Refactor role naming for TLS and proxy stack

- Renamed role `srv-tls-core` → `sys-svc-certs` - Renamed role `srv-https-stack` → `sys-stk-front-pure` - Renamed role `sys-stk-front` → `sys-stk-front-proxy` - Updated all includes, READMEs, meta, and dependent roles accordingly This improves clarity and consistency of naming conventions for certificate management and proxy orchestration. See: https://chatgpt.com/share/68b19f2c-22b0-800f-ba9b-3f2c8fd427b0
2025-08-30 07:18:09 +02:00 · 2025-08-29 14:38:20 +02:00
parent 4c7bb6d9db
commit 009bee531b
42 changed files with 45 additions and 45 deletions
--- a/roles/sys-svc-certs/tasks/main.yml
+++ b/roles/sys-svc-certs/tasks/main.yml
@@ -0,0 +1,45 @@
+- block:
+  - name: Include dependency 'sys-stk-front-pure'
+    include_role:
+      name: sys-stk-front-pure
+    when: run_once_sys_stk_front_pure is not defined
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_svc_certs is not defined
+
+- name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'"
+  include_tasks: "{{ [role_path, 'tasks/flavors', CERTBOT_FLAVOR ~'.yml'] | path_join }}"
+
+#- name: "Cleanup dedicated cert for '{{ domain }}'"
+#  command: >-
+#    certbot delete --cert-name {{ domain }} --non-interactive
+#  when: 
+#    - MODE_CLEANUP | bool
+#      # Cleanup mode is enabled
+#    - CERTBOT_FLAVOR != 'dedicated'
+#      # Wildcard certificate is enabled
+#    - domain.split('.') | length == (PRIMARY_DOMAIN.split('.') | length + 1) and domain.endswith(PRIMARY_DOMAIN)
+#      # AND: The domain is a direct first-level subdomain of the primary domain
+#    - domain != PRIMARY_DOMAIN  
+#      # The domain is not the primary domain
+#  register: certbot_result
+#  failed_when: certbot_result.rc != 0 and ("No certificate found with name" not in certbot_result.stderr)
+#  changed_when: certbot_result.rc == 0 and ("No certificate found with name" not in certbot_result.stderr)
+
+- name: "Find SSL cert folder for '{{ domain }}'"
+  cert_folder_find:
+    domain: "{{ domain }}"
+    cert_base_path: "{{ LETSENCRYPT_LIVE_PATH }}"
+    debug: "{{ MODE_DEBUG | bool }}"
+  register: cert_folder_result
+  delegate_to: "{{ inventory_hostname }}"
+  changed_when: false
+
+- name: "Set ssl_cert_folder fact to '{{ cert_folder_result.folder }}'"
+  set_fact:
+    ssl_cert_folder: "{{ cert_folder_result.folder }}"
+  changed_when: false
+
+- name: "Ensure ssl_cert_folder is set for domain {{ domain }}"
+  fail:
+    msg: "No certificate folder found for domain {{ domain }}"
+  when: ssl_cert_folder is undefined or ssl_cert_folder is none