGATION_WAIT_SECONDS }}
+    {% else %}
+    --webroot 
+    -w {{ LETSENCRYPT_WEBROOT_PATH }}
+    {% endif %}
+    {% if wildcard_domain is defined and ( wildcard_domain | bool ) %}
+    -d {{ PRIMARY_DOMAIN }} 
+    -d *.{{ PRIMARY_DOMAIN }}
+    {% else %}
+    -d {{ domain }}
+    {% endif %}
+    {{ '--test-cert' if MODE_TEST | bool else '' }}
+  register: certbot_result
+  changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout"
+  when: not cert_check.exists