Refactor systemctl services and timers

- Unified service templates into generic systemctl templates
- Introduced reusable filter plugins for script path handling
- Updated path variables and service/timer definitions
- Migrated roles (backup, cleanup, repair, etc.) to use systemctl role
- Added sys-daemon role for core systemd cleanup
- Simplified timer handling via sys-timer role

Note: This is a large refactor and some errors may still exist. Further testing and adjustments will be needed.

roles/sys-svc-cln-domains/tasks/main.yml

@@ -0,0 +1,54 @@
+- block:
+  - name: Include dependencies
+    include_role:
+      name: '{{ item }}'
+    loop:
+    - srv-web-7-4-core
+
+  - name: Include task to remove deprecated nginx configs
+    include_tasks: remove_deprecated_nginx_configs.yml
+    loop: "{{ deprecated_domains }}"
+    loop_control:
+      label: "{{ item }}"
+    vars:
+      domain: "{{ item }}"
+    when:
+    - MODE_CLEANUP | bool
+
+## The revoking just works for the base domain
+#- name: "Revoke Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot revoke -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - MODE_CLEANUP | bool
+#    - run_once_sys_svc_cln_domains is not defined
+#  register: certbot_revoke_result
+#  failed_when: >
+#    certbot_revoke_result.rc != 0 and
+#    'No certificate found with name' not in certbot_revoke_result.stderr
+#  changed_when: >
+#    certbot_revoke_result.rc == 0
+#
+## The deleting just works for the base domain
+#- name: "Delete Certbot certificate for {{ item }}"
+#  ansible.builtin.command:
+#    cmd: "certbot delete -n --cert-name {{ item }} --non-interactive"
+#  become: true
+#  loop: "{{ deprecated_domains }}"
+#  loop_control:
+#    label: "{{ item }}"
+#  when:
+#    - MODE_CLEANUP | bool
+#    - run_once_sys_svc_cln_domains is not defined
+#  register: certbot_delete_result
+#  failed_when: >
+#    certbot_delete_result.rc != 0 and
+#    'No certificate found with name' not in certbot_delete_result.stderr
+#  changed_when: >
+#    certbot_delete_result.rc == 0
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_svc_cln_domains is not defined

roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml

@@ -0,0 +1,20 @@
+---
+- name: Find matching nginx configs for {{ domain }}
+  ansible.builtin.find:
+    paths: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}"
+    patterns: "*.{{ domain }}.conf"
+  register: find_result
+
+- name: Remove wildcard nginx configs for {{ domain }}
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ find_result.files | default([]) }}"
+  when: item is defined
+  notify: restart openresty
+
+- name: Remove exact nginx config for {{ domain }}
+  ansible.builtin.file:
+    path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    state: absent
+  notify: restart openresty