refactor!: replace sys-systemctl with sys-service, add sys-daemon, and rename systemctl_* → system_service_* across repo

- Swap role includes: sys-systemctl → sys-service in all roles
- Rename variables everywhere: systemctl_* → system_service_* (incl. systemctl_id → system_service_id)
- Templates: ExecStart now uses {{ system_service_script_exec }}; add optional RuntimeMaxSec via SYS_SERVICE_DEFAULT_RUNTIME
- Move SYS_SERVICE defaults into roles/sys-service/defaults (remove SYS_SERVICE_ALL_ENABLED & SYS_SERVICE_DEFAULT_STATE from group_vars/07_services.yml)
- Tidy group_vars/all/08_timer.yml formatting
- Introduce roles/sys-daemon:
  - default manager timeouts (timeouts.conf)
  - optional purge of /etc/systemd/system.conf.d
  - validation via systemd-analyze verify
  - handlers for daemon-reload & daemon-reexec
- Refactor sys-timer to system_service_* variables (docs and templates updated)
- Move filter_plugins/filetype.py under sys-service
- Update meta/README to point to official systemd docs
- Touch many roles (backup/cleanup/health/repair/certs/nginx/csp/wireguard/ssd-hdd/keyboard/update-docker/alarm compose/email/telegram/etc.) to new naming

BREAKING CHANGE:
- Role path/name change: use `sys-service` instead of `sys-systemctl`
- All `systemctl_*` vars are now `system_service_*` (e.g., on_calendar, state, timer_enabled, script_exec, id)
- If you have custom templates, adopt RuntimeMaxSec and new variable names

Chat context: https://chatgpt.com/share/68a47568-312c-800f-af3f-e98575446327

group_vars/all/07_services.yml

@@ -3,8 +3,6 @@
 
 ## Meta
 SYS_SERVICE_SUFFIX:                   ".{{ SOFTWARE_NAME | lower }}.service"
-SYS_SERVICE_ALL_ENABLED:              "{{ not MODE_DEBUG }}" # Flush all services
-SYS_SERVICE_DEFAULT_STATE:            "{{ 'restarted' if MODE_DEBUG else omit }}"
 
 ## Names
 SYS_SERVICE_CLEANUP_BACKUPS_OLD:      "{{ 'sys-ctl-cln-bkps'        | get_service_name(SOFTWARE_NAME) }}"

group_vars/all/08_timer.yml

@@ -7,8 +7,8 @@ SYS_TIMER_ALL_ENABLED:  "{{ not MODE_DEBUG }}"   # Runtime Variables for Process
 
 ## Server Tact Variables 
 
-HOURS_SERVER_AWAKE:   "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
+HOURS_SERVER_AWAKE:            "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-RANDOMIZED_DELAY_SEC: "5min"  # Random delay for systemd timers to avoid peak loads.
+RANDOMIZED_DELAY_SEC:          "5min"  # Random delay for systemd timers to avoid peak loads.
 
 ## Timeouts for all services
 SYS_TIMEOUT_CLEANUP_SERVICES:  "15min"

roles/svc-bkp-loc-2-usb/tasks/main.yml

@@ -23,4 +23,4 @@
       to non‑empty values in your configuration file.
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service

roles/svc-bkp-loc-2-usb/templates/systemctl.service.j2

@@ -5,7 +5,7 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} {{ BACKUP_TO_USB_SOURCE }} {{ BACKUP_TO_USB_DESTINATION }}
+ExecStart={{ system_service_script_exec }} {{ BACKUP_TO_USB_SOURCE }} {{ BACKUP_TO_USB_DESTINATION }}
 ExecStartPost=/bin/systemctl start {{ SYS_SERVICE_CLEANUP_BACKUPS_OLD }}
 
 [Install]

roles/svc-bkp-loc-2-usb/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                 "svc-bkp-loc-2-usb"
-systemctl_id:                   "{{ application_id }}"
+system_service_id:                   "{{ application_id }}"
 
 BACKUP_TO_USB_DESTINATION:      '{{ BACKUP_TO_USB_MOUNT}}{{ BACKUP_TO_USB_TARGET }}'
 BACKUPS_SERVICE_MNT_NAME:       '{{ BACKUP_TO_USB_MOUNT | trim(''/'') | replace(''/'',''-'') }}.mount'

roles/svc-bkp-rmt-2-loc/tasks/main.yml

@@ -23,8 +23,8 @@
     mode: "0755"
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_BACKUP_REMOTE_TO_LOCAL }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_BACKUP_REMOTE_TO_LOCAL }}"
 

roles/svc-bkp-rmt-2-loc/templates/systemctl.service.j2

@@ -5,5 +5,5 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }} {{ SYS_SERVICE_CLEANUP_BACKUPS_FA
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_BACKUPS| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
-ExecStart={{ systemctl_script_exec }}
+ExecStart={{ system_service_script_exec }}
 ExecStartPost=/bin/systemctl start {{ SYS_SERVICE_CLEANUP_BACKUPS_OLD }}

roles/svc-bkp-rmt-2-loc/vars/main.yml

@@ -1,5 +1,5 @@
 application_id:                                 svc-bkp-rmt-2-loc
-systemctl_id:                                   "{{ application_id }}"  
+system_service_id:                                   "{{ application_id }}"  
 DOCKER_BACKUP_REMOTE_2_LOCAL_DIR:               '{{ PATH_ADMINISTRATOR_SCRIPTS }}{{ application_id }}/'
 DOCKER_BACKUP_REMOTE_2_LOCAL_SCRIPT:            "{{ DOCKER_BACKUP_REMOTE_2_LOCAL_DIR }}svc-bkp-rmt-2-loc.sh"
 DOCKER_BACKUP_REMOTE_2_LOCAL_BACKUP_PROVIDERS:  "{{ applications | get_app_conf(application_id, 'backup_providers')  }}"

roles/svc-net-wireguard-plain/tasks/main.yml

@@ -1,2 +1,2 @@
 - include_role:
-    name: sys-systemctl
+    name: sys-service

roles/svc-net-wireguard-plain/templates/systemctl.service.j2

@@ -4,7 +4,7 @@ Before=wg-quick@wg0.service
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }}
+ExecStart={{ system_service_script_exec }}
 
 [Install]
 RequiredBy=wg-quick@wg0.service

roles/svc-net-wireguard-plain/vars/main.yml

@@ -1,2 +1,2 @@
 application_id: svc-net-wireguard-plain
-systemctl_id:   "{{ application_id }}"
+system_service_id:   "{{ application_id }}"

roles/svc-opt-keyboard-color/tasks/01_core.yml

@@ -11,8 +11,8 @@
     - msi-perkeyrgb
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_ANIMATION_KEYBOARD_COLOR }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_ANIMATION_KEYBOARD_COLOR }}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
     persistent:               true

roles/svc-opt-keyboard-color/templates/systemctl.service.j2

@@ -4,4 +4,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} {{ vendor_and_product_id }}
+ExecStart={{ system_service_script_exec }} {{ vendor_and_product_id }}

roles/svc-opt-keyboard-color/vars/main.yml

@@ -1,3 +1,3 @@
 application_id: svc-opt-keyboard-color
-systemctl_id:   "{{ application_id }}"
+system_service_id:   "{{ application_id }}"
 vendor_and_product_id:  "{{ applications | get_app_conf(application_id, 'vendor_and_product_id') }}"

roles/svc-opt-ssd-hdd/tasks/main.yml

@@ -1,2 +1,2 @@
 - include_role:
-    name: sys-systemctl
+    name: sys-service

roles/svc-opt-ssd-hdd/templates/systemctl.service.j2

@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_OPTIMIZE_DRIVE }} {{ SYS_SERVICE_BACKUP_RMT_2_LOC }} --timeout "{{ SYS_TIMEOUT_STORAGE_OPTIMIZER }}"
-ExecStart={{ systemctl_script_exec }} --mass-storage-path {{ OPT_DRIVE_MASS_STORAGE_PATH }}
+ExecStart={{ system_service_script_exec }} --mass-storage-path {{ OPT_DRIVE_MASS_STORAGE_PATH }}

roles/svc-opt-ssd-hdd/vars/main.yml

@@ -1,4 +1,4 @@
 application_id:               svc-opt-ssd-hdd
-systemctl_id:                 "{{ application_id }}"
+system_service_id:                 "{{ application_id }}"
 OPT_DRIVE_RAPID_STORAGE_PATH: "{{ applications | get_app_conf(application_id, 'volumes.rapid_storage') }}"
 OPT_DRIVE_MASS_STORAGE_PATH:  "{{ applications | get_app_conf(application_id, 'volumes.mass_storage') }}"

roles/sys-ctl-alm-compose/tasks/01_core.yml

@@ -1,4 +1,4 @@
-- name: "Include dependent services for '{{ systemctl_id }}'"
+- name: "Include dependent services for '{{ system_service_id  }}'"
   include_role:
     name: '{{ item }}'
   loop:
@@ -9,14 +9,14 @@
     systemctl_timer_enabled: false
     systemctl_copy_files: true
 
-- name: "Include core service for '{{ systemctl_id }}'"
+- name: "Include core service for '{{ system_service_id  }}'"
   include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
     flush_handlers: true
     systemctl_timer_enabled: false
     systemctl_copy_files: true
-    systemctl_tpl_exec_start: "{{ systemctl_script_exec }} %i"
+    systemctl_tpl_exec_start: "{{ system_service_script_exec }} %i"
     systemctl_tpl_on_failure: "" # No on failure needed, because it's anyhow the default on failure procedure
 
 - name: "Send message to test service."

roles/sys-ctl-alm-compose/vars/main.yml

@@ -1,4 +1,4 @@
-systemctl_id: sys-ctl-alm-compose@
+system_service_id: sys-ctl-alm-compose@
 
 SYSTEMCTL_ALARM_COMPOSER_SUBSERVICES:
   - 'sys-ctl-alm-email'

roles/sys-ctl-alm-email/README.md

@@ -2,7 +2,7 @@
 
 ## Description
 
-This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `{{ systemctl_id }}` service and configures email parameters and templates using msmtp.
+This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `{{ system_service_id }}` service and configures email parameters and templates using msmtp.
 
 ## Overview
 

roles/sys-ctl-alm-email/tasks/01_core.yml

@@ -5,8 +5,8 @@
   - sys-svc-msmtp
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_copy_files: true
+    system_service_copy_files: true
 
 

roles/sys-ctl-alm-email/templates/systemctl@.service.j2

@@ -3,6 +3,6 @@ Description=status email for %i to user
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} %i
+ExecStart={{ system_service_script_exec }} %i
 User=root
 Group=systemd-journal

roles/sys-ctl-alm-email/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-alm-email@
+system_service_id: sys-ctl-alm-email@

roles/sys-ctl-alm-telegram/tasks/01_core.yml

@@ -10,9 +10,9 @@
         - telegram_chat_id     # The Telegram chat ID to send messages to
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_copy_files: true
+    system_service_copy_files: true
 
 - name: install curl
   community.general.pacman:

roles/sys-ctl-alm-telegram/templates/systemctl@.service.j2

@@ -3,6 +3,6 @@ Description=status Telegram message for %i to user
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} %i
+ExecStart={{ system_service_script_exec }} %i
 User=root
 Group=systemd-journal

roles/sys-ctl-alm-telegram/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-alm-telegram@
+system_service_id: sys-ctl-alm-telegram@

roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml

@@ -15,8 +15,8 @@
   when: MODE_RESET | bool
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_copy_files:     false
+    system_service_copy_files:     false
-    systemctl_timer_enabled:  false
+    system_service_timer_enabled:  false
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_BACKUP_DOCKER_TO_LOCAL }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_BACKUP_DOCKER_TO_LOCAL }}"

roles/sys-ctl-bkp-docker-2-loc/vars/main.yml

@@ -5,7 +5,7 @@
 # - BKP_DOCKER_2_LOC_DISABLED:         All images where backup.disabled is set (for --images-no-backup-required)
 # CLI-ready variables render these lists as argument strings.
 
-systemctl_id: sys-ctl-bkp-docker-2-loc
+system_service_id: sys-ctl-bkp-docker-2-loc
 
 # Verify if DB is enabled
 BKP_DOCKER_2_LOC_DB_ENABLED: "{{ database_type | default('') | bool }}"

roles/sys-ctl-cln-bkps/tasks/01_core.yml

@@ -14,4 +14,4 @@
     state: present
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service

roles/sys-ctl-cln-bkps/templates/systemctl.service.j2

@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
-ExecStart={{ systemctl_script_exec }} --backups-folder-path {{ BACKUPS_FOLDER_PATH }} --maximum-backup-size-percent {{SIZE_PERCENT_MAXIMUM_BACKUP}}
+ExecStart={{ system_service_script_exec }} --backups-folder-path {{ BACKUPS_FOLDER_PATH }} --maximum-backup-size-percent {{SIZE_PERCENT_MAXIMUM_BACKUP}}

roles/sys-ctl-cln-bkps/vars/main.yml

@@ -1 +1 @@
-systemctl_id: "sys-ctl-cln-bkps"
+system_service_id: "sys-ctl-cln-bkps"

roles/sys-ctl-cln-certs/tasks/01_core.yml

@@ -12,8 +12,8 @@
     package_name: certreap
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_CLEANUP_CERTS }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_CLEANUP_CERTS }}"
-    systemctl_copy_files:     false
+    system_service_copy_files:     false

roles/sys-ctl-cln-certs/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-cln-certs
+system_service_id: sys-ctl-cln-certs

roles/sys-ctl-cln-disc-space/tasks/01_core.yml

@@ -6,7 +6,7 @@
   - sys-lock
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
-    systemctl_on_calendar: "{{SYS_SCHEDULE_CLEANUP_DISC_SPACE}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_CLEANUP_DISC_SPACE}}"

roles/sys-ctl-cln-disc-space/templates/systemctl.service.j2

@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"
-ExecStart={{ systemctl_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}
+ExecStart={{ system_service_script_exec }} {{ SIZE_PERCENT_CLEANUP_DISC_SPACE }}

roles/sys-ctl-cln-disc-space/vars/main.yml

@@ -1 +1 @@
-systemctl_id:  "sys-ctl-cln-disc-space"
+system_service_id:  "sys-ctl-cln-disc-space"

roles/sys-ctl-cln-faild-bkps/tasks/01_core.yml

@@ -24,8 +24,8 @@
   changed_when: false
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
-    systemctl_on_calendar: "{{SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS}}"
-    systemctl_copy_files: false
+    system_service_copy_files: false

roles/sys-ctl-cln-faild-bkps/vars/main.yml

@@ -1,2 +1,2 @@
-systemctl_id: sys-ctl-cln-faild-bkps
+system_service_id: sys-ctl-cln-faild-bkps
 CLN_FAILED_DOCKER_BACKUPS_PKG: cleanup-failed-docker-backups

roles/sys-ctl-hlth-btrfs/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_ctl_alm_compose is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_HEALTH_BTRFS}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_HEALTH_BTRFS}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-hlth-btrfs/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-btrfs
+system_service_id: sys-ctl-hlth-btrfs

roles/sys-ctl-hlth-csp/tasks/01_core.yml

@@ -11,7 +11,7 @@
     package_notify: rebuild checkcsp docker image
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{ SYS_SCHEDULE_HEALTH_CSP_CRAWLER }}"
+    system_service_on_calendar: "{{ SYS_SCHEDULE_HEALTH_CSP_CRAWLER }}"
-    systemctl_timer_enabled: true
+    system_service_timer_enabled: true

roles/sys-ctl-hlth-csp/templates/systemctl.service.j2

@@ -4,4 +4,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}
+ExecStart={{ system_service_script_exec }} --nginx-config-dir={{ NGINX.DIRECTORIES.HTTP.SERVERS }}

roles/sys-ctl-hlth-csp/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-csp
+system_service_id: sys-ctl-hlth-csp

roles/sys-ctl-hlth-disc-space/tasks/main.yml

@@ -7,7 +7,7 @@
   when: run_once_sys_ctl_hlth_disc_space is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_DISC_SPACE }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_DISC_SPACE }}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-hlth-disc-space/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-disc-space
+system_service_id: sys-ctl-hlth-disc-space

roles/sys-ctl-hlth-docker-container/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_ctl_alm_compose is not defined
   
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER }}"

roles/sys-ctl-hlth-docker-container/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-docker-container
+system_service_id: sys-ctl-hlth-docker-container

roles/sys-ctl-hlth-docker-volumes/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_ctl_alm_compose is not defined
   
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_HEALTH_DOCKER_VOLUMES}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_HEALTH_DOCKER_VOLUMES}}"
-    systemctl_timer_enabled: true
+    system_service_timer_enabled: true

roles/sys-ctl-hlth-docker-volumes/templates/systemctl.service.j2

@@ -4,4 +4,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(' ') }}"
+ExecStart={{ system_service_script_exec }} "{{ DOCKER_WHITELISTET_ANON_VOLUMES | join(' ') }}"

roles/sys-ctl-hlth-docker-volumes/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-docker-volumes
+system_service_id: sys-ctl-hlth-docker-volumes

roles/sys-ctl-hlth-journalctl/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_ctl_alm_compose is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_HEALTH_JOURNALCTL}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_HEALTH_JOURNALCTL}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-hlth-journalctl/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-journalctl
+system_service_id: sys-ctl-hlth-journalctl

roles/sys-ctl-hlth-msmtp/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_ctl_alm_telegram is not defined
   
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_MSMTP }}"
+    system_service_on_calendar:    "{{ SYS_SCHEDULE_HEALTH_MSMTP }}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-hlth-msmtp/vars/main.yml

@@ -1,2 +1,2 @@
-systemctl_id: sys-ctl-hlth-msmtp
+system_service_id: sys-ctl-hlth-msmtp
 

roles/sys-ctl-hlth-webserver/tasks/01_core.yml

@@ -14,7 +14,7 @@
     state: present
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_HEALTH_NGINX}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_HEALTH_NGINX}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-hlth-webserver/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-hlth-webserver
+system_service_id: sys-ctl-hlth-webserver

roles/sys-ctl-mtn-cert-deploy/tasks/01_core.yml

@@ -4,9 +4,9 @@
   when: run_once_sys_ctl_alm_compose is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_state: restarted
+    system_service_state: restarted
-    systemctl_on_calendar:  "{{ SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_DEPLOY }}"
+    system_service_on_calendar:  "{{ SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_DEPLOY }}"
     persistent:   "true"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-mtn-cert-deploy/templates/systemctl.service.j2

@@ -4,4 +4,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 
 [Service]
 Type=oneshot
-ExecStart={{ systemctl_script_exec }} {{ ssl_cert_folder }} {{ docker_compose.directories.instance }} {{ LETSENCRYPT_LIVE_PATH }}
+ExecStart={{ system_service_script_exec }} {{ ssl_cert_folder }} {{ docker_compose.directories.instance }} {{ LETSENCRYPT_LIVE_PATH }}

roles/sys-ctl-mtn-cert-deploy/vars/main.yml

@@ -1 +1 @@
-systemctl_id:                        "sys-ctl-mtn-cert-deploy"
+system_service_id:                        "sys-ctl-mtn-cert-deploy"

roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml

@@ -13,9 +13,9 @@
     state: present
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_copy_files: false
+    system_service_copy_files: false
-    systemctl_on_calendar: "{{ SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_RENEW }}"
+    system_service_on_calendar: "{{ SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_RENEW }}"
     persistent: true
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-mtn-cert-renew/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-mtn-cert-renew
+system_service_id: sys-ctl-mtn-cert-renew

roles/sys-ctl-rpr-btrfs-balancer/tasks/01_core.yml

@@ -10,8 +10,8 @@
     package_name: btrfs-auto-balancer
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_copy_files: false
+    system_service_copy_files: false
-    systemctl_on_calendar: "{{SYS_SCHEDULE_REPAIR_BTRFS_AUTO_BALANCER}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_REPAIR_BTRFS_AUTO_BALANCER}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-rpr-btrfs-balancer/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-rpr-btrfs-balancer
+system_service_id: sys-ctl-rpr-btrfs-balancer

roles/sys-ctl-rpr-docker-hard/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_lock is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_REPAIR_DOCKER_HARD}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_REPAIR_DOCKER_HARD}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-rpr-docker-hard/templates/systemctl.service.j2

@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP | join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_HARD }} --timeout "{{ SYS_TIMEOUT_RESTART_DOCKER }}"
-ExecStart={{ systemctl_script_exec }}
+ExecStart={{ system_service_script_exec }}

roles/sys-ctl-rpr-docker-hard/vars/main.yml

@@ -1,2 +1,2 @@
-systemctl_id: sys-ctl-rpr-docker-hard
+system_service_id: sys-ctl-rpr-docker-hard
 

roles/sys-ctl-rpr-docker-soft/tasks/01_core.yml

@@ -4,7 +4,7 @@
   when: run_once_sys_lock is not defined
 
 - include_role:
-    name: sys-systemctl
+    name: sys-service
   vars:
-    systemctl_on_calendar: "{{SYS_SCHEDULE_REPAIR_DOCKER_SOFT}}"
+    system_service_on_calendar: "{{SYS_SCHEDULE_REPAIR_DOCKER_SOFT}}"
-    systemctl_timer_enabled:  true
+    system_service_timer_enabled:  true

roles/sys-ctl-rpr-docker-soft/templates/systemctl.service.j2

@@ -5,4 +5,4 @@ OnFailure={{ SYS_SERVICE_ON_FAILURE_COMPOSE }}
 [Service]
 Type=oneshot
 ExecStartPre=/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_CLEANUP| join(' ') }} {{ SYS_SERVICE_REPAIR_DOCKER_SOFT }} --timeout "{{ SYS_TIMEOUT_HEAL_DOCKER }}"
-ExecStart=/bin/sh -c '{{ systemctl_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'
+ExecStart=/bin/sh -c '{{ system_service_script_exec }} {{ PATH_DOCKER_COMPOSE_INSTANCES }}'

roles/sys-ctl-rpr-docker-soft/vars/main.yml

@@ -1 +1 @@
-systemctl_id: sys-ctl-rpr-docker-soft
+system_service_id: sys-ctl-rpr-docker-soft

roles/sys-daemon/README.md

@@ -1,44 +1,26 @@
-# Core Daemon Reset
+# sys-daemon
 
 ## Description
 
-This role resets and cleans up all **Infinito.Nexus** core daemon `systemd` service units that match the configured suffix (`SYS_SERVICE_SUFFIX`).  
+Role to reset and configure the **systemd manager** for Infinito.Nexus.  
-It is primarily used in maintenance or reset scenarios when a full service cleanup is required.
+It ensures a clean state of the manager configuration and applies default timeout values.
 
 ## Overview
 
-When the `MODE_RESET` flag is enabled, the role will:
+- Purges the systemd manager drop-in directory if requested.  
-
+- Validates all active unit files before reload/reexec.  
-1. **Run Once Per Play:** Guarded by `run_once_sys_daemon` to avoid duplicate execution.
+- Applies default timeout values for systemd manager behavior.  
-2. **Identify Service Units:** Finds all `/etc/systemd/system/*{{ SYS_SERVICE_SUFFIX }}` units.
+- Provides handler-based reload/reexec for systemd.  
-3. **Stop and Disable Services:** Gracefully stops and disables matching services.
-4. **Remove Unit Files:** Deletes the corresponding unit files from the system.
-5. **Reload systemd:** Ensures the service manager state is updated after cleanup.
-
-## Purpose
-
-The main goal of this role is to ensure a clean and consistent state for core daemon services by removing obsolete or stale systemd units.  
-This is particularly useful when re-deploying or performing a full environment reset.
 
 ## Features
 
-- **Automated Cleanup:** Stops, disables, and removes targeted systemd units.
+- **Drop-in Purge:** Optionally remove `/etc/systemd/system.conf.d` contents.  
-- **Idempotent Execution:** Runs only once per playbook run.
+- **Manager Defaults:** Deploys custom timeouts via `timeouts.conf`.  
-- **Configurable Targeting:** Matches services using `SYS_SERVICE_SUFFIX`.
+- **Validation:** Uses `systemd-analyze verify` before reload.  
-- **Systemd Integration:** Reloads daemon state after changes.
+- **Integration:** Triggers `daemon-reload` or `daemon-reexec` safely.  
 
 ## Further Resources
 
-- [systemd Service Management](https://www.freedesktop.org/software/systemd/man/systemctl.html)
+- [systemd - Manager Configuration](https://www.freedesktop.org/software/systemd/man/systemd-system.conf.html)  
-- [Infinito.Nexus License](https://s.infinito.nexus/license)
+- [systemd-analyze](https://www.freedesktop.org/software/systemd/man/systemd-analyze.html)  
-
+- [systemctl](https://www.freedesktop.org/software/systemd/man/systemctl.html)
-## License
-
-This role is released under the Infinito.Nexus NonCommercial License.
-See [license details](https://s.infinito.nexus/license)
-
-## Author Information
-
-Kevin Veen-Birkenbach
-Consulting & Coaching Solutions
-[https://www.veen.world](https://www.veen.world)

roles/sys-daemon/defaults/main.yml

@@ -0,0 +1,8 @@
+# General
+SYSTEMD_MANAGER_CONF_DIR:       "/etc/systemd/system.conf.d"
+
+# Defaults
+SYSTEMD_DEFAULT_TIMEOUT_START:  "90s"      # Maximum time a service is allowed to reach the 'active' state during startup
+SYSTEMD_DEFAULT_TIMEOUT_STOP:   "90s"      # Maximum time a service is allowed to stop gracefully before being killed
+SYSTEMD_DEFAULT_TIMEOUT_ABORT:  "90s"      # Additional grace period after Stop timeout before systemd sends SIGKILL
+

roles/sys-daemon/handlers/main.yml

@@ -1,4 +1,49 @@
-- name: "reload system daemon"
+- name: collect systemd unit files
+  shell: |
+    shopt -s nullglob
+    files=({{ PATH_SYSTEM_SERVICE_DIR }}*.service {{ PATH_SYSTEM_SERVICE_DIR }}*.timer)
+    printf "%s\n" "${files[@]}"
+  args:
+    executable: /bin/bash
+  register: _unit_files
+  changed_when: false
+  failed_when: false
+  become: true
+  listen:
+    - reload system daemon
+    - reexec systemd manager
+
+- name: validate systemd units
+  shell: |
+    systemd-analyze verify {{ _unit_files.stdout_lines | join(' ') }}
+  register: _verify_units
+  changed_when: false
+  failed_when: _unit_files.stdout | length > 0 and _verify_units.rc != 0
+  become: true
+  when: _unit_files.stdout | length > 0
+  listen:
+    - reload system daemon
+    - reexec systemd manager
+
+- name: show merged manager config
+  command: systemd-analyze cat-config systemd/system.conf
+  register: _catcfg
+  changed_when: false
+  become: true
+  listen:
+    - reload system daemon
+    - reexec systemd manager
+
+- name: reload system daemon
   command: systemctl daemon-reload
+  become: true
+  listen: reload system daemon
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
-  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
+
+- name: reexec systemd manager
+  command: systemctl daemon-reexec
+  become: true
+  listen: reexec systemd manager
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

roles/sys-daemon/meta/main.yml

@@ -1,19 +1,19 @@
+---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Role to reset and clean up Infinito.Nexus systemd service units for the core daemon."
+  description: "Role to reset and configure the systemd manager (drop-ins, defaults, validation)."
-  company: |
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: | 
     Kevin Veen-Birkenbach
     Consulting & Coaching Solutions
     https://www.veen.world
-  license: "Infinito.Nexus NonCommercial License"
-  license_url: "https://s.infinito.nexus/license"
-  min_ansible_version: "2.9"
   galaxy_tags:
     - systemd
-    - cleanup
     - infinito
+    - daemon
+    - cleanup
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/#sys-daemon-role"
+  documentation: "https://www.freedesktop.org/software/systemd/man/systemd-system.conf.html"
-
 dependencies: []

roles/sys-daemon/tasks/01_reset.yml

@@ -0,0 +1,16 @@
+- name: reload system daemon
+  command: /bin/true
+  notify: "reload system daemon"
+
+- name: "Sanity check SYSTEMD_MANAGER_CONF_DIR"
+  assert:
+    that:
+      - SYSTEMD_MANAGER_CONF_DIR | regex_search('^/etc/systemd/system\.conf\.d/?$')
+    fail_msg: "SYSTEMD_MANAGER_CONF_DIR must be /etc/systemd/system.conf.d"
+  when: SYSTEMD_MANAGER_RESET_PURGE | bool
+
+- name: "Purge manager drop-in directory (remove)"
+  file:
+    path: "{{ SYSTEMD_MANAGER_CONF_DIR }}"
+    state: absent
+  notify: reexec systemd manager

roles/sys-daemon/tasks/02_defaults.yml

@@ -0,0 +1,12 @@
+- name: "Ensure {{ SYSTEMD_MANAGER_CONF_DIR }} exists"
+  file:
+    path: "{{ SYSTEMD_MANAGER_CONF_DIR }}"
+    state: directory
+    mode: "0755"
+
+- name: Deploy systemd manager default timeout settings
+  template:
+    src:  timeouts.conf.j2
+    dest: "{{ SYSTEMD_MANAGER_CONF_DIR }}/timeouts.conf"
+    mode: "0644"
+  notify: reexec systemd manager

roles/sys-daemon/tasks/main.yml

@@ -1,8 +1,8 @@
-- name: "reset (if enabled)"
+- block:
-  include_tasks: reset.yml 
+  - name: "reset (if enabled)"
-  when: MODE_RESET | bool and run_once_sys_daemon is not defined
+    include_tasks: 01_reset.yml
-
+    when: MODE_RESET | bool and run_once_sys_daemon is not defined
-- name: run {{ role_name }} once
+  - name: Apply systemd manager defaults
-  set_fact:
+    include_tasks: 02_defaults.yml
-    run_once_sys_daemon: true
+  - include_tasks: utils/run_once.yml
   when: run_once_sys_daemon is not defined

roles/sys-daemon/tasks/reset.yml

@@ -1,3 +0,0 @@
-- name: reload system daemon
-  command: /bin/true
-  notify: "reload system daemon"

roles/sys-daemon/templates/timeouts.conf.j2

@@ -0,0 +1,4 @@
+[Manager]
+DefaultTimeoutStartSec={{ SYSTEMD_DEFAULT_TIMEOUT_START }}
+DefaultTimeoutStopSec={{ SYSTEMD_DEFAULT_TIMEOUT_STOP }}
+DefaultTimeoutAbortSec={{ SYSTEMD_DEFAULT_TIMEOUT_ABORT }}

roles/sys-service/README.md

@@ -0,0 +1,27 @@
+# sys-service
+
+## Description
+
+Role to manage **systemd service units** for Infinito.Nexus software stacks.  
+It installs or removes unit files, configures runtime behavior, and ensures services are properly deployed.
+
+## Overview
+
+- Resets service units by removing old or obsolete definitions.  
+- Deploys new service unit files and service scripts.  
+- Optionally sets up timers linked to the services.  
+- Ensures correct reload/restart behavior across the stack.  
+
+## Features
+
+- **Unit Cleanup:** Automated removal of old service units.  
+- **Custom Templates:** Supports both `systemctl.service.j2` and `systemctl@.service.j2`.  
+- **Timers:** Integrates with `sys-timer` for scheduled execution.  
+- **Runtime Limits:** Configurable `RuntimeMaxSec` per service.  
+- **Handlers:** Automatic reload/restart of services when definitions change.  
+
+## Further Resources
+
+- [systemd - Service Units](https://www.freedesktop.org/software/systemd/man/systemd.service.html)  
+- [systemd - Timer Units](https://www.freedesktop.org/software/systemd/man/systemd.timer.html)  
+- [systemctl](https://www.freedesktop.org/software/systemd/man/systemctl.html)

roles/sys-service/defaults/main.yml

@@ -0,0 +1,3 @@
+SYS_SERVICE_ALL_ENABLED:      "{{ not MODE_DEBUG }}"
+SYS_SERVICE_DEFAULT_STATE:    "{{ 'restarted' if MODE_DEBUG else omit }}"
+SYS_SERVICE_DEFAULT_RUNTIME:  "86400s"    # Maximum total runtime a service is allowed to run before being stopped

roles/sys-service/handlers/main.yml

@@ -1,8 +1,8 @@
 - name: "refresh systemctl service"
   systemd:
-    name: "{{ systemctl_id | get_service_name(SOFTWARE_NAME) }}"
+    name: "{{ system_service_id | get_service_name(SOFTWARE_NAME) }}"
     daemon_reload: yes
     enabled: yes
-    state: "{{ systemctl_state }}"
+    state: "{{ system_service_state }}"
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"

roles/sys-service/meta/main.yml

@@ -1,10 +1,10 @@
 ---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Utility role to reset/clean up systemd units for a given software stack."
+  description: "Role to manage systemd service units, including cleanup, deployment, and runtime configuration."
   license: "Infinito.Nexus NonCommercial License"
   license_url: "https://s.infinito.nexus/license"
-  company: |
+  company: | 
     Kevin Veen-Birkenbach
     Consulting & Coaching Solutions
     https://www.veen.world
@@ -16,9 +16,9 @@ galaxy_info:
   galaxy_tags:
     - systemd
     - services
-    - cleanup
-    - reset
     - automation
+    - infinito
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://docs.infinito.nexus"
+  documentation: "https://www.freedesktop.org/software/systemd/man/systemd.service.html"
+dependencies: []

roles/sys-service/tasks/03_base.yml

@@ -1,7 +1,6 @@
-# roles/sys-systemctl/tasks/03_base.yml
 - name: "find best matching source for service script"
   set_fact:
-    systemctl_script_src: >-
+    system_service_script_src: >-
       {{ lookup('first_found',
         {
           'files': [
@@ -10,21 +9,21 @@
             'files/script.sh',
             'files/script.py'
           ],
-          'paths': [ systemctl_role_dir ]
+          'paths': [ system_service_role_dir ]
         },
         errors='strict'
       ) }}
-  when: systemctl_copy_files | bool
+  when: system_service_copy_files | bool
 
-- name: "Load file logic for '{{ systemctl_id }}'"
+- name: "Load file logic for '{{ system_service_id }}'"
   include_tasks: 04_files.yml
   when:
-    - systemctl_copy_files | bool
+    - system_service_copy_files | bool
-    - systemctl_script_src
+    - system_service_script_src
 
-- name: "Load systemctl logic for '{{ systemctl_id }}'"
+- name: "Load systemctl logic for '{{ system_service_id }}'"
   include_tasks: 05_service.yml
 
-- name: "Load timer logic for '{{ systemctl_id }}'"
+- name: "Load timer logic for '{{ system_service_id }}'"
   include_tasks: 06_timer.yml
-  when: systemctl_timer_enabled | bool
+  when: system_service_timer_enabled | bool

roles/sys-service/tasks/04_files.yml

@@ -0,0 +1,23 @@
+
+- name: "create {{ system_service_script_dir }}"
+  file:
+    path: "{{ system_service_script_dir }}"
+    state: directory
+    mode: "0755"
+
+- name: "template or copy script"
+  block:
+    - name: "render template"
+      template:
+        src:  "{{ system_service_script_src }}"
+        dest: "{{ [system_service_script_dir, (system_service_script_src | basename | regex_replace('\\.j2$', ''))] | path_join }}"
+        mode: "0755"
+      when: system_service_script_src.endswith('.j2')
+
+    - name: "copy raw file"
+      copy:
+        src:  "{{ system_service_script_src }}"
+        dest: "{{ [system_service_script_dir, (system_service_script_src | basename)] | path_join }}"
+        mode: "0755"
+      when: not system_service_script_src.endswith('.j2')
+  when: system_service_copy_files | bool

roles/sys-service/tasks/05_service.yml

@@ -1,7 +1,7 @@
 # 1) Find the template (prefer target role, then fall back to this role)
 - name: Resolve systemctl template source
   set_fact:
-    systemctl_template_src: >-
+    system_service_template_src: >-
       {{ lookup(
            'first_found',
            {
@@ -10,7 +10,7 @@
                'templates/systemctl.service.j2'
              ],
              'paths': [
-               systemctl_role_dir,
+               system_service_role_dir,
                role_path
              ]
            },
@@ -20,22 +20,22 @@
 # Optional: sanity check with a clear error if truly nothing found
 - name: Ensure a systemctl template was found
   assert:
-    that: systemctl_template_src | length > 0
+    that: system_service_template_src | length > 0
     fail_msg: >-
       Could not resolve any systemctl template. Looked in:
-      {{ systemctl_role_dir }}/templates/ and {{ role_path }}/templates/.
+      {{ system_service_role_dir }}/templates/ and {{ role_path }}/templates/.
 
 # 2) Now we may safely derive whether it’s the “@” variant
 - name: Flag whether @-template is used
   set_fact:
-    systemctl_uses_at: "{{ (systemctl_template_src | basename) is search('@\\.service\\.j2$') }}"
+    system_service_uses_at: "{{ (system_service_template_src | basename) is search('@\\.service\\.j2$') }}"
 
 # 3) Use it
-- name: "setup systemctl '{{ systemctl_id }}'"
+- name: "setup systemctl '{{ system_service_id }}'"
   template:
-    src:  "{{ systemctl_template_src }}"
+    src:  "{{ system_service_template_src }}"
-    dest: "{{ [ PATH_SYSTEM_SERVICE_DIR, systemctl_id | get_service_name(SOFTWARE_NAME) ] | path_join }}"
+    dest: "{{ [ PATH_SYSTEM_SERVICE_DIR, system_service_id | get_service_name(SOFTWARE_NAME) ] | path_join }}"
-  notify: "{{ 'reload system daemon' if systemctl_uses_at else 'refresh systemctl service' }}"
+  notify: "{{ 'reload system daemon' if system_service_uses_at else 'refresh systemctl service' }}"
 
 - name:   refresh systemctl service when SYS_SERVICE_ALL_ENABLED
   command: /bin/true
@@ -44,4 +44,4 @@
     - refresh systemctl service
   when: 
     - SYS_SERVICE_ALL_ENABLED | bool
-    - not systemctl_uses_at
+    - not system_service_uses_at

roles/sys-service/tasks/06_timer.yml

@@ -0,0 +1,13 @@
+- name: Fail if system_service_id contains "@"
+  assert:
+    that:
+      - "'@' not in system_service_id"
+    fail_msg: "Invalid system_service_id '{{ system_service_id }}' → must not contain '@'."
+
+- name: "Make '{{ system_service_id }}' available for sys-timer"
+  set_fact:
+    system_service_timer_service: "{{ system_service_id }}"
+
+- name: "include role for sys-timer for {{ system_service_timer_service }}"
+  include_role:
+    name: sys-timer

roles/sys-service/tasks/main.yml

@@ -1,14 +1,14 @@
 - block:
   - include_tasks: 01_core.yml
   - include_tasks: utils/run_once.yml
-  when: run_once_sys_systemctl is not defined
+  when: run_once_sys_service is not defined
 
-- name: "Execute service routines for '{{ systemctl_id }}'"
+- name: "Execute service routines for '{{ system_service_id }}'"
   block:
-  - name: "Load base routine for '{{ systemctl_id }}'"
+  - name: "Load base routine for '{{ system_service_id }}'"
     include_tasks: 03_base.yml
   - include_tasks: utils/run_once.yml
     vars:
-      # Necessary to flush after every service which uses an 'systemctl_id' otherwise wrong one will be used
+      # Necessary to flush after every service which uses an 'system_service_id' otherwise wrong one will be used
       flush_handlers: true
-  when: systemctl_id is defined
+  when: system_service_id is defined

roles/sys-service/templates/systemctl.service.j2

@@ -0,0 +1,10 @@
+[Unit]
+Description={{ SOFTWARE_NAME }} - Service for role '{{ system_service_id }}'
+OnFailure={{ system_service_tpl_on_failure }}
+
+[Service]
+Type={{ system_service_tpl_type }}
+ExecStart={{ system_service_tpl_exec_start }}
+{% if system_service_tpl_runtime |length > 0 %}
+RuntimeMaxSec={{ system_service_tpl_runtime }}
+{% endif %}

roles/sys-service/vars/main.yml

@@ -0,0 +1,23 @@
+UNIT_SUFFIX_REMOVER_PACKAGE:  "unsure"
+
+## Paths
+system_service_role_name:      "{{ system_service_id | regex_replace('@','') }}"
+system_service_role_dir:       "{{ [ playbook_dir, 'roles', system_service_role_name ] | path_join }}"
+system_service_script_dir:     "{{ [ PATH_SYSTEMCTL_SCRIPTS, system_service_id ] | path_join }}"
+
+## Settings
+system_service_copy_files:     true  # When set to false file copying will be skipped
+system_service_timer_enabled:  false # When set to true timer will be loaded
+system_service_state:          "{{ SYS_SERVICE_DEFAULT_STATE }}"
+
+# Dynamic Loaded ( Just available when dependencies are loaded )
+system_service_script_base:    "{{ system_service_script_src | basename | regex_replace('\\.j2$', '') }}"
+system_service_script_type:    "{{ system_service_script_base | filetype }}"
+system_service_script_inter:   "/bin/{{ 'bash' if system_service_script_type == 'sh' else 'python3'}}"
+system_service_script_exec:    "{{ system_service_script_inter }} {{ system_service_id | get_service_script_path( system_service_script_type ) }}"
+
+# Service template
+system_service_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
+system_service_tpl_type:       "oneshot"
+system_service_tpl_exec_start: "{{ system_service_script_exec }}"
+system_service_tpl_runtime:    "{{ SYS_SERVICE_DEFAULT_RUNTIME }}"

roles/sys-systemctl/README.md

@@ -1,52 +0,0 @@
-# sys-systemctl
-
-Utility role to reset/clean up **systemd** units for a given software stack.  
-It can install a unit-file remover tool, delete units that match a configured suffix, and reload the systemd daemon. The role is designed to run **once per play** and is commonly included by other roles (e.g., timer/service roles) to ensure a clean state before (re)deployment.
-
-## Overview
-
-When `MODE_RESET` is enabled, the role will:
-
-1. Install the configured remover tool/package (via `pkgmgr-install`).
-2. Remove all unit files that match the configured suffix for the current software.
-3. Reload the systemd daemon to apply changes.
-
-A run-once guard (`run_once_sys_systemctl`) prevents repeated execution within the same play run.
-
-## Features
-
-- **Idempotent cleanup** of systemd unit files based on a suffix.
-- **Pluggable remover tool** via `UNIT_SUFFIX_REMOVER_PACKAGE`.
-- **Daemon reload** to immediately apply changes.
-- **Run-once safety** across the play to avoid redundant work.
-
-## Variables
-
-| Variable                     | Type    | Default     | Description                                                                                 |
-|-----------------------------|---------|-------------|---------------------------------------------------------------------------------------------|
-| `MODE_RESET`                | bool    | `false`     | If `true`, executes the reset/cleanup tasks.                                                |
-| `SYS_SERVICE_SUFFIX`        | string  | *required*  | Suffix used to identify unit files belonging to the software stack (e.g., `.infinito.nexus`). |
-| `SOFTWARE_NAME`             | string  | *required*  | Logical software identifier passed to the remover tool.                                      |
-| `UNIT_SUFFIX_REMOVER_PACKAGE` | string| `"unsure"`  | Package/command used to remove the unit files. Must provide a CLI compatible with `-s`.     |
-
-> **Note:** The role expects the remover tool to support a command pattern like:
-> ```
-> <UNIT_SUFFIX_REMOVER_PACKAGE> -s '<SOFTWARE_NAME>'
-> ```
-> Replace `UNIT_SUFFIX_REMOVER_PACKAGE` with your actual utility (or wrapper script) that removes all matching unit files.
-
-## Tasks Flow
-
-- `tasks/main.yml`
-  - Includes `tasks/01_reset.yml` **only when** `MODE_RESET` is `true`.
-  - Loads `utils/run_once.yml` once to set `run_once_sys_systemctl`.
-
-- `tasks/01_reset.yml`
-  - Installs `UNIT_SUFFIX_REMOVER_PACKAGE` via `pkgmgr-install`.
-  - Executes the remover command to purge unit files for `SOFTWARE_NAME` / `SYS_SERVICE_SUFFIX`.
-  - Runs `systemctl daemon-reload`.
-
-## Dependencies
-
-- `pkgmgr-install` (role): used to install `UNIT_SUFFIX_REMOVER_PACKAGE`.
-

roles/sys-systemctl/tasks/04_files.yml

@@ -1,23 +0,0 @@
-
-- name: "create {{ systemctl_script_dir }}"
-  file:
-    path: "{{ systemctl_script_dir }}"
-    state: directory
-    mode: "0755"
-
-- name: "template or copy script"
-  block:
-    - name: "render template"
-      template:
-        src:  "{{ systemctl_script_src }}"
-        dest: "{{ [systemctl_script_dir, (systemctl_script_src | basename | regex_replace('\\.j2$', ''))] | path_join }}"
-        mode: "0755"
-      when: systemctl_script_src.endswith('.j2')
-
-    - name: "copy raw file"
-      copy:
-        src:  "{{ systemctl_script_src }}"
-        dest: "{{ [systemctl_script_dir, (systemctl_script_src | basename)] | path_join }}"
-        mode: "0755"
-      when: not systemctl_script_src.endswith('.j2')
-  when: systemctl_copy_files | bool

roles/sys-systemctl/tasks/06_timer.yml

@@ -1,13 +0,0 @@
-- name: Fail if systemctl_id contains "@"
-  assert:
-    that:
-      - "'@' not in systemctl_id"
-    fail_msg: "Invalid systemctl_id '{{ systemctl_id }}' → must not contain '@'."
-
-- name: "Make '{{ systemctl_id }}' available for sys-timer"
-  set_fact:
-    systemctl_timer_service: "{{ systemctl_id }}"
-
-- name: "include role for sys-timer for {{ systemctl_timer_service }}"
-  include_role:
-    name: sys-timer

roles/sys-systemctl/templates/systemctl.service.j2

@@ -1,7 +0,0 @@
-[Unit]
-Description={{ SOFTWARE_NAME }} - Service for role '{{ systemctl_id }}'
-OnFailure={{ systemctl_tpl_on_failure }}
-
-[Service]
-Type={{ systemctl_tpl_type }}
-ExecStart={{ systemctl_tpl_exec_start }}

roles/sys-systemctl/vars/main.yml

@@ -1,22 +0,0 @@
-UNIT_SUFFIX_REMOVER_PACKAGE:  "unsure"
-
-## Paths
-systemctl_role_name:      "{{ systemctl_id | regex_replace('@','') }}"
-systemctl_role_dir:       "{{ [ playbook_dir, 'roles', systemctl_role_name ] | path_join }}"
-systemctl_script_dir:     "{{ [ PATH_SYSTEMCTL_SCRIPTS, systemctl_id ] | path_join }}"
-
-## Settings
-systemctl_copy_files:     true  # When set to false file copying will be skipped
-systemctl_timer_enabled:  false # When set to true timer will be loaded
-systemctl_state:          "{{ SYS_SERVICE_DEFAULT_STATE }}"
-
-# Dynamic Loaded ( Just available when dependencies are loaded )
-systemctl_script_base:    "{{ systemctl_script_src | basename | regex_replace('\\.j2$', '') }}"
-systemctl_script_type:    "{{ systemctl_script_base | filetype }}"
-systemctl_script_inter:   "/bin/{{ 'bash' if systemctl_script_type == 'sh' else 'python3'}}"
-systemctl_script_exec:    "{{ systemctl_script_inter }} {{ systemctl_id | get_service_script_path( systemctl_script_type ) }}"
-
-# Service template
-systemctl_tpl_on_failure: "{{ SYS_SERVICE_ON_FAILURE_COMPOSE }}"
-systemctl_tpl_type:       "oneshot"
-systemctl_tpl_exec_start: "{{ systemctl_script_exec }}"

roles/sys-timer-cln-bkps/tasks/01_core.yml

@@ -6,12 +6,12 @@
   vars:
     flush_handlers: true
 
-- name: set systemctl_timer_service to sys-ctl-cln-bkps
+- name: set system_service_timer_service to sys-ctl-cln-bkps
   set_fact:
-    systemctl_timer_service: "sys-ctl-cln-bkps"
+    system_service_timer_service: "sys-ctl-cln-bkps"
 
-- name: "include role for sys-timer for {{ systemctl_timer_service }}"
+- name: "include role for sys-timer for {{ system_service_timer_service }}"
   include_role:
     name: sys-timer
   vars:
-    systemctl_on_calendar: "{{ SYS_SCHEDULE_CLEANUP_BACKUPS }}"
+    system_service_on_calendar: "{{ SYS_SCHEDULE_CLEANUP_BACKUPS }}"

roles/sys-timer/README.md

@@ -7,9 +7,9 @@ This role configures a systemd timer to periodically start a corresponding servi
 ## Overview
 
 Optimized for automated task scheduling in a [systemd](https://en.wikipedia.org/wiki/Systemd) environment, this role:
-- Generates a timer unit file for a given service (using the `systemctl_timer_service` variable).
+- Generates a timer unit file for a given service (using the `system_service_timer_service` variable).
 - Reloads and restarts the timer using systemd to ensure that changes take effect.
-- Supports dynamic configuration of scheduling parameters via variables like `systemctl_on_calendar` and `RANDOMIZED_DELAY_SEC`.
+- Supports dynamic configuration of scheduling parameters via variables like `system_service_on_calendar` and `RANDOMIZED_DELAY_SEC`.
 
 ## Purpose
 

roles/sys-timer/templates/dummy.timer.j2

@@ -1,8 +1,8 @@
 [Unit]
-Description=Timer to start {{ systemctl_timer_service }}{{ SYS_SERVICE_SUFFIX }}
+Description=Timer to start {{ system_service_timer_service }}{{ SYS_SERVICE_SUFFIX }}
 
 [Timer]
-OnCalendar={{ systemctl_on_calendar }}
+OnCalendar={{ system_service_on_calendar }}
 RandomizedDelaySec={{ RANDOMIZED_DELAY_SEC }}
 Persistent={{ persistent | default('false') }}