Refactor role naming for TLS and proxy stack

- Renamed role `srv-tls-core` → `sys-svc-certs` - Renamed role `srv-https-stack` → `sys-stk-front-pure` - Renamed role `sys-stk-front` → `sys-stk-front-proxy` - Updated all includes, READMEs, meta, and dependent roles accordingly This improves clarity and consistency of naming conventions for certificate management and proxy orchestration. See: https://chatgpt.com/share/68b19f2c-22b0-800f-ba9b-3f2c8fd427b0
2025-08-30 07:18:09 +02:00 · 2025-08-29 14:38:20 +02:00
parent 4c7bb6d9db
commit 009bee531b
42 changed files with 45 additions and 45 deletions
--- a/roles/srv-composer/README.md
+++ b/roles/srv-composer/README.md
@@ -4,7 +4,7 @@ This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and
 1. **`sys-srv-web-inj-compose`**
   Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx `sub_filter`.
-2. **`srv-tls-core`**
+2. **`sys-svc-certs`**
   Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.
 By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.
@@ -16,7 +16,7 @@ By combining encryption setup with content enhancements, this role streamlines d
 * **Content Injection**
  Adds global theming, analytics, and custom scripts before `</head>` and tracking noscript tags before `</body>`.
 * **Certificate Management**
-  Automates cert issuance and renewal via `srv-tls-core`.
+  Automates cert issuance and renewal via `sys-svc-certs`.
 * **Idempotent Workflow**
  Ensures each component runs only once per domain.
 * **Simplified Playbooks**
--- a/roles/srv-composer/tasks/main.yml
+++ b/roles/srv-composer/tasks/main.yml
@@ -4,6 +4,6 @@
  include_role: 
    name: sys-srv-web-inj-compose
- name: "include role srv-tls-core for '{{ domain }}'"
+- name: "include role sys-svc-certs for '{{ domain }}'"
  include_role: 
-    name: srv-tls-core
+    name: sys-svc-certs
--- a/roles/srv-proxy-core/README.md
+++ b/roles/srv-proxy-core/README.md
@@ -16,7 +16,7 @@ The goal of this role is to deliver a **hassle-free, production-ready reverse pr
 ## Features
- **Automatic TLS & HSTS** — integrates with the *srv-https-stack* role for certificate management.  
+- **Automatic TLS & HSTS** — integrates with the *sys-stk-front-pure* role for certificate management.  
 - **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications.  
 - **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings.  
 - **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured.  
--- a/roles/srv-proxy-core/tasks/main.yml
+++ b/roles/srv-proxy-core/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: '{{ item }}'
    loop:
-    - srv-https-stack
+    - sys-stk-front-pure
    - srv-core
  - include_tasks: utils/run_once.yml
  when: run_once_srv_proxy_core is not defined
--- a/roles/sys-stk-front-proxy/README.md
+++ b/roles/sys-stk-front-proxy/README.md
@@ -6,10 +6,10 @@ This role bootstraps **per-domain Nginx configuration**: it requests TLS certifi
 ## Overview
-A higher-level orchestration wrapper, *sys-stk-front* ties together several lower-level roles:
+A higher-level orchestration wrapper, *sys-stk-front-proxy* ties together several lower-level roles:
 1. **`sys-srv-web-inj-compose`** – applies global tweaks and includes.  
-2. **`srv-tls-core`** – obtains Let’s Encrypt certificates.  
+2. **`sys-svc-certs`** – obtains Let’s Encrypt certificates.  
 3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*.  
 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
--- a/roles/sys-stk-front-proxy/defaults/main.yml
+++ b/roles/sys-stk-front-proxy/defaults/main.yml
--- a/roles/sys-stk-front-proxy/meta/main.yml
+++ b/roles/sys-stk-front-proxy/meta/main.yml
--- a/roles/sys-stk-front-proxy/tasks/01_cloudflare.yml
+++ b/roles/sys-stk-front-proxy/tasks/01_cloudflare.yml
--- a/roles/sys-stk-front-proxy/tasks/cloudflare/01_cleanup.yml
+++ b/roles/sys-stk-front-proxy/tasks/cloudflare/01_cleanup.yml
--- a/roles/sys-stk-front-proxy/tasks/cloudflare/02_enable_cf_dev_mode.yml
+++ b/roles/sys-stk-front-proxy/tasks/cloudflare/02_enable_cf_dev_mode.yml
--- a/roles/sys-stk-front-proxy/tasks/main.yml
+++ b/roles/sys-stk-front-proxy/tasks/main.yml
@@ -4,7 +4,7 @@
      name: srv-proxy-core
    when: run_once_srv_proxy_core is not defined
  - include_tasks: utils/run_once.yml
-  when: run_once_sys_stk_front is not defined
+  when: run_once_sys_stk_front_proxy is not defined
 - include_tasks: "01_cloudflare.yml"
  when: DNS_PROVIDER == "cloudflare"
--- a/roles/sys-stk-front-proxy/vars/main.yml
+++ b/roles/sys-stk-front-proxy/vars/main.yml
--- a/roles/sys-stk-front-pure/README.md
+++ b/roles/sys-stk-front-pure/README.md
@@ -1,7 +1,7 @@
 # Webserver HTTPS Provisioning 🚀
 ## Description
-The **srv-https-stack** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
+The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
 1. Ensures your Nginx server is configured for SSL/TLS.
 2. Pulls in Let’s Encrypt ACME challenge handling.
@@ -13,7 +13,7 @@ This role is built on top of your existing `srv-core` role, and it automates the
 ## Overview
-When you apply **srv-https-stack**, it will:
+When you apply **sys-stk-front-pure**, it will:
 1. **Include** the `srv-core` role to install and configure Nginx.  
 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.  
--- a/roles/sys-stk-front-pure/meta/main.yml
+++ b/roles/sys-stk-front-pure/meta/main.yml
--- a/roles/sys-stk-front-pure/tasks/main.yml
+++ b/roles/sys-stk-front-pure/tasks/main.yml
@@ -7,4 +7,4 @@
    - sys-svc-cln-domains
    - srv-letsencrypt
  - include_tasks: utils/run_once.yml
-  when: run_once_srv_https_stack is not defined
+  when: run_once_sys_stk_front_pure is not defined
--- a/roles/sys-stk-full-stateful/README.md
+++ b/roles/sys-stk-full-stateful/README.md
@@ -8,4 +8,4 @@ This role builds on `sys-stk-back-stateful` by adding a reverse-proxy frontend f
  Leverages the `sys-stk-back-stateful` role to stand up your containerized database (PostgreSQL, MariaDB, etc.) with backups and user management.
 - **Reverse Proxy**  
-  Includes the `sys-stk-front` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.
+  Includes the `sys-stk-front-proxy` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.
--- a/roles/sys-stk-full-stateful/meta/main.yml
+++ b/roles/sys-stk-full-stateful/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: >
-    Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front.
+    Extends sys-stk-back-stateful by adding an HTTP reverse proxy via sys-stk-front-proxy.
  company: |
    Kevin Veen-Birkenbach
    Consulting & Coaching Solutions
--- a/roles/sys-stk-full-stateful/tasks/main.yml
+++ b/roles/sys-stk-full-stateful/tasks/main.yml
@@ -4,9 +4,9 @@
  vars:
    handler_role_name: "svc-prx-openresty"
- name: "For '{{ application_id }}': include role sys-stk-front"
+- name: "For '{{ application_id }}': include role sys-stk-front-proxy"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  vars:
    domain:     "{{ domains | get_domain(application_id) }}"
    http_port:  "{{ ports.localhost.http[application_id] }}"
--- a/roles/sys-stk-full-stateless/README.md
+++ b/roles/sys-stk-full-stateless/README.md
@@ -8,4 +8,4 @@ This role combines the standard Docker Compose setup with a reverse-proxy for an
  Brings up containers, networks, and volumes via the `docker-compose` role.
 - **Reverse Proxy**  
-  Uses the `sys-stk-front` role to expose your application under a custom domain and port.
+  Uses the `sys-stk-front-proxy` role to expose your application under a custom domain and port.
--- a/roles/sys-stk-full-stateless/meta/main.yml
+++ b/roles/sys-stk-full-stateless/meta/main.yml
@@ -1,7 +1,7 @@
 galaxy_info:
  author: "Kevin Veen-Birkenbach"
  description: >
-    Combines the docker-compose role with sys-stk-front to
+    Combines the docker-compose role with sys-stk-front-proxy to
    deploy applications behind a reverse proxy.
  company: |
    Kevin Veen-Birkenbach
--- a/roles/sys-stk-full-stateless/tasks/main.yml
+++ b/roles/sys-stk-full-stateless/tasks/main.yml
@@ -1,9 +1,9 @@
 # run_once_sys_stk_full_stateless: deactivated
 # Load the proxy first, so that openresty handlers are flushed before the main docker compose
- name: "For '{{ application_id }}': include role sys-stk-front"
+- name: "For '{{ application_id }}': include role sys-stk-front-proxy"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
--- a/roles/sys-svc-certs/README.md
+++ b/roles/sys-svc-certs/README.md
--- a/roles/sys-svc-certs/meta/main.yml
+++ b/roles/sys-svc-certs/meta/main.yml
--- a/roles/sys-svc-certs/tasks/flavors/_san.yml
+++ b/roles/sys-svc-certs/tasks/flavors/_san.yml
--- a/roles/sys-svc-certs/tasks/flavors/dedicated.yml
+++ b/roles/sys-svc-certs/tasks/flavors/dedicated.yml
--- a/roles/sys-svc-certs/tasks/flavors/san.yml
+++ b/roles/sys-svc-certs/tasks/flavors/san.yml
--- a/roles/sys-svc-certs/tasks/flavors/wildcard.yml
+++ b/roles/sys-svc-certs/tasks/flavors/wildcard.yml
--- a/roles/sys-svc-certs/tasks/main.yml
+++ b/roles/sys-svc-certs/tasks/main.yml
@@ -1,10 +1,10 @@
 - block:
-  - name: Include dependency 'srv-https-stack'
+  - name: Include dependency 'sys-stk-front-pure'
    include_role:
-      name: srv-https-stack
+      name: sys-stk-front-pure
-    when: run_once_srv_https_stack is not defined
+    when: run_once_sys_stk_front_pure is not defined
  - include_tasks: utils/run_once.yml
-  when: run_once_srv_tls_core is not defined
+  when: run_once_sys_svc_certs is not defined
 - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'"
  include_tasks: "{{ [role_path, 'tasks/flavors', CERTBOT_FLAVOR ~'.yml'] | path_join }}"
--- a/roles/web-app-bluesky/tasks/main.yml
+++ b/roles/web-app-bluesky/tasks/main.yml
@@ -2,9 +2,9 @@
  include_role: 
    name: docker-compose
- name: "include role sys-stk-front for {{ application_id }}"
+- name: "include role sys-stk-front-proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  vars:
    domain: "{{ item.domain }}"
    http_port: "{{ item.http_port }}"
--- a/roles/web-app-elk/tasks/main.yml
+++ b/roles/web-app-elk/tasks/main.yml
@@ -1,8 +1,8 @@
 ---
- name: "include role sys-stk-front for {{ application_id }}"
+- name: "include role sys-stk-front-proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  vars:
    domain:   "{{ domains | get_domain(application_id) }}"
    http_port:   "{{ ports.localhost.http[application_id] }}"
--- a/roles/web-app-fusiondirectory/README.md
+++ b/roles/web-app-fusiondirectory/README.md
@@ -9,7 +9,7 @@ This Ansible role deploys and configures [FusionDirectory](https://www.fusiondir
 - Loads and templating of FusionDirectory-specific variables  
 - Generates a `.env` file for the container environment  
 - Deploys the FusionDirectory container via Docker Compose  
- Configures NGINX (via the `sys-stk-front` role) to expose the service  
+- Configures NGINX (via the `sys-stk-front-proxy` role) to expose the service  
 - Integrates with your central LDAP server for authentication  
 ## Features
--- a/roles/web-app-joomla/tasks/main.yml
+++ b/roles/web-app-joomla/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
- name: "Include role sys-stk-front for {{ application_id }}"
+- name: "Include role sys-stk-front-proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  loop: "{{ JOOMLA_DOMAINS }}"
  loop_control:
    loop_var: domain
--- a/roles/web-app-mastodon/tasks/main.yml
+++ b/roles/web-app-mastodon/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: "Include setup for domain '{{ domain }}'"
  include_role: 
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  loop: "{{ domains['web-app-mastodon'] }}"
  loop_control:
    loop_var: domain
--- a/roles/web-app-matrix/tasks/03_webserver.yml
+++ b/roles/web-app-matrix/tasks/03_webserver.yml
@@ -9,9 +9,9 @@
    src:  "well-known.j2" 
    dest: "{{ MATRIX_WELL_KNOWN_FILE }}"
- name: "include role sys-stk-front for {{ MATRIX_ELEMENT_DOMAIN }}"
+- name: "include role sys-stk-front-proxy for {{ MATRIX_ELEMENT_DOMAIN }}"
  include_role: 
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  vars:        
    domain:     "{{ MATRIX_ELEMENT_DOMAIN }}"
    http_port:  "{{ MATRIX_ELEMENT_PORT }}"
--- a/roles/web-app-taiga/README.md
+++ b/roles/web-app-taiga/README.md
@@ -39,7 +39,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems —
    - [taiga-contrib-oidc-auth (official)](https://github.com/taigaio/taiga-contrib-oidc-auth)
 - 📨 **Email Backend:** Supports SMTP and console backends for development.
 - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system.
- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `sys-stk-front` role.
+- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `sys-stk-front-proxy` role.
 - 🧩 **Composable Design:** Integrates cleanly with other Infinito.Nexus infrastructure roles.
 ---
--- a/roles/web-app-wordpress/tasks/main.yml
+++ b/roles/web-app-wordpress/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
- name: "Include role sys-stk-front for {{ application_id }}"
+- name: "Include role sys-stk-front-proxy for {{ application_id }}"
  include_role:
-    name: sys-stk-front
+    name: sys-stk-front-proxy
  loop: "{{ WORDPRESS_DOMAINS }}"
  loop_control:
    loop_var: domain
--- a/roles/web-opt-rdr-domains/README.md
+++ b/roles/web-opt-rdr-domains/README.md
@@ -9,7 +9,7 @@ This Ansible role configures Nginx to perform 301 redirects from one domain to a
 ## Dependencies
- `srv-https-stack`: A role for setting up HTTPS for Nginx
+- `sys-stk-front-pure`: A role for setting up HTTPS for Nginx
 - `letsencrypt`: A role for managing SSL certificates with Let's Encrypt
 ## Author Information
--- a/roles/web-opt-rdr-domains/tasks/main.yml
+++ b/roles/web-opt-rdr-domains/tasks/main.yml
@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-https-stack'
+  - name: Include dependency 'sys-stk-front-pure'
    include_role:
-      name: srv-https-stack
+      name: sys-stk-front-pure
-    when: run_once_srv_https_stack is not defined
+    when: run_once_sys_stk_front_pure is not defined
  - include_tasks: utils/run_once.yml
  when: run_once_web_opt_rdr_domains is not defined
--- a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
+++ b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml
@@ -1,6 +1,6 @@
 - name: "include task receive certbot certificate"
  include_role: 
-    name: srv-tls-core
+    name: sys-svc-certs
 - name: "Deploying NGINX redirect configuration for '{{ domain }}'"
  template:
--- a/roles/web-svc-cdn/tasks/01_core.yml
+++ b/roles/web-svc-cdn/tasks/01_core.yml
@@ -2,7 +2,7 @@
  include_role:
    name: '{{ item }}'
  loop:
-  - srv-https-stack
+  - sys-stk-front-pure
  - dev-git
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
--- a/roles/web-svc-file/tasks/main.yml
+++ b/roles/web-svc-file/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: '{{ item }}'
    loop:
-    - srv-https-stack
+    - sys-stk-front-pure
    - dev-git
  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_file is not defined
--- a/roles/web-svc-html/tasks/main.yml
+++ b/roles/web-svc-html/tasks/main.yml
@@ -3,7 +3,7 @@
    include_role:
      name: '{{ item }}'
    loop:
-    - srv-https-stack
+    - sys-stk-front-pure
    - dev-git
  - include_tasks: utils/run_once.yml
  when: run_once_web_svc_html is not defined