Refactor systemctl services and categories due to alarm bugs

This commit restructures systemctl service definitions and category mappings.

Motivation: Alarm-related bugs revealed inconsistencies in service and role handling.

Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.

cli/create/role.py

@@ -12,7 +12,7 @@ from module_utils.entity_name_utils import get_entity_name
 
 # Paths to the group-vars files
 PORTS_FILE = './group_vars/all/09_ports.yml'
-NETWORKS_FILE = './group_vars/all/10_networks.yml'
+NETWORKS_FILE = './group_vars/all/09_networks.yml'
 ROLE_TEMPLATE_DIR = './templates/roles/web-app'
 ROLES_DIR = './roles'
 

docs/guides/administrator/Readme.md

@@ -16,7 +16,7 @@ Follow these guides to install and configure Infinito.Nexus:
 
 ## Managing & Updating Infinito.Nexus 🔄
 - Regularly update services using `update-docker`, `update-pacman`, or `update-apt`.
-- Monitor system health with `sys-hlth-btrfs`, `sys-hlth-webserver`, and `sys-hlth-docker-container`.
+- Monitor system health with `sys-ctl-hlth-btrfs`, `sys-ctl-hlth-webserver`, and `sys-ctl-hlth-docker-container`.
-- Automate system maintenance with `sys-lock`, `sys-cln-bkps-service`, and `sys-rpr-docker-hard`.
+- Automate system maintenance with `sys-lock`, `sys-ctl-cln-bkps`, and `sys-ctl-rpr-docker-hard`.
 
 For more details, refer to the specific guides above.

group_vars/all/00_general.yml

@@ -1,6 +1,8 @@
 SOFTWARE_NAME:            "Infinito.Nexus"  # Name of the software
 
+# Deployment
 ENVIRONMENT:              "production"      # Possible values: production, development
+DEPLOYMENT_MODE:          "single"          # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
 
 # If true, sensitive credentials will be masked or hidden from all Ansible task logs
 # Recommendet to set to true
@@ -20,9 +22,6 @@ HOST_TIME_FORMAT:         "HH:mm"
 HOST_THOUSAND_SEPARATOR:  "."
 HOST_DECIMAL_MARK:        ","
 
-# Deployment mode
-DEPLOYMENT_MODE:        "single"      # Use single, if you deploy on one server. Use cluster if you setup in cluster mode.
-
 # Web
 WEB_PROTOCOL:           "https"       # Web protocol type. Use https or http. If you run local you need to change it to http
 WEB_PORT:               "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}"  # Default port web applications will listen to
@@ -30,17 +29,6 @@ WEB_PORT:               "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}"  # Defaul
 # Domain
 PRIMARY_DOMAIN:         "localhost" # Primary Domain of the server
 
-# Server Tact Variables 
-
-## Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
-HOURS_SERVER_AWAKE:                       "0..23"
-
-## Random delay for systemd timers to avoid peak loads.
-RANDOMIZED_DELAY_SEC:                     "5min"
-
-# Runtime Variables for Process Control
-ACTIVATE_ALL_TIMERS:                      false   # Activates all timers, independend if the handlers had been triggered
-
 DNS_PROVIDER:                             cloudflare              # The DNS Provider\Registrar for the domain
 
 HOSTING_PROVIDER:                         hetzner                 # Provider which hosts the server
@@ -52,18 +40,15 @@ CERTBOT_CREDENTIALS_FILE:                 "{{ CERTBOT_CREDENTIALS_DIR }}/{{ CERT
 CERTBOT_DNS_PROPAGATION_WAIT_SECONDS:     300                     # How long should the script wait for DNS propagation before continuing
 CERTBOT_FLAVOR:                           san                     # Possible options: san (recommended, with a dns flavor like cloudflare, or hetzner), wildcard(doesn't function with www redirect), dedicated
 
-# Path where Certbot stores challenge webroot files
+# Letsencrypt
-LETSENCRYPT_WEBROOT_PATH:                 "/var/lib/letsencrypt/"
+LETSENCRYPT_WEBROOT_PATH: "/var/lib/letsencrypt/"             # Path where Certbot stores challenge webroot files
+LETSENCRYPT_BASE_PATH:    "/etc/letsencrypt/"                 # Base directory containing Certbot configuration, account data, and archives
+LETSENCRYPT_LIVE_PATH:    "{{ LETSENCRYPT_BASE_PATH }}live/"  # Symlink directory for the current active certificate and private key
 
-# Base directory containing Certbot configuration, account data, and archives
+## Docker
-LETSENCRYPT_BASE_PATH:                    "/etc/letsencrypt/"
+DOCKER_RESTART_POLICY:           "unless-stopped"                                                   # Default restart parameter for docker containers
-
+DOCKER_VARS_FILE:                "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"  # File containing docker compose variables used by other services
-# Symlink directory for the current active certificate and private key
+DOCKER_WHITELISTET_ANON_VOLUMES: []                                                                 # Volumes which should be ignored during docker anonymous health check
-LETSENCRYPT_LIVE_PATH:                    "{{ LETSENCRYPT_BASE_PATH }}live/"
-
-## Docker Role Specific Parameters
-DOCKER_RESTART_POLICY:                    "unless-stopped"
-DOCKER_VARS_FILE:                         "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"
 
 # Asyn Confitguration
 ASYNC_ENABLED:  "{{ not MODE_DEBUG | bool }}"                  # Activate async, deactivated for debugging
@@ -88,10 +73,6 @@ _applications_nextcloud_oidc_flavor: >-
         )
   }}
 
-# Systemctl 
-SYS_TIMER_SUFFIX:   ".{{ SOFTWARE_NAME | lower }}.timer"
-SYS_SERVICE_SUFFIX: ".{{ SOFTWARE_NAME | lower }}.service"
-
 # Role-based access control
 # @See https://en.wikipedia.org/wiki/Role-based_access_control
 RBAC:

group_vars/all/05_maintenace.yml

@@ -1,38 +0,0 @@
-
-# System maintenance Services
-
-## Timeouts to wait for other services to stop
-system_maintenance_lock_timeout_cleanup_services:  "15min"
-system_maintenance_lock_timeout_storage_optimizer: "10min"
-system_maintenance_lock_timeout_backup_services:   "1h"
-system_maintenance_lock_timeout_heal_docker:       "30min"
-system_maintenance_lock_timeout_update_docker:     "2min"
-system_maintenance_lock_timeout_restart_docker:    "{{system_maintenance_lock_timeout_update_docker}}"
-
-## Services
-
-### Defined Services for Backup Tasks
-system_maintenance_backup_services:
-  - "sys-bkp-docker-2-loc"
-  - "svc-bkp-rmt-2-loc"
-  - "svc-bkp-loc-2-usb"
-  - "sys-bkp-docker-2-loc-everything"
-
-### Defined Services for System Cleanup
-system_maintenance_cleanup_services:
-  - "sys-cln-backups"
-  - "sys-cln-disc-space"
-  - "sys-cln-faild-bkps"
-
-### Services that Manipulate the System
-system_maintenance_manipulation_services:
-  - "sys-rpr-docker-soft"
-  - "update-docker"
-  - "svc-opt-ssd-hdd"
-  - "sys-rpr-docker-hard"
-  
-## Total System Maintenance Services
-system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"
-
-### Define Variables for Docker Volume Health services
-whitelisted_anonymous_docker_volumes: []

group_vars/all/07_services.yml

@@ -0,0 +1,40 @@
+
+# Services
+
+## Meta
+SYS_SERVICE_SUFFIX:         ".{{ SOFTWARE_NAME | lower }}.service"
+
+## Names
+SYS_SERVICE_ALARM_CMP:      "sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@.service"
+
+## Groups
+SYS_SERVICE_GROUP_BACKUPS: >
+  {{ (('sys-ctl-bkp-' | get_category_entries) + ('svc-bkp-' | get_category_entries))
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+
+SYS_SERVICE_GROUP_CLEANUP: >
+  {{ ('sys-ctl-cln-' | get_category_entries)
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+
+SYS_SERVICE_GROUP_REPAIR: >
+  {{ ('sys-ctl-rpr-' | get_category_entries)
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+
+SYS_SERVICE_GROUP_OPTIMIZATION: >
+  {{ ('svc-opt-' | get_category_entries)
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+
+SYS_SERVICE_GROUP_MAINTANANCE: >
+  {{ ('svc-mtn-' | get_category_entries)
+     | map('regex_replace', '$', SYS_SERVICE_SUFFIX) | list }}
+ 
+## Collection of services to manipulate the system
+SYS_SERVICE_GROUP_MANIPULATION: >
+  {{ 
+    SYS_SERVICE_GROUP_BACKUPS + 
+    SYS_SERVICE_GROUP_CLEANUP + 
+    SYS_SERVICE_GROUP_REPAIR + 
+    SYS_SERVICE_GROUP_OPTIMIZATION + 
+    SYS_SERVICE_GROUP_MAINTANANCE +
+    [ 'update-docker' ]
+  }}

group_vars/all/08_calendar.yml

@@ -1,29 +0,0 @@
-
-## Schedule for Health Checks
-on_calendar_health_btrfs:                     "*-*-* 00:00:00"                        # Check once per day the btrfs for errors
-on_calendar_health_journalctl:                "*-*-* 00:00:00"                        # Check once per day the journalctl for errors
-on_calendar_health_disc_space:                "*-*-* 06,12,18,00:00:00"               # Check four times per day if there is sufficient disc space 
-on_calendar_health_docker_container:          "*-*-* {{ HOURS_SERVER_AWAKE }}:00:00"  # Check once per hour if the docker containers are healthy
-on_calendar_health_docker_volumes:            "*-*-* {{ HOURS_SERVER_AWAKE }}:15:00"  # Check once per hour if the docker volumes are healthy
-on_calendar_health_csp_crawler:               "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Check once per hour if all CSP are fullfilled available
-on_calendar_health_nginx:                     "*-*-* {{ HOURS_SERVER_AWAKE }}:45:00"  # Check once per hour if all webservices are available
-on_calendar_health_msmtp:                     "*-*-* 00:00:00"                        # Check once per day SMTP Server              
-
-## Schedule for Cleanup Tasks
-on_calendar_cleanup_backups:                  "*-*-* 00,06,12,18:30:00"               # Cleanup backups every 6 hours, MUST be called before disc space cleanup
-on_calendar_cleanup_disc_space:               "*-*-* 07,13,19,01:30:00"               # Cleanup disc space every 6 hours
-on_calendar_cleanup_certs:                    "*-*-* 12,00:45:00"                     # Deletes and revokes unused certs
-
-## Schedule for Backup Tasks
-on_calendar_backup_docker_to_local:           "*-*-* 03:30:00"
-on_calendar_backup_remote_to_local:           "*-*-* 21:30:00"
-
-## Schedule for Maintenance Tasks
-on_calendar_heal_docker:                      "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Heal unhealthy docker instances once per hour
-on_calendar_renew_lets_encrypt_certificates:  "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
-on_calendar_deploy_certificates:              "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
-on_calendar_msi_keyboard_color:               "*-*-* *:*:00"                          # Change the keyboard color every minute
-on_calendar_cleanup_failed_docker:            "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
-on_calendar_btrfs_auto_balancer:              "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month
-on_calendar_restart_docker:                   "Sun *-*-* 08:00:00"                    # Restart docker instances every Sunday at 8:00 AM
-on_calendar_nextcloud:                        "22"                                    # Do nextcloud maintanace between 22:00 and 02:00

group_vars/all/08_timer.yml

@@ -0,0 +1,54 @@
+
+# Service Timers
+
+## Meta
+SYS_TIMER_SUFFIX:   ".{{ SOFTWARE_NAME | lower }}.timer"
+
+## Server Tact Variables 
+
+HOURS_SERVER_AWAKE:   "0..23" # Ours in which the server is "awake" (100% working). Rest of the time is reserved for maintanance
+RANDOMIZED_DELAY_SEC: "5min"  # Random delay for systemd timers to avoid peak loads.
+ACTIVATE_ALL_TIMERS:  false   # Runtime Variables for Process Control - Activates all timers, independend if the handlers had been triggered
+
+## Timeouts for all services
+SYS_TIMEOUT_CLEANUP_SERVICES:  "15min"
+SYS_TIMEOUT_STORAGE_OPTIMIZER: "10min"
+SYS_TIMEOUT_BACKUP_SERVICES:   "1h"
+SYS_TIMEOUT_HEAL_DOCKER:       "30min"
+SYS_TIMEOUT_UPDATE_DOCKER:     "2min"
+SYS_TIMEOUT_RESTART_DOCKER:    "{{ SYS_TIMEOUT_UPDATE_DOCKER }}"
+
+## On Calendar
+
+### Schedule for health checks
+SYS_SCHEDULE_HEALTH_BTRFS:                    "*-*-* 00:00:00"                        # Check once per day the btrfs for errors
+SYS_SCHEDULE_HEALTH_JOURNALCTL:               "*-*-* 00:00:00"                        # Check once per day the journalctl for errors
+SYS_SCHEDULE_HEALTH_DISC_SPACE:               "*-*-* 06,12,18,00:00:00"               # Check four times per day if there is sufficient disc space 
+SYS_SCHEDULE_HEALTH_DOCKER_CONTAINER:         "*-*-* {{ HOURS_SERVER_AWAKE }}:00:00"  # Check once per hour if the docker containers are healthy
+SYS_SCHEDULE_HEALTH_DOCKER_VOLUMES:           "*-*-* {{ HOURS_SERVER_AWAKE }}:15:00"  # Check once per hour if the docker volumes are healthy
+SYS_SCHEDULE_HEALTH_CSP_CRAWLER:              "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Check once per hour if all CSP are fullfilled available
+SYS_SCHEDULE_HEALTH_NGINX:                    "*-*-* {{ HOURS_SERVER_AWAKE }}:45:00"  # Check once per hour if all webservices are available
+SYS_SCHEDULE_HEALTH_MSMTP:                    "*-*-* 00:00:00"                        # Check once per day SMTP Server              
+
+### Schedule for cleanup tasks
+SYS_SCHEDULE_CLEANUP_BACKUPS:                 "*-*-* 00,06,12,18:30:00"               # Cleanup backups every 6 hours, MUST be called before disc space cleanup
+SYS_SCHEDULE_CLEANUP_DISC_SPACE:              "*-*-* 07,13,19,01:30:00"               # Cleanup disc space every 6 hours
+SYS_SCHEDULE_CLEANUP_CERTS:                   "*-*-* 12,00:45:00"                     # Deletes and revokes unused certs
+SYS_SCHEDULE_CLEANUP_FAILED_BACKUPS:          "*-*-* 12:00:00"                        # Clean up failed docker backups every noon
+
+### Schedule for repair services
+SYS_SCHEDULE_REPAIR_BTRFS_AUTO_BALANCER:      "Sat *-*-01..07 00:00:00"               # Execute btrfs auto balancer every first Saturday of a month
+SYS_SCHEDULE_REPAIR_DOCKER_SOFT:              "*-*-* {{ HOURS_SERVER_AWAKE }}:30:00"  # Heal unhealthy docker instances once per hour
+SYS_SCHEDULE_REPAIR_DOCKER_HARD:              "Sun *-*-* 08:00:00"                    # Restart docker instances every Sunday at 8:00 AM
+
+### Schedule for backup tasks
+SYS_SCHEDULE_BACKUP_DOCKER_TO_LOCAL:          "*-*-* 03:30:00"
+SYS_SCHEDULE_BACKUP_REMOTE_TO_LOCAL:          "*-*-* 21:30:00"
+
+### Schedule for Maintenance Tasks
+SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_RENEW:   "*-*-* 12,00:30:00"                     # Renew Mailu certificates twice per day
+SYS_SCHEDULE_MAINTANANCE_LETSENCRYPT_DEPLOY:  "*-*-* 13,01:30:00"                     # Deploy letsencrypt certificates twice per day to docker containers
+SYS_SCHEDULE_MAINTANANCE_NEXTCLOUD:           "22"                                    # Do nextcloud maintanace between 22:00 and 02:00
+
+### Animation
+SYS_SCHEDULE_ANIMATION_KEYBOARD_COLOR:        "*-*-* *:*:00"                          # Change the keyboard color every minute

roles/categories.yml

@@ -1,4 +1,14 @@
 roles:
+  cmp:
+    title: "Compositions"
+    description: "Composition of other roles."
+    icon: "fas fa-sitemap"
+    invokable: false
+  docker:
+    title: "Docker Toolkit"
+    description: "Generic Docker helpers and utilities (compose wrappers, container tooling)."
+    icon: "fas fa-docker"
+    invokable: false
   dev:
     title:  "Software Development Utilties"
     invokable: false
@@ -6,41 +16,61 @@ roles:
     title: "System"
     description: "System near components. Will be automaticly called if necessary from other roles."
     invokable: false
-    alm:
+    ctl:
-      title: "Alerting"
+      title: "Control"
-      description: "Notification handlers for system events"
+      description: "Control layer for system lifecycle management—handling cleanup, monitoring, backups, alerting, maintenance, and repair tasks."
-      icon: "fas fa-bell"
+      icon: "fas fa-cogs"
       invokable: false
-    cln:
+      cln:
-      title: "Cleanup"
+        title: "Cleanup"
-      description: "Roles for cleaning up various system resources—old backups, unused certificates, temporary files, Docker volumes, disk caches, deprecated domains, and more."
+        description: "Roles for cleaning up various system resources—old backups, unused certificates, temporary files, Docker volumes, disk caches, deprecated domains, and more."
-      icon: "fas fa-trash-alt"
+        icon: "fas fa-trash-alt"
-      invokable: false
+        invokable: false
-    hlth:
+      hlth:
-      title: "Monitoring"
+        title: "Monitoring"
-      description: "Roles for system monitoring and health checks—encompassing bot-style automated checks and core low-level monitors for logs, containers, disk usage, and more."
+        description: "Roles for system monitoring and health checks—encompassing bot-style automated checks and core low-level monitors for logs, containers, disk usage, and more."
-      icon: "fas fa-chart-area"
+        icon: "fas fa-chart-area"
-      invokable: false
+        invokable: false
-    bkp:
+      bkp:
-      title: "Backup & Restore"
+        title: "Backup & Restore"
-      description: "Backup strategies & restore procedures"
+        description: "Backup strategies & restore procedures"
-      icon: "fas fa-hdd"
+        icon: "fas fa-hdd"
+        invokable: false
+      alm:
+        title: "Alerting"
+        description: "Notification handlers for system events"
+        icon: "fas fa-bell"
+        invokable: false
+      mtn:
+        title: "Maintenance"
+        description: "Maintenance roles for certificates, system upkeep, and recurring operational tasks."
+        icon: "fas fa-tools"
+        invokable: false
+      rpr:
+        title: "Repair"
+        description: "Repair and recovery roles—handling hard/soft recovery of Docker, Btrfs balancers, and other low-level system fixes."
+        icon: "fas fa-wrench"
+        invokable: false
+    dns:
+      title: "DNS Automation"
+      description: "DNS providers, records, and rDNS management (Cloudflare, Hetzner, etc.)."
+      icon: "fas fa-network-wired"
       invokable: false
   update:
     title: "Updates & Package Management"
     description: "OS & package updates"
     icon: "fas fa-sync"
     invokable: true
+    pkgmgr:
+      title: "Package Manager Helpers"
+      description: "Helpers for package managers and unified install flows."
+      icon: "fas fa-box-open"
+      invokable: false
   drv:
     title: "Drivers"
     description: "Roles for installing and configuring hardware drivers—covering printers, graphics, input devices, and other peripheral support."
     icon: "fas fa-microchip"
     invokable: true
-#  core:
-#    title: "Core & System"
-#    description: "Fundamental system configuration"
-#    icon: "fas fa-cogs"
-#    invokable: true
   gen:
     title: "Generic"
     description: "Helper roles & installers (git, locales, timer, etc.)"
@@ -66,6 +96,11 @@ roles:
       description: "Utility roles for server-side configuration and management—covering corporate identity provisioning, network helpers, and other service-oriented toolkits."
       icon: "fas fa-cogs"
       invokable: true
+    dev:
+      title: "Developer Utilities"
+      description: "Developer-centric server utilities and admin toolkits."
+      icon: "fas fa-code"
+      invokable: false
   srv:
     title: "Server"
     description: "General server roles for provisioning and managing server infrastructure—covering web servers, proxy servers, network services, and other backend components."

roles/cmp-rdbms/tasks/main.yml

@@ -23,4 +23,4 @@
   when: applications | get_app_conf(application_id, 'features.central_database', False)
 
 - name: "For '{{ application_id }}': Add Entry for Backup Procedure"
-  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
+  include_tasks: "{{ playbook_dir }}/roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"

roles/drv-msi-keyboard-color/tasks/01_core.yml

@@ -2,7 +2,7 @@
     name: '{{ item }}'
   loop:
   - dev-yay
-  - sys-alm-compose
+  - sys-ctl-alm-compose
 
 - name: Install MSI packages
   kewlfft.aur.aur:
@@ -34,5 +34,5 @@
   include_role:
     name: sys-timer
   vars:
-    on_calendar: "{{on_calendar_msi_keyboard_color}}"
+    on_calendar: "{{SYS_SCHEDULE_ANIMATION_KEYBOARD_COLOR}}"
     persistent: "true"

roles/drv-msi-keyboard-color/templates/keyboard-color.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=Keyboard Color Service
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service
 
 [Service]
 Type=oneshot

roles/srv-web-7-4-core/tasks/01_core.yml

@@ -26,8 +26,8 @@
   include_role:
     name: "{{ item }}"
   loop:
-    - sys-hlth-webserver
+    - sys-ctl-hlth-webserver
-    - sys-hlth-csp
+    - sys-ctl-hlth-csp
   vars:
     # Extra flush is for performance reasons not necessary
     flush_handlers: false

roles/srv-web-7-6-https/README.md

@@ -16,7 +16,7 @@ This role is built on top of your existing `srv-web-7-4-core` role, and it autom
 When you apply **srv-web-7-6-https**, it will:
 
 1. **Include** the `srv-web-7-4-core` role to install and configure Nginx.  
-2. **Clean up** any stale vHost files under `sys-cln-domains`.  
+2. **Clean up** any stale vHost files under `sys-ctl-cln-domains`.  
 3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-web-7-7-letsencrypt`.  
 4. **Reload** Nginx automatically when any template changes.
 

roles/srv-web-7-6-https/tasks/main.yml

@@ -4,7 +4,7 @@
       name: '{{ item }}'
     loop:
     - srv-web-7-4-core
-    - sys-cln-domains
+    - sys-ctl-cln-domains
     - srv-web-7-7-letsencrypt
   - include_tasks: utils/run_once.yml
   when: run_once_srv_web_7_6_https is not defined

roles/srv-web-7-7-letsencrypt/tasks/01_core.yml

@@ -1,7 +1,7 @@
-  - name: Include dependency 'srv-web-6-6-tls-renew'
+  - name: Include dependency 'sys-ctl-mtn-cert-renew'
     include_role:
-      name: srv-web-6-6-tls-renew
+      name: sys-ctl-mtn-cert-renew
-    when: run_once_srv_web_6_6_tls_renew is not defined
+    when: run_once_sys_ctl_mtn_cert_renew is not defined
 
   - name: create nginx letsencrypt config file
     template:

roles/svc-bkp-loc-2-usb/tasks/main.yml

@@ -3,7 +3,7 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - sys-cln-bkps-service
+    - sys-ctl-cln-bkps
     - sys-lock
   - include_tasks: utils/run_once.yml
   when: run_once_svc_bkp_loc_2_usb is not defined

roles/svc-bkp-loc-2-usb/templates/svc-bkp-loc-2-usb.service.j2

@@ -1,12 +1,12 @@
 [Unit]
 Description=Backup to USB when mounted to {{ backup_to_usb_mount }}
 Wants={{systemctl_mount_service_name}}
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service
 
 [Service]
 Type=oneshot
 ExecStart=/bin/python {{ backup_to_usb_script_path }} {{backup_to_usb_source}} {{backup_to_usb_destination}}
-ExecStartPost=/bin/systemctl start sys-cln-backups{{ SYS_SERVICE_SUFFIX }}
+ExecStartPost=/bin/systemctl start sys-ctl-cln-backups{{ SYS_SERVICE_SUFFIX }}
 
 [Install]
 WantedBy=multi-user.target

roles/svc-bkp-rmt-2-loc/README.md

@@ -17,7 +17,7 @@ Backup Remote to Local is a robust solution for retrieving backup data from remo
 - **Remote Backup Retrieval:** Pulls backups from a remote server using secure SSH connections.
 - **Incremental Backup with rsync:** Uses rsync with options for archive, backup, and hard linking to efficiently manage changes.
 - **Retry Logic:** Implements a retry mechanism to handle transient network issues or remote errors.
-- **Integration with Other Roles:** Works alongside roles like sys-bkp-directory-validator, sys-cln-faild-bkps, sys-timer, sys-bkp-provider, and sys-lock.
+- **Integration with Other Roles:** Works alongside roles like sys-svc-directory-validator, sys-ctl-cln-faild-bkps, sys-timer, sys-bkp-provider, and sys-lock.
 - **Administrative Debugging:** Detailed debug instructions and administrative tasks are provided in a separate file.
 
 ## Other Resources

roles/svc-bkp-rmt-2-loc/meta/main.yml

@@ -23,5 +23,5 @@ galaxy_info:
   issue_tracker_url: "https://s.infinito.nexus/issues"
   documentation: "https://docs.infinito.nexus"
 dependencies:
-- sys-cln-bkps-timer
+- sys-timer-cln-bkps
-- sys-cln-faild-bkps
+- sys-ctl-cln-faild-bkps

roles/svc-bkp-rmt-2-loc/tasks/main.yml

@@ -4,7 +4,7 @@
       name: '{{ item }}'
     loop:
     - dev-git
-    - sys-alm-compose
+    - sys-ctl-alm-compose
     - sys-lock
     - sys-rst-daemon
   - include_tasks: utils/run_once.yml
@@ -42,5 +42,5 @@
   include_role:
     name: sys-timer
   vars:
-    on_calendar: "{{on_calendar_backup_remote_to_local}}"
+    on_calendar: "{{SYS_SCHEDULE_BACKUP_REMOTE_TO_LOCAL}}"
 

roles/svc-bkp-rmt-2-loc/templates/sys-bkp-rmt-2-loc.service.j2

@@ -1,8 +1,8 @@
 [Unit]
 Description=pull remote backups
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-ctl-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
 
 [Service]
 Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore {{system_maintenance_backup_services| join(' ') }} --timeout "{{ system_maintenance_lock_timeout_backup_services }}"'
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{SYS_SERVICE_GROUP_BACKUPS| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
 ExecStart=/bin/sh -c '/usr/bin/bash {{docker_backup_remote_to_local_folder}}sys-bkp-rmt-2-loc-multi-provider.sh'

roles/svc-opt-ssd-hdd/templates/svc-opt-ssd-hdd.service.j2

@@ -1,8 +1,8 @@
 [Unit]
 Description=Optimize storage paths
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service
 
 [Service]
 Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore svc-opt-ssd-hdd svc-bkp-rmt-2-loc --timeout "{{system_maintenance_lock_timeout_storage_optimizer}}"'
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore svc-opt-ssd-hdd svc-bkp-rmt-2-loc --timeout "{{SYS_TIMEOUT_STORAGE_OPTIMIZER}}"'
 ExecStart=/bin/sh -c '/usr/bin/python {{storage_optimizer_script}} --rapid-storage-path {{path_rapid_storage}} --mass-storage-path {{path_mass_storage}}'

roles/svc-opt-swapfile/meta/main.yml

@@ -12,7 +12,7 @@ galaxy_info:
   - performance
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/tree/main/roles/sys-opt-swapfile"
+  documentation: "https://s.infinito.nexus/code/tree/main/roles/sys-ctl-opt-rpr-swapfile"
   min_ansible_version: "2.9"
   platforms:
   - name: Any

roles/sys-alm-compose/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: "restart sys-alm-compose service"
-  systemd:
-    name: sys-alm-compose{{ SYS_SERVICE_SUFFIX }}
-    daemon_reload: yes
-  when: run_once_sys_alm_compose is not defined

roles/sys-alm-compose/tasks/main.yml

@@ -1,14 +0,0 @@
-- block:
-  - name: Include dependencies
-    include_role:
-      name: '{{ item }}'
-    loop:
-    - sys-alm-telegram
-    - sys-alm-email
-  - name: configure sys-alm-compose.infinito@.service
-    template:
-      src: sys-alm-compose@.service.j2
-      dest: "/etc/systemd/system/sys-alm-compose.infinito@.service"
-    notify: "restart sys-alm-compose service"
-  - include_tasks: utils/run_once.yml
-  when: run_once_sys_alm_compose is not defined

roles/sys-alm-compose/templates/sys-alm-compose@.service.j2

@@ -1,8 +0,0 @@
-[Unit]
-Description=Notifier for %i
-
-[Service]
-Type=oneshot
-ExecStart=/usr/bin/systemctl start sys-alm-telegram.infinito@%i.service sys-alm-email.infinito@%i.service
-User=root
-Group=systemd-journal

roles/sys-alm-email/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: "restart sys-alm-email service"
-  systemd:
-    name: sys-alm-email{{ SYS_SERVICE_SUFFIX }}
-    daemon_reload: yes

roles/sys-alm-email/tasks/01_core.yml

@@ -1,23 +0,0 @@
-- name: Include dependencies
-  include_role:
-    name: '{{ item }}'
-  loop:
-  - sys-svc-msmtp
-  - sys-rst-daemon
-
-- name: "create {{systemd_notifier_email_folder}}"
-  file:
-    path: "{{systemd_notifier_email_folder}}"
-    state: directory
-    mode: "0755"
-
-- name: configure sys-alm-email.sh
-  template:
-    src: sys-alm-email.sh.j2
-    dest: "{{systemd_notifier_email_folder}}sys-alm-email.sh"
-
-- name: configure sys-alm-email{{ SYS_SERVICE_SUFFIX }}
-  template:
-    src: sys-alm-email@.service.j2
-    dest: /etc/systemd/system/sys-alm-email.infinito@.service
-  notify: restart sys-alm-email service

roles/sys-alm-telegram/handlers/main.yml

@@ -1,4 +0,0 @@
-- name: "restart sys-alm-telegram service"
-  systemd:
-    name: sys-alm-telegram{{ SYS_SERVICE_SUFFIX }}
-    daemon_reload: yes

roles/sys-alm-telegram/vars/main.yml

@@ -1,2 +0,0 @@
-systemd_telegram_folder: /opt/ansible-roles/sys-alm-telegram/
-systemd_telegram_script: '{{systemd_telegram_folder}}sys-alm-telegram.sh'

roles/sys-bkp-docker-2-loc/templates/sys-bkp-docker-2-loc-everything.service.j2

@@ -1,9 +0,0 @@
-[Unit]
-Description=backup all docker volumes to local folder
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', role_name ) | join(' ') }} --timeout "{{ system_maintenance_lock_timeout_backup_services }}"'
-ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }} --everything'
-ExecStartPost=/bin/sh -c '/bin/systemctl start sys-rpr-docker-soft{{ SYS_SERVICE_SUFFIX }} &'

roles/sys-bkp-docker-2-loc/templates/sys-bkp-docker-2-loc.service.j2

@@ -1,9 +0,0 @@
-[Unit]
-Description=backup docker volumes to local folder
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', role_name ~ '-everything') | join(' ') }} --timeout "{{ system_maintenance_lock_timeout_backup_services }}"'
-ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }}'
-ExecStartPost=/bin/sh -c '/bin/systemctl start sys-rpr-docker-soft{{ SYS_SERVICE_SUFFIX }} &'

roles/sys-bkp-provider-user/files/ssh-wrapper.sh

@@ -12,8 +12,8 @@ hashed_machine_id="$($get_hashed_machine_id | head -c 64)"
 get_backup_types="find /Backups/$hashed_machine_id/ -maxdepth 1 -type d -execdir basename {} ;";
 
 
-# @todo This configuration is not scalable yet. If other backup services then sys-bkp-docker-2-loc are integrated, this logic needs to be optimized
+# @todo This configuration is not scalable yet. If other backup services then sys-ctl-bkp-docker-2-loc are integrated, this logic needs to be optimized
-get_version_directories="ls -d /Backups/$hashed_machine_id/sys-bkp-docker-2-loc/*"
+get_version_directories="ls -d /Backups/$hashed_machine_id/sys-ctl-bkp-docker-2-loc/*"
 last_version_directory="$($get_version_directories | tail -1)"
 rsync_command="sudo rsync --server --sender -blogDtpre.iLsfxCIvu . $last_version_directory/"
 

roles/sys-bkp-provider/README.md

@@ -8,7 +8,7 @@ This role sets up and manages the host as a backup provider. It establishes the
 
 Optimized for automated backup processes, this role:
 - Configures the host to provide backup services.
-- Integrates seamlessly with the [sys-bkp-provider-user](../sys-bkp-provider-user/README.md) and [sys-cln-bkps-timer](../sys-cln-bkps-timer/README.md) roles.
+- Integrates seamlessly with the [sys-bkp-provider-user](../sys-bkp-provider-user/README.md) and [sys-timer-cln-bkps](../sys-timer-cln-bkps/README.md) roles.
 - Lays the foundation for secure and extensible backup operations.
 
 ## Purpose

roles/sys-bkp-provider/tasks/main.yml

@@ -4,6 +4,6 @@
       name: '{{ item }}'
     loop:
     - sys-bkp-provider-user
-    - sys-cln-bkps-timer
+    - sys-timer-cln-bkps
   - include_tasks: utils/run_once.yml
   when: run_once_sys_bkp_provider is not defined

roles/sys-cln-bkps-service/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: "reload sys-cln-backups service"
-  systemd:
-    name: sys-cln-backups{{ SYS_SERVICE_SUFFIX }}
-    enabled: yes
-    daemon_reload: yes

roles/sys-cln-bkps-service/templates/sys-cln-backups.service.j2

@@ -1,8 +0,0 @@
-[Unit]
-Description=delete old backups
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{ system_maintenance_lock_timeout_backup_services }}"'
-ExecStart=/bin/sh -c '/usr/bin/python {{cleanup_backups_directory}}sys-cln-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}'

roles/sys-cln-certs/handlers/main.yml

@@ -1,6 +0,0 @@
-- name: "Reload and restart sys-cln-certs service"
-  systemd:
-    name: sys-cln-certs{{ SYS_SERVICE_SUFFIX }}
-    enabled: yes
-    daemon_reload: yes
-    state: restarted

roles/sys-cln-disc-space/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: "reload sys-cln-disc-space service"
-  systemd:
-    name: sys-cln-disc-space{{ SYS_SERVICE_SUFFIX }}
-    enabled: yes
-    daemon_reload: yes

roles/sys-cln-disc-space/templates/sys-cln-disc-space.service.j2

@@ -1,8 +0,0 @@
-[Unit]
-Description=freeing disc space
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
-
-[Service]
-Type=oneshot
-ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ system_maintenance_services | join(' ')  }} --ignore {{system_maintenance_cleanup_services| join(' ') }} --timeout "{{ system_maintenance_lock_timeout_backup_services }}"'
-ExecStart=/bin/sh -c '/bin/bash {{cleanup_disc_space_folder}}sys-cln-disc-space.sh {{size_percent_cleanup_disc_space}}'

roles/sys-cln-faild-bkps/handlers/main.yml

@@ -1,5 +0,0 @@
-- name: "Reload sys-cln-faild-bkps service"
-  systemd:
-    name: sys-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
-    enabled: yes
-    daemon_reload: yes

roles/sys-ctl-alm-compose/README.md

@@ -2,7 +2,7 @@
 
 ## Description
 
-This role installs a systemd service that sends notifications via both [sys-alm-telegram](../sys-alm-telegram/README.md) and [sys-alm-email](../sys-alm-email/README.md) when any service fails.
+This role installs a systemd service that sends notifications via both [sys-ctl-alm-telegram](../sys-ctl-alm-telegram/README.md) and [sys-ctl-alm-email](../sys-ctl-alm-email/README.md) when any service fails.
 
 ## Overview
 
@@ -15,6 +15,6 @@ The primary purpose of this role is to provide a centralized mechanism for servi
 ## Features
 
 - **Unified Notification Service:** Installs a systemd service that triggers both Telegram and Email alerts.
-- **Dependency Integration:** Works seamlessly with the [sys-alm-telegram](../sys-alm-telegram/README.md) and [sys-alm-email](../sys-alm-email/README.md) roles.
+- **Dependency Integration:** Works seamlessly with the [sys-ctl-alm-telegram](../sys-ctl-alm-telegram/README.md) and [sys-ctl-alm-email](../sys-ctl-alm-email/README.md) roles.
 - **Automated Service Management:** Automatically restarts the notifier service upon configuration changes.
 - **Centralized Alerting:** Provides a unified approach to monitor and notify about service failures.

roles/sys-ctl-alm-compose/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: "restart sys-ctl-alm-compose service"
+  systemd:
+    name: "{{ SYS_SERVICE_ALARM_CMP }}"
+    daemon_reload: yes
+  when: run_once_sys_ctl_alm_compose is not defined

roles/sys-ctl-alm-compose/tasks/main.yml

@@ -0,0 +1,14 @@
+- block:
+  - name: Include dependencies
+    include_role:
+      name: '{{ item }}'
+    loop:
+    - sys-ctl-alm-telegram
+    - sys-ctl-alm-email
+  - name: "setup '{{ SYS_SERVICE_ALARM_CMP }}'"
+    template:
+      src: sys-ctl-alm-compose@.service.j2
+      dest: "/etc/systemd/system/{{ SYS_SERVICE_ALARM_CMP }}"
+    notify: "restart sys-ctl-alm-compose service"
+  - include_tasks: utils/run_once.yml
+  when: run_once_sys_ctl_alm_compose is not defined

roles/sys-ctl-alm-compose/templates/sys-ctl-alm-compose@.service.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=Notifier for %i
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl start sys-ctl-alm-telegram.infinito@%i.service sys-ctl-alm-email.infinito@%i.service
+User=root
+Group=systemd-journal

roles/sys-ctl-alm-email/README.md

@@ -2,11 +2,11 @@
 
 ## Description
 
-This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `sys-alm-email` service and configures email parameters and templates using msmtp.
+This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `sys-ctl-alm-email` service and configures email parameters and templates using msmtp.
 
 ## Overview
 
-Optimized for secure and reliable service failure notifications, this role is an integral part of the overall `sys-alm-compose` suite. It ensures that, upon failure of a critical service, an email alert is sent automatically to enable prompt troubleshooting.
+Optimized for secure and reliable service failure notifications, this role is an integral part of the overall `sys-ctl-alm-compose` suite. It ensures that, upon failure of a critical service, an email alert is sent automatically to enable prompt troubleshooting.
 
 ## Purpose
 
@@ -17,7 +17,7 @@ The primary purpose of this role is to provide a comprehensive solution for auto
 - **Service Installation & Configuration:** Installs msmtp and configures the email sending service.
 - **Customizable Templates:** Supports tailoring email templates for service failure notifications.
 - **Secure Notifications:** Integrates with systemd to trigger email alerts when services fail.
-- **Suite Integration:** Part of the `sys-alm-compose` suite, offering a unified approach to service failure notifications.
+- **Suite Integration:** Part of the `sys-ctl-alm-compose` suite, offering a unified approach to service failure notifications.
 
 ## Other Resources
 

roles/sys-ctl-alm-email/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: "restart sys-ctl-alm-email service"
+  systemd:
+    name: sys-ctl-alm-email{{ SYS_SERVICE_SUFFIX }}
+    daemon_reload: yes

roles/sys-ctl-alm-email/meta/main.yml

@@ -1,6 +1,6 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Installs and configures components for sending email notifications. This role is part of the sys-alm-compose suite, providing automated alerts when services fail."
+  description: "Installs and configures components for sending email notifications. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail."
   license: "Infinito.Nexus NonCommercial License"
   license_url: "https://s.infinito.nexus/license"
   company: |

roles/sys-ctl-alm-email/tasks/01_core.yml

@@ -0,0 +1,23 @@
+- name: Include dependencies
+  include_role:
+    name: '{{ item }}'
+  loop:
+  - sys-svc-msmtp
+  - sys-rst-daemon
+
+- name: "create {{systemd_notifier_email_folder}}"
+  file:
+    path: "{{systemd_notifier_email_folder}}"
+    state: directory
+    mode: "0755"
+
+- name: configure sys-ctl-alm-email.sh
+  template:
+    src: sys-ctl-alm-email.sh.j2
+    dest: "{{systemd_notifier_email_folder}}sys-ctl-alm-email.sh"
+
+- name: configure sys-ctl-alm-email{{ SYS_SERVICE_SUFFIX }}
+  template:
+    src: sys-ctl-alm-email@.service.j2
+    dest: /etc/systemd/system/sys-ctl-alm-email.infinito@.service
+  notify: restart sys-ctl-alm-email service

roles/sys-ctl-alm-email/tasks/main.yml

@@ -1,4 +1,4 @@
 - block:
     - include_tasks: 01_core.yml
     - include_tasks: utils/run_once.yml
-  when: run_once_sys_cln_certs is not defined
+  when: run_once_sys_ctl_alm_email is not defined

roles/sys-ctl-alm-email/templates/sys-ctl-alm-email@.service.j2

@@ -3,6 +3,6 @@ Description=status email for %i to user
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{systemd_notifier_email_folder}}sys-alm-email.sh %i
+ExecStart=/bin/bash {{systemd_notifier_email_folder}}sys-ctl-alm-email.sh %i
 User=root
 Group=systemd-journal

roles/sys-ctl-alm-email/vars/main.yml

@@ -1 +1 @@
-systemd_notifier_email_folder: '{{ PATH_ADMINISTRATOR_SCRIPTS }}sys-alm-email/'
+systemd_notifier_email_folder: '{{ PATH_ADMINISTRATOR_SCRIPTS }}sys-ctl-alm-email/'

roles/sys-ctl-alm-telegram/README.md

@@ -2,11 +2,11 @@
 
 ## Description
 
-This role installs and configures the necessary components for sending notifications via systemd when a service fails. It sets up the `sys-alm-telegram` service and configures parameters and customizable templates for sending messages through [Telegram](https://telegram.org).
+This role installs and configures the necessary components for sending notifications via systemd when a service fails. It sets up the `sys-ctl-alm-telegram` service and configures parameters and customizable templates for sending messages through [Telegram](https://telegram.org).
 
 ## Overview
 
-Optimized for real-time alerts, this role is a key component of the overall [`sys-alm-compose` suite](../). It ensures that, upon failure of a critical service, a Telegram message is automatically sent to notify administrators and enable prompt troubleshooting.
+Optimized for real-time alerts, this role is a key component of the overall [`sys-ctl-alm-compose` suite](../). It ensures that, upon failure of a critical service, a Telegram message is automatically sent to notify administrators and enable prompt troubleshooting.
 
 ## Purpose
 
@@ -17,7 +17,7 @@ The primary purpose of this role is to provide a robust solution for automated T
 - **Service Installation & Configuration:** Installs and configures necessary components (including the `curl` package).
 - **Customizable Templates:** Supports tailored Telegram message templates for service failure notifications.
 - **Secure Notifications:** Leverages systemd to trigger alerts automatically when services fail.
-- **Suite Integration:** Part of the [`sys-alm-compose` suite](../) which includes related roles such as [sys-alm-email](../sys-alm-email/README.md) and others.
+- **Suite Integration:** Part of the [`sys-ctl-alm-compose` suite](../) which includes related roles such as [sys-ctl-alm-email](../sys-ctl-alm-email/README.md) and others.
   
 ## Other Resources
 

roles/sys-ctl-alm-telegram/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: "restart sys-ctl-alm-telegram service"
+  systemd:
+    name: sys-ctl-alm-telegram{{ SYS_SERVICE_SUFFIX }}
+    daemon_reload: yes

roles/sys-ctl-alm-telegram/meta/main.yml

@@ -1,6 +1,6 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-alm-compose suite, providing automated alerts when services fail."
+  description: "Installs and configures components for sending Telegram notifications through systemd. This role is part of the sys-ctl-alm-compose suite, providing automated alerts when services fail."
   license: "Infinito.Nexus NonCommercial License"
   license_url: "https://s.infinito.nexus/license"
   company: |

roles/sys-ctl-alm-telegram/tasks/01_core.yml

@@ -25,13 +25,13 @@
     state: directory
     mode: '0755'
 
-- name: configure sys-alm-telegram.sh
+- name: configure sys-ctl-alm-telegram.sh
   template:
-    src: sys-alm-telegram.sh.j2
+    src: sys-ctl-alm-telegram.sh.j2
     dest: "{{ systemd_telegram_script }}"
 
-- name: configure sys-alm-telegram{{ SYS_SERVICE_SUFFIX }}
+- name: configure sys-ctl-alm-telegram{{ SYS_SERVICE_SUFFIX }}
   template:
-    src: sys-alm-telegram@.service.j2
+    src: sys-ctl-alm-telegram@.service.j2
-    dest: "/etc/systemd/system/sys-alm-telegram.infinito@.service"
+    dest: "/etc/systemd/system/sys-ctl-alm-telegram.infinito@.service"
-  notify: "restart sys-alm-telegram service"
+  notify: "restart sys-ctl-alm-telegram service"

roles/sys-ctl-alm-telegram/tasks/main.yml

@@ -0,0 +1,4 @@
+- block:
+    - include_tasks: 01_core.yml
+    - include_tasks: utils/run_once.yml
+  when: run_once_sys_ctl_alm_telegram is not defined

roles/sys-ctl-alm-telegram/vars/main.yml

@@ -0,0 +1,2 @@
+systemd_telegram_folder: /opt/ansible-roles/sys-ctl-alm-telegram/
+systemd_telegram_script: '{{systemd_telegram_folder}}sys-ctl-alm-telegram.sh'

roles/sys-ctl-bkp-docker-2-loc/README.md

@@ -7,8 +7,8 @@ This Ansible role automates the process of backing up Docker volumes to a local
 ## Overview
 
 Optimized for Archlinux, this role ensures that Docker volume backups are performed reliably with minimal manual intervention. It integrates with several dependent roles to verify backup success and manage related tasks, including:
-- [sys-bkp-directory-validator](../sys-bkp-directory-validator/) – Validates backup directories.
+- [sys-svc-directory-validator](../sys-svc-directory-validator/) – Validates backup directories.
-- [sys-cln-faild-bkps](../sys-cln-faild-bkps/) – Cleans up unsuccessful backup attempts.
+- [sys-ctl-cln-faild-bkps](../sys-ctl-cln-faild-bkps/) – Cleans up unsuccessful backup attempts.
 - [sys-timer](../sys-timer/) – Schedules recurring backup tasks.
 - [sys-bkp-provider](../sys-bkp-provider/) – Manages backup sources.
 - [sys-lock](../sys-lock/) – Ensures coordinated maintenance operations.

roles/sys-ctl-bkp-docker-2-loc/meta/main.yml

@@ -22,4 +22,4 @@ galaxy_info:
   issue_tracker_url: "https://s.infinito.nexus/issues"
   documentation: "https://docs.infinito.nexus"
 dependencies:
-- sys-cln-faild-bkps
+- sys-ctl-cln-faild-bkps

roles/sys-ctl-bkp-docker-2-loc/tasks/01_core.yml

@@ -3,9 +3,9 @@
     name: '{{ item }}'
   loop:
   - sys-bkp-provider
-  - sys-alm-compose
+  - sys-ctl-alm-compose
   - sys-lock
-  - sys-bkp-directory-validator
+  - sys-svc-directory-validator
 
 - include_tasks: 02_pkgmgr_routines.yml
   when: backup_docker_to_local_folder is not defined
@@ -34,4 +34,4 @@
   include_role:
     name: sys-timer
   vars:
-    on_calendar: "{{on_calendar_backup_docker_to_local}}"
+    on_calendar: "{{SYS_SCHEDULE_BACKUP_DOCKER_TO_LOCAL}}"

roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml

@@ -57,12 +57,12 @@
     database_name is defined and
     database_username is defined and
     database_password is defined) and
-    run_once_sys_bkp_docker_2_loc_file_permission is not defined
+    run_once_sys_ctl_bkp_docker_2_loc_file_permission is not defined
   register: file_permission_result
   async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
   poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
 
 - name: run the backup_docker_to_local_file_permission tasks once
   set_fact:
-    run_once_sys_bkp_docker_2_loc_file_permission: true
+    run_once_sys_ctl_bkp_docker_2_loc_file_permission: true
-  when: run_once_sys_bkp_docker_2_loc_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
+  when: run_once_sys_ctl_bkp_docker_2_loc_file_permission is not defined and file_permission_result is defined and file_permission_result.changed

roles/sys-ctl-bkp-docker-2-loc/tasks/main.yml

@@ -2,7 +2,7 @@
     - include_tasks: 01_core.yml
     - include_tasks: utils/run_once.yml
   when: 
-    - run_once_sys_bkp_docker_2_loc is not defined
+    - run_once_sys_ctl_bkp_docker_2_loc is not defined
 
 - name: "include 04_seed-database-to-backup.yml"
   include_tasks: 04_seed-database-to-backup.yml

roles/sys-ctl-bkp-docker-2-loc/templates/sys-ctl-bkp-docker-2-loc-everything.service.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=backup all docker volumes to local folder
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-ctl-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_BACKUPS | reject('equalto', role_name ) | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
+ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }} --everything'
+ExecStartPost=/bin/sh -c '/bin/systemctl start sys-ctl-rpr-docker-soft{{ SYS_SERVICE_SUFFIX }} &'

roles/sys-ctl-bkp-docker-2-loc/templates/sys-ctl-bkp-docker-2-loc.service.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=backup docker volumes to local folder
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service sys-ctl-cln-faild-bkps{{ SYS_SERVICE_SUFFIX }}
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{ SYS_SERVICE_GROUP_BACKUPS | reject('equalto', role_name ~ '-everything') | join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
+ExecStart=/bin/sh -c '{{ BKP_DOCKER_2_LOC_EXEC }}'
+ExecStartPost=/bin/sh -c '/bin/systemctl start sys-ctl-rpr-docker-soft{{ SYS_SERVICE_SUFFIX }} &'

roles/sys-ctl-cln-anon-volumes/tasks/main.yml

@@ -9,19 +9,19 @@
   vars:
     package_name: dockreap
   when:
-    - run_once_sys_cln_anon_volumes is not defined
+    - run_once_sys_ctl_cln_anon_volumes is not defined
     - docker_bin.stat.exists
 
 - name: run dockreap with --no-confirmation
   command:
     cmd: "dockreap --no-confirmation"
   when:
-    - run_once_sys_cln_anon_volumes is not defined
+    - run_once_sys_ctl_cln_anon_volumes is not defined
     - docker_bin.stat.exists
 
 - name: mark dockreap as run
   set_fact:
-    run_once_sys_cln_anon_volumes: true
+    run_once_sys_ctl_cln_anon_volumes: true
   when:
-    - run_once_sys_cln_anon_volumes is not defined
+    - run_once_sys_ctl_cln_anon_volumes is not defined
     - docker_bin.stat.exists

roles/sys-ctl-cln-bkps/README.md

@@ -10,7 +10,7 @@ Optimized for effective disk space management, this role:
 - Installs required packages (e.g. [lsof](https://en.wikipedia.org/wiki/Lsof) and [psutil](https://pypi.org/project/psutil/)) using pacman.
 - Creates a directory for storing cleanup scripts.
 - Deploys a Python script that deletes old backup directories when disk usage is too high.
-- Configures a systemd service to run the cleanup script, with notifications via [sys-alm-compose](../sys-alm-compose/README.md).
+- Configures a systemd service to run the cleanup script, with notifications via [sys-ctl-alm-compose](../sys-ctl-alm-compose/README.md).
 
 ## Purpose
 

roles/sys-ctl-cln-bkps/handlers/main.yml

@@ -0,0 +1,5 @@
+- name: "reload sys-ctl-cln-backups service"
+  systemd:
+    name: sys-ctl-cln-backups{{ SYS_SERVICE_SUFFIX }}
+    enabled: yes
+    daemon_reload: yes

roles/sys-ctl-cln-bkps/tasks/01_core.yml

@@ -3,7 +3,7 @@
     name: '{{ item }}'
   loop:
   - dev-python-pip
-  - sys-alm-compose
+  - sys-ctl-alm-compose
   - sys-lock
   - sys-rst-daemon
 
@@ -20,13 +20,13 @@
     state: directory
     mode: "0755"
 
-- name: create sys-cln-backups.py
+- name: create sys-ctl-cln-backups.py
   copy:
-    src: "sys-cln-backups.py"
+    src: "sys-ctl-cln-backups.py"
-    dest: "{{cleanup_backups_directory}}sys-cln-backups.py"
+    dest: "{{cleanup_backups_directory}}sys-ctl-cln-backups.py"
 
-- name: create sys-cln-backups{{ SYS_SERVICE_SUFFIX }}
+- name: create sys-ctl-cln-backups{{ SYS_SERVICE_SUFFIX }}
   template:
-    src: "sys-cln-backups.service.j2"
+    src: "sys-ctl-cln-backups.service.j2"
-    dest: "/etc/systemd/system/sys-cln-backups{{ SYS_SERVICE_SUFFIX }}"
+    dest: "/etc/systemd/system/sys-ctl-cln-backups{{ SYS_SERVICE_SUFFIX }}"
-  notify: reload sys-cln-backups service
+  notify: reload sys-ctl-cln-backups service

roles/sys-ctl-cln-bkps/tasks/main.yml

@@ -1,4 +1,5 @@
 - block:
     - include_tasks: 01_core.yml
     - include_tasks: utils/run_once.yml
-  when: run_once_sys_cln_faild_bkps is not defined
+  when: run_once_sys_ctl_cln_bkps is not defined
+

roles/sys-ctl-cln-bkps/templates/sys-ctl-cln-backups.service.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=delete old backups
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ PATH_SYSTEM_LOCK_SCRIPT }} {{ SYS_SERVICE_GROUP_MANIPULATION | join(' ')  }} --ignore {{SYS_SERVICE_GROUP_CLEANUP| join(' ') }} --timeout "{{ SYS_TIMEOUT_BACKUP_SERVICES }}"'
+ExecStart=/bin/sh -c '/usr/bin/python {{cleanup_backups_directory}}sys-ctl-cln-backups.py --backups-folder-path {{backups_folder_path}} --maximum-backup-size-percent {{size_percent_maximum_backup}}'

roles/sys-ctl-cln-bkps/vars/main.yml

@@ -1,2 +1,2 @@
-cleanup_backups_directory: '{{ PATH_ADMINISTRATOR_SCRIPTS }}sys-cln-backups/'
+cleanup_backups_directory: '{{ PATH_ADMINISTRATOR_SCRIPTS }}sys-ctl-cln-backups/'
 

roles/sys-ctl-cln-certs/README.md

@@ -7,10 +7,10 @@ This Ansible role automates the detection, revocation and deletion of unused Let
 ## Overview
 
 - Installs the `certreap` cleanup tool using the `pkgmgr-install` role
-- Deploys and configures a `sys-cln-certs{{ SYS_SERVICE_SUFFIX }}` systemd unit
+- Deploys and configures a `sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}` systemd unit
 - (Optionally) Sets up a recurring cleanup via a systemd timer using the `sys-timer` role
-- Integrates with `sys-alm-compose` to send failure notifications
+- Integrates with `sys-ctl-alm-compose` to send failure notifications
-- Ensures idempotent execution with a `run_once_sys_cln_certs` flag
+- Ensures idempotent execution with a `run_once_sys_ctl_cln_certs` flag
 
 ## Features
 
@@ -18,16 +18,16 @@ This Ansible role automates the detection, revocation and deletion of unused Let
   Uses `pkgmgr-install` to install the `certreap` binary.
 
 - **Systemd Service Configuration**  
-  Deploys `sys-cln-certs{{ SYS_SERVICE_SUFFIX }}` and reloads/restarts it on changes.
+  Deploys `sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}` and reloads/restarts it on changes.
 
 - **Systemd Timer Scheduling**  
   Optionally wires in a timer via the `sys-timer` role, controlled by the `on_calendar_cleanup_certs` variable.
 
 - **Smart Execution Logic**  
-  Prevents multiple runs in one play by setting a `run_once_sys_cln_certs` fact.
+  Prevents multiple runs in one play by setting a `run_once_sys_ctl_cln_certs` fact.
 
 - **Failure Notification**  
-  Triggers `sys-alm-compose.infinito@sys-cln-certs{{ SYS_SERVICE_SUFFIX }}` on failure.
+  Triggers `sys-ctl-alm-compose.infinito@sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}` on failure.
 
 ## Further Resources
 

roles/sys-ctl-cln-certs/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: "Reload and restart sys-ctl-cln-certs service"
+  systemd:
+    name: sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}
+    enabled: yes
+    daemon_reload: yes
+    state: restarted

roles/sys-ctl-cln-certs/tasks/01_core.yml

@@ -2,7 +2,7 @@
   include_role:
     name: '{{ item }}'
   loop:
-  - sys-alm-compose
+  - sys-ctl-alm-compose
   - sys-rst-daemon
 
 - name: "pkgmgr install"
@@ -11,11 +11,11 @@
   vars:
     package_name: certreap
 
-- name: configure sys-cln-certs{{ SYS_SERVICE_SUFFIX }}
+- name: configure sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}
   template:
-    src: sys-cln-certs.service.j2
+    src: sys-ctl-cln-certs.service.j2
-    dest: /etc/systemd/system/sys-cln-certs{{ SYS_SERVICE_SUFFIX }}
+    dest: /etc/systemd/system/sys-ctl-cln-certs{{ SYS_SERVICE_SUFFIX }}
-  notify: Reload and restart sys-cln-certs service
+  notify: Reload and restart sys-ctl-cln-certs service
 
 - name: "set 'service_name' to '{{ role_name }}'"
   set_fact:
@@ -25,4 +25,4 @@
   include_role:
     name: sys-timer
   vars:
-    on_calendar: "{{ on_calendar_cleanup_certs }}"
+    on_calendar: "{{ SYS_SCHEDULE_CLEANUP_CERTS }}"

roles/sys-ctl-cln-certs/tasks/main.yml

@@ -1,4 +1,4 @@
 - block:
     - include_tasks: 01_core.yml
     - include_tasks: utils/run_once.yml
-  when: run_once_sys_alm_telegram is not defined
+  when: run_once_sys_ctl_cln_certs is not defined

roles/sys-ctl-cln-certs/templates/sys-ctl-cln-certs.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=Detect, revoke, and delete unused Let's Encrypt certificates based on active NGINX configuration files.
-OnFailure=sys-alm-compose.{{ SOFTWARE_NAME }}@%n.service
+OnFailure=sys-ctl-alm-compose.{{ SOFTWARE_NAME }}@%n.service
 
 [Service]
 Type=oneshot