Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

Makefile

@@ -3,7 +3,7 @@ APPLICATIONS_OUT  	:= ./group_vars/all/04_applications.yml
 APPLICATIONS_SCRIPT := ./cli/generate_applications.py
 USERS_OUT  			:= ./group_vars/all/03_users.yml
 USERS_SCRIPT		:= ./cli/generate_users.py
-INCLUDES_OUT      	:= ./tasks/utils/docker-roles.yml
+INCLUDES_OUT      	:= ./tasks/utils/web-app-roles.yml
 INCLUDES_SCRIPT   	:= ./cli/generate_playbook.py
 
 EXTRA_USERS := $(shell \
@@ -24,7 +24,7 @@ build:
 	@echo "🔧 Generating users defaults → $(USERS_OUT) from roles in $(ROLES_DIR)…"
 	@echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)…"
 	@mkdir -p $(dir $(INCLUDES_OUT))
-	python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p docker-
+	python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) -p web-app-
 	@echo "✅ Docker role includes written to $(INCLUDES_OUT)"
 
 install: build

cli/create_web_app.py

@@ -11,7 +11,7 @@ from ruamel.yaml import YAML
 # Paths to the group-vars files
 PORTS_FILE = './group_vars/all/09_ports.yml'
 NETWORKS_FILE = './group_vars/all/10_networks.yml'
-ROLE_TEMPLATE_DIR = './templates/docker_role'
+ROLE_TEMPLATE_DIR = './templates/roles/web-app'
 ROLES_DIR = './roles'
 
 yaml = YAML()
@@ -117,7 +117,7 @@ def main():
     args = parser.parse_args()
 
     app = args.application_id
-    role = f"docker-{app}"
+    role = f"web-app-{app}"
     role_dir = os.path.join(ROLES_DIR, role)
 
     if os.path.exists(role_dir):

cli/generate_playbook.py

@@ -136,7 +136,7 @@ def main():
     )
     parser.add_argument(
         '-p', '--prefix',
-        help='Only include roles whose names start with this prefix (e.g. docker-, client-)',
+        help='Only include roles whose names start with this prefix (e.g. web-app-, desktop-)',
         default=None
     )
     parser.add_argument(

docs/analysis/Features.md

@@ -12,10 +12,10 @@ CyMaIS covers everything from essential system setups to advanced configurations
 Every business is unique, and so is CyMaIS! With a modular architecture, it adapts to specific requirements, whether for startups, growing businesses, NGOs, or large enterprises.
 
 ## Proactive Monitoring & Maintenance 🔍
-With automated updates, system health checks, and security audits, CyMaIS ensures your infrastructure is always up-to-date and running smoothly. Roles such as `health-docker-container`, `health-btrfs`, and `health-nginx` help monitor system integrity.
+With automated updates, system health checks, and security audits, CyMaIS ensures your infrastructure is always up-to-date and running smoothly. Roles such as `monitor-bot-docker-container`, `monitor-bot-btrfs`, and `monitor-bot-webserver` help monitor system integrity.
 
 ## Uncompromised Security 🔒
-Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`docker-keycloak`, `docker-ldap`), and secure backup solutions (`backup-remote-to-local`, `backup-data-to-usb`).
+Security is a top priority! CyMaIS includes robust security features like full-disk encryption recommendations, 2FA enforcement, encrypted server deployments (`web-app-keycloak`, `service-openldap`), and secure backup solutions (`backup-remote-to-local`, `backup-data-to-usb`).
 
 ## User-Friendly with Expert Support 👩‍💻
 No need to be a Linux or Docker expert! CyMaIS simplifies deployment with intuitive role-based automation. Documentation and community support make IT administration accessible to all experience levels.

docs/guides/administrator/Readme.md

@@ -10,13 +10,13 @@ Follow these guides to install and configure CyMaIS:
 
 ## Key Responsibilities 🔧
 - **User Management** - Configure LDAP, Keycloak, and user permissions.
-- **Security & Backups** - Set up `backup-remote-to-local`, `backup-data-to-usb`, and `system-security` roles.
+- **Security & Backups** - Set up `backup-remote-to-local`, `backup-data-to-usb`, and `core-security` roles.
 - **Application Hosting** - Deploy services like `Nextcloud`, `Matrix`, `Gitea`, and more.
 - **Networking & VPN** - Configure `WireGuard`, `OpenVPN`, and `Nginx Reverse Proxy`.
 
 ## Managing & Updating CyMaIS 🔄
 - Regularly update services using `update-docker`, `update-pacman`, or `update-apt`.
-- Monitor system health with `health-btrfs`, `health-nginx`, and `health-docker-container`.
-- Automate system maintenance with `system-maintenance-lock`, `cleanup-backups-service`, and `restart-docker`.
+- Monitor system health with `monitor-bot-btrfs`, `monitor-bot-webserver`, and `monitor-bot-docker-container`.
+- Automate system maintenance with `maintenance-lock`, `cleanup-backups-service`, and `maintenance-docker-restart`.
 
 For more details, refer to the specific guides above.

docs/guides/developer/Role_Creation.md

@@ -65,8 +65,8 @@ application_id: "my_service"  # Set the application ID for the service
 Now that you have defined the application settings, domain, and application ID, you need to create a Docker role that will build and run the containerized version of `my_service`.
 
 #### **Steps:**
-- Create a new directory under the `roles` directory, e.g., `roles/docker-my_service`.
-- Inside the `docker-my_service` role, create the following files:
+- Create a new directory under the `roles` directory, e.g., `roles/web-app-my_service`.
+- Inside the `web-app-my_service` role, create the following files:
 
 1. **`README.md`**:
     - Provide documentation on the new service and how it works within CyMaIS.
@@ -91,9 +91,9 @@ Now that you have defined the application settings, domain, and application ID,
       command: pkgmgr path cymais-my_service
       register: path_cymais_my_service_output
 
-    - name: "include role nginx-domain-setup for {{ application_id }}"
+    - name: "include role webserver-proxy-domain for {{ application_id }}"
       include_role:
-        name: nginx-domain-setup
+        name: webserver-proxy-domain
       vars:
         domain: "{{ domains | get_domain(application_id) }}"
         http_port: "{{ ports.localhost.http[application_id] }}"

group_vars/all/05_maintenace.yml

@@ -26,10 +26,10 @@ system_maintenance_cleanup_services:
 
 ### Services that Manipulate the System
 system_maintenance_manipulation_services:
-  - "heal-docker"
+  - "maintenance-docker-heal"
   - "update-docker"
-  - "system-storage-optimizer"
-  - "restart-docker"
+  - "maintenance-docker-storage-optimizer"
+  - "maintenance-docker-restart"
   
 ## Total System Maintenance Services
 system_maintenance_services: "{{ system_maintenance_backup_services + system_maintenance_cleanup_services + system_maintenance_manipulation_services }}"

group_vars/all/07_paths.yml

@@ -3,4 +3,4 @@
 path_administrator_home:        "/home/administrator/"
 path_administrator_scripts:     "/opt/scripts/"
 path_docker_compose_instances:  "/opt/docker/"
-path_system_lock_script:        "/opt/scripts/system-maintenance-lock.py"
+path_system_lock_script:        "/opt/scripts/maintenance-lock.py"

group_vars/all/09_ports.yml

@@ -63,8 +63,10 @@ ports:
       mobilizon: 8043
       simpleicons: 8044
       libretranslate: 8055
+      pretix:         8056
       bigbluebutton: 48087    # This port is predefined by bbb. @todo Try to change this to a 8XXX port
   # Ports which are exposed to the World Wide Web
+
   public:
     # The following ports should be changed to 22 on the subdomain via stream mapping
     ssh:

group_vars/all/10_networks.yml

@@ -90,7 +90,9 @@ defaults_networks:
       subnet: 192.168.103.112/28
     libretranslate:
       subnet: 192.168.103.128/28
-      
+    pretix:
+      subnet: 192.168.103.144/28
+    
     # /24 Networks / 254 Usable Clients
     bigbluebutton:
       subnet: 10.7.7.0/24 # This variable does not have an impact. It's just there for documentation reasons, because this network is used in bbb
@@ -99,4 +101,4 @@ defaults_networks:
     mariadb:
       subnet: 192.168.201.0/24
     central_ldap:
-      subnet: 192.168.202.0/24
+      subnet: 192.168.202.0/24

roles/README.md

@@ -1,13 +1,120 @@
-# Applications and Roles
-CyMaIS offers a variety of applications to simplify your daily tasks.
+# Roles
+
+This directory contains all of the Ansible roles used throughout the CyMaIS project. Roles are organized by function and prefixed accordingly.
+
+For a complete list of role categories and detailed definitions, see:
 
-## For Users  
-Discover the solutions CyMaIS provides for you:  
 - [Application Glossary](application_glosar.rst)  
-- [Application Categories](application_categories.rst)  
+- [Application Categories](application_categories.rst)
 
-## For Developers
-Explore the technical details of our roles:  
-- [Ansible Role Glossary](ansible_role_glosar.rst)  
+---
 
-Want to dive deeper into the source code or our ansible roles? Check out our [GitHub repository](https://github.com/kevinveenbirkenbach/cymais/tree/master/roles).  
+## Core & System
+
+- **core-***  
+  Fundamental system configuration (SSH, journald, sudo, etc.)
+
+- **generic-***  
+  Generic helpers and language/tool installers (e.g. `generic-git`, `generic-locales`, `generic-timer`)
+
+- **desktop-***  
+  Desktop environment and application roles (e.g. `desktop-gnome`, `desktop-browser`, `desktop-libreoffice`)
+
+---
+
+## Webserver & HTTP
+
+- **webserver-core**  
+  Installs and configures the base Nginx server.
+
+- **webserver-tls-***  
+  Manages TLS certificates and renewal (formerly “https”).
+
+- **webserver-proxy-***  
+  Proxy and vhost orchestration roles (domain setup, OAuth2 proxy, etc.)
+
+- **webserver-injector-***  
+  HTML response modifiers: CSS, JS, Matomo tracking, iframe notifier.
+
+- **webserver-composer**  
+  Aggregates multiple sub-filters into one include for your vhost.
+
+- **web-service-***  
+  Static‐content servers (assets, HTML, legal pages, file hosting).
+
+- **web-app-***  
+  Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon).
+
+---
+
+## Network
+
+- **network-***  
+  Network infrastructure (DNS records, WireGuard, Let’s Encrypt entrypoints).
+
+- **service-***  
+  Docker‐deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP).
+
+---
+
+## Monitoring & Alerting
+
+- **monitor-bot-***  
+  “Bot”-style health checks with alerts via Telegram, email, etc.
+
+- **monitor-core-***  
+  Low-level system monitors (journalctl, Docker containers, disk space).
+
+- **alert-***  
+  Failure or status notification handlers (core, email, Telegram).
+
+---
+
+## Maintenance & Healing
+
+- **maintenance-***  
+  Periodic maintenance tasks (Btrfs balancing, swapfile management).
+
+- **maintenance-docker-***  
+  Automated recovery and restarts for Docker Compose workloads.
+
+- **cleanup-***  
+  Housekeeping tasks (old backups, certs, log rotation).
+
+---
+
+## Backup & Restore
+
+- **backup-***  
+  Local and remote backup strategies for files, Docker volumes, databases.
+
+---
+
+## Updates & Package Management
+
+- **update-***  
+  Keeps OS and language packages up to date (`update-apt`, `update-docker`, `update-pip`, etc.)
+
+- **pkgmgr-***  
+  Language or platform package managers (npm, pip, AUR helper).
+
+---
+
+## Users & Access
+
+- **user-***  
+  Creates user accounts and SSH keys.
+
+- **user-administrator**, **user-root**  
+  Specialized account configurations for privileged users.
+
+---
+
+> **Tip:** To find a role quickly, search for its prefix:  
+> `core-`, `generic-`, `desktop-`, `webserver-`, `web-service-`, `web-app-`,  
+> `network-`, `service-`, `monitor-`, `alert-`, `maintenance-`, `cleanup-`,  
+> `backup-`, `update-`, `pkgmgr-`, `user-`.
+
+---
+
+_For more details on which applications each role supports, see the [Application Categories](application_categories.rst) and the full [Application Glossary](application_glosar.rst)._  

roles/TODO.md

@@ -1,44 +0,0 @@
-# Todo 
-
-Implement the following naming conventions.
-
-# Naming Conventions
-
-## Prefix Structure
-
-All roles follow a consistent naming convention using a *primary prefix* and a *secondary prefix*.
-
-### Format
-
-```
-<primary prefix>-<secondary prefix>-<role name>
-```
-
-### Primary Prefix
-
-| Prefix  | Purpose / Description |
-|---------|-----------------------|
-| srv-    | Roles that install or configure applications running on servers (services, daemons, infrastructure components) |
-| pc- | Roles that install or configure applications running on personal computers or workstations (GUI apps, desktop tools) |
-| pkg-    | Roles responsible for installing general-purpose software packages or development tools |
-| prs-    | Roles that define personas — collections of roles describing a user-centric environment or system profile |
-| drv-    | Roles that install or configure hardware drivers (GPU, printer, kernel modules) |
-
----
-
-### Secondary Prefix
-
-| Prefix   | Purpose / Description |
-|----------|-----------------------|
-| backup-  | Roles responsible for backup tasks (data backup, snapshots, remote sync) |
-| cleanup- | Roles that clean up the system (temporary files, unused volumes, old backups) |
-| docker-  | Roles that manage server applications running in a Dockerized environment (services, infrastructure containers) |
-| driver-  | Roles that manage hardware drivers (kernel modules, printers, GPU, peripherals) |
-| health-  | Roles for health checks, system monitoring, and metric collection (disk space, containers, service status) |
-| heal-    | Roles responsible for auto-repair or healing of system states (service recovery, resource fixes) |
-| system-  | Roles for system configuration, hardening, and operating system tuning (security, storage optimization, timers) |
-| update-  | Roles managing software update processes (package updates, Docker updates, repository management) |
-| user-    | Roles managing system users, accounts, and user-specific configuration (home directories, permissions) |
-
-# Implement the following roles
-- Implement docker role for [radicle](https://radicle.xyz/)

roles/alert-core/README.md

@@ -2,7 +2,7 @@
 
 ## Description
 
-This role installs a systemd service that sends notifications via both [systemd-notifier-telegram](../systemd-notifier-telegram/README.md) and [systemd-notifier-email](../systemd-notifier-email/README.md) when any service fails.
+This role installs a systemd service that sends notifications via both [alert-telegram](../alert-telegram/README.md) and [alert-email](../alert-email/README.md) when any service fails.
 
 ## Overview
 
@@ -15,6 +15,6 @@ The primary purpose of this role is to provide a centralized mechanism for servi
 ## Features
 
 - **Unified Notification Service:** Installs a systemd service that triggers both Telegram and Email alerts.
-- **Dependency Integration:** Works seamlessly with the [systemd-notifier-telegram](../systemd-notifier-telegram/README.md) and [systemd-notifier-email](../systemd-notifier-email/README.md) roles.
+- **Dependency Integration:** Works seamlessly with the [alert-telegram](../alert-telegram/README.md) and [alert-email](../alert-email/README.md) roles.
 - **Automated Service Management:** Automatically restarts the notifier service upon configuration changes.
 - **Centralized Alerting:** Provides a unified approach to monitor and notify about service failures.

roles/alert-core/handlers/main.yml

@@ -1,6 +1,6 @@
-- name: "restart systemd-notifier service"
+- name: "restart alert-core service"
   systemd:
-    name: systemd-notifier.cymais.service
+    name: alert-core.cymais.service
     daemon_reload: yes
   when: run_once_systemd_notifier_service is not defined
 

roles/alert-core/meta/main.yml

@@ -23,5 +23,5 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - systemd-notifier-telegram
-  - systemd-notifier-email
+  - alert-telegram
+  - alert-email

roles/alert-core/tasks/main.yml

@@ -1,9 +1,9 @@
 ---
-- name: configure systemd-notifier.cymais@.service
+- name: configure alert-core.cymais@.service
   template: 
-    src: systemd-notifier@.service.j2 
-    dest: "/etc/systemd/system/systemd-notifier.cymais@.service"
-  notify: "restart systemd-notifier service"
+    src: alert-core@.service.j2 
+    dest: "/etc/systemd/system/alert-core.cymais@.service"
+  notify: "restart alert-core service"
   when: run_once_systemd_notifier_service is not defined
 
 - name: run the systemd_notifier_service tasks once

roles/alert-core/templates/alert-core@.service.j2

@@ -0,0 +1,8 @@
+[Unit]
+Description=Notifier for %i
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/systemctl start alert-telegram.cymais@%i.service alert-email.cymais@%i.service
+User=root
+Group=systemd-journal

roles/alert-email/README.md

@@ -2,11 +2,11 @@
 
 ## Description
 
-This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `systemd-notifier-email` service and configures email parameters and templates using msmtp.
+This role installs and configures the necessary components for sending email notifications via systemd when a service fails. It sets up the `alert-email` service and configures email parameters and templates using msmtp.
 
 ## Overview
 
-Optimized for secure and reliable service failure notifications, this role is an integral part of the overall `systemd-notifier` suite. It ensures that, upon failure of a critical service, an email alert is sent automatically to enable prompt troubleshooting.
+Optimized for secure and reliable service failure notifications, this role is an integral part of the overall `alert-core` suite. It ensures that, upon failure of a critical service, an email alert is sent automatically to enable prompt troubleshooting.
 
 ## Purpose
 
@@ -17,7 +17,7 @@ The primary purpose of this role is to provide a comprehensive solution for auto
 - **Service Installation & Configuration:** Installs msmtp and configures the email sending service.
 - **Customizable Templates:** Supports tailoring email templates for service failure notifications.
 - **Secure Notifications:** Integrates with systemd to trigger email alerts when services fail.
-- **Suite Integration:** Part of the `systemd-notifier` suite, offering a unified approach to service failure notifications.
+- **Suite Integration:** Part of the `alert-core` suite, offering a unified approach to service failure notifications.
 
 ## Other Resources
 

roles/alert-email/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: "restart alert-email service"
+  systemd:
+    name: alert-email.cymais.service
+    daemon_reload: yes

roles/alert-email/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Installs and configures components for sending email notifications. This role is part of the systemd-notifier suite, providing automated alerts when services fail."
+  description: "Installs and configures components for sending email notifications. This role is part of the alert-core suite, providing automated alerts when services fail."
   license: "CyMaIS NonCommercial License (CNCL)"
   license_url: "https://s.veen.world/cncl"
   company: |
@@ -23,4 +23,4 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - msmtp
+  - generic-msmtp

roles/alert-email/tasks/main.yml

@@ -5,17 +5,17 @@
     mode: 0755
   when: run_once_systemd_notifier_email is not defined
 
-- name: configure systemd-notifier-email.sh
+- name: configure alert-email.sh
   template:
-    src:  systemd-notifier-email.sh.j2 
-    dest: "{{systemd_notifier_email_folder}}systemd-notifier-email.sh"
+    src:  alert-email.sh.j2 
+    dest: "{{systemd_notifier_email_folder}}alert-email.sh"
   when: run_once_systemd_notifier_email is not defined
 
-- name: configure systemd-notifier-email.cymais.service
+- name: configure alert-email.cymais.service
   template: 
-    src:  systemd-notifier-email@.service.j2
-    dest: /etc/systemd/system/systemd-notifier-email.cymais@.service
-  notify: restart systemd-notifier-email service
+    src:  alert-email@.service.j2
+    dest: /etc/systemd/system/alert-email.cymais@.service
+  notify: restart alert-email service
   when: run_once_systemd_notifier_email is not defined
 
 - name: run the systemd_notifier_email tasks once

roles/alert-email/templates/alert-email@.service.j2

@@ -3,6 +3,6 @@ Description=status email for %i to user
 
 [Service]
 Type=oneshot
-ExecStart=/bin/bash {{systemd_notifier_email_folder}}systemd-notifier-email.sh %i
+ExecStart=/bin/bash {{systemd_notifier_email_folder}}alert-email.sh %i
 User=root
 Group=systemd-journal

roles/alert-email/vars/main.yml

@@ -0,0 +1 @@
+systemd_notifier_email_folder: "{{path_administrator_scripts}}alert-email/"

roles/alert-telegram/README.md

@@ -2,11 +2,11 @@
 
 ## Description
 
-This role installs and configures the necessary components for sending notifications via systemd when a service fails. It sets up the `systemd-notifier-telegram` service and configures parameters and customizable templates for sending messages through [Telegram](https://telegram.org).
+This role installs and configures the necessary components for sending notifications via systemd when a service fails. It sets up the `alert-telegram` service and configures parameters and customizable templates for sending messages through [Telegram](https://telegram.org).
 
 ## Overview
 
-Optimized for real-time alerts, this role is a key component of the overall [`systemd-notifier` suite](../). It ensures that, upon failure of a critical service, a Telegram message is automatically sent to notify administrators and enable prompt troubleshooting.
+Optimized for real-time alerts, this role is a key component of the overall [`alert-core` suite](../). It ensures that, upon failure of a critical service, a Telegram message is automatically sent to notify administrators and enable prompt troubleshooting.
 
 ## Purpose
 
@@ -17,7 +17,7 @@ The primary purpose of this role is to provide a robust solution for automated T
 - **Service Installation & Configuration:** Installs and configures necessary components (including the `curl` package).
 - **Customizable Templates:** Supports tailored Telegram message templates for service failure notifications.
 - **Secure Notifications:** Leverages systemd to trigger alerts automatically when services fail.
-- **Suite Integration:** Part of the [`systemd-notifier` suite](../) which includes related roles such as [systemd-notifier-email](../systemd-notifier-email/README.md) and others.
+- **Suite Integration:** Part of the [`alert-core` suite](../) which includes related roles such as [alert-email](../alert-email/README.md) and others.
   
 ## Other Resources
 

roles/alert-telegram/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: "restart alert-telegram service"
+  systemd:
+    name: alert-telegram.cymais.service
+    daemon_reload: yes

roles/alert-telegram/meta/main.yml

@@ -1,7 +1,7 @@
 ---
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
-  description: "Installs and configures components for sending Telegram notifications through systemd. This role is part of the systemd-notifier suite, providing automated alerts when services fail."
+  description: "Installs and configures components for sending Telegram notifications through systemd. This role is part of the alert-core suite, providing automated alerts when services fail."
   license: "CyMaIS NonCommercial License (CNCL)"
   license_url: "https://s.veen.world/cncl"
   company: |

roles/alert-telegram/tasks/main.yml

@@ -11,17 +11,17 @@
     mode: '0755'
   when: run_once_systemd_notifier_telegram is not defined
 
-- name: configure systemd-notifier-telegram.sh
+- name: configure alert-telegram.sh
   template: 
-    src: systemd-notifier-telegram.sh.j2 
+    src: alert-telegram.sh.j2 
     dest: "{{ systemd_telegram_script }}"
   when: run_once_systemd_notifier_telegram is not defined  
 
-- name: configure systemd-notifier-telegram.cymais.service
+- name: configure alert-telegram.cymais.service
   template: 
-    src: systemd-notifier-telegram@.service.j2 
-    dest: "/etc/systemd/system/systemd-notifier-telegram.cymais@.service"
-  notify: "restart systemd-notifier-telegram service"
+    src: alert-telegram@.service.j2 
+    dest: "/etc/systemd/system/alert-telegram.cymais@.service"
+  notify: "restart alert-telegram service"
   when: run_once_systemd_notifier_telegram is not defined
 
 - name: run the systemd_notifier_telegram tasks once

roles/alert-telegram/vars/main.yml

@@ -0,0 +1,2 @@
+systemd_telegram_folder: "/opt/ansible-roles/alert-telegram/"
+systemd_telegram_script: "{{systemd_telegram_folder}}alert-telegram.sh"

roles/backup-data-to-usb/meta/main.yml

@@ -24,4 +24,4 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
 dependencies:
   - cleanup-backups-service
-  - system-maintenance-lock
+  - maintenance-lock

roles/backup-data-to-usb/templates/backup-data-to-usb.service.j2

@@ -1,7 +1,7 @@
 [Unit]
 Description=Backup to USB when mounted to {{ backup_to_usb_mount }}
 Wants={{systemctl_mount_service_name}}
-OnFailure=systemd-notifier.cymais@%n.service
+OnFailure=alert-core.cymais@%n.service
 
 [Service]
 Type=oneshot

roles/backup-docker-to-local/README.md

@@ -9,9 +9,9 @@ This Ansible role automates the process of backing up Docker volumes to a local
 Optimized for Archlinux, this role ensures that Docker volume backups are performed reliably with minimal manual intervention. It integrates with several dependent roles to verify backup success and manage related tasks, including:
 - [backup-directory-validator](../backup-directory-validator/) – Validates backup directories.
 - [cleanup-failed-docker-backups](../cleanup-failed-docker-backups/) – Cleans up unsuccessful backup attempts.
-- [systemd-timer](../systemd-timer/) – Schedules recurring backup tasks.
+- [generic-timer](../generic-timer/) – Schedules recurring backup tasks.
 - [backup-provider](../backup-provider/) – Manages backup sources.
-- [system-maintenance-lock](../system-maintenance-lock/) – Ensures coordinated maintenance operations.
+- [maintenance-lock](../maintenance-lock/) – Ensures coordinated maintenance operations.
 
 ## Purpose
 

roles/backup-docker-to-local/meta/main.yml

@@ -24,7 +24,7 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
 dependencies:
   - backup-provider
-  - systemd-notifier
+  - alert-core
   - cleanup-failed-docker-backups
-  - system-maintenance-lock
+  - maintenance-lock
   - backup-directory-validator

roles/backup-docker-to-local/tasks/main.yml

@@ -36,9 +36,9 @@
     service_name: "{{ role_name }}"
   when: run_once_backup_docker_to_local is not defined
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{on_calendar_backup_docker_to_local}}"
   when: run_once_backup_docker_to_local is not defined

roles/backup-docker-to-local/tasks/seed-database-to-backup.yml

@@ -1,4 +1,4 @@
-# This file is also used by docker-matrix
+# This file is also used by web-app-matrix
 
 - name: "Display all database variables"
   debug:

roles/backup-docker-to-local/templates/backup-docker-to-local-everything.service.j2

@@ -1,9 +1,9 @@
 [Unit]
 Description=backup docker volumes to local folder
-OnFailure=systemd-notifier.cymais@%n.service cleanup-failed-docker-backups.cymais.service
+OnFailure=alert-core.cymais@%n.service cleanup-failed-docker-backups.cymais.service
 
 [Service]
 Type=oneshot
 ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
 ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}} --everything'
-ExecStartPost=/bin/sh -c '/bin/systemctl start heal-docker.cymais.service &'
+ExecStartPost=/bin/sh -c '/bin/systemctl start maintenance-docker-heal.cymais.service &'

roles/backup-docker-to-local/templates/backup-docker-to-local.service.j2

@@ -1,9 +1,9 @@
 [Unit]
 Description=backup docker volumes to local folder
-OnFailure=systemd-notifier.cymais@%n.service cleanup-failed-docker-backups.cymais.service
+OnFailure=alert-core.cymais@%n.service cleanup-failed-docker-backups.cymais.service
 
 [Service]
 Type=oneshot
 ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'backup-docker-to-local-everything') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
 ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}}'
-ExecStartPost=/bin/sh -c '/bin/systemctl start heal-docker.cymais.service &'
+ExecStartPost=/bin/sh -c '/bin/systemctl start maintenance-docker-heal.cymais.service &'

roles/backup-provider-user/meta/main.yml

@@ -23,4 +23,4 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - sshd
+  - core-sshd

roles/backup-remote-to-local/README.md

@@ -17,7 +17,7 @@ Backup Remote to Local is a robust solution for retrieving backup data from remo
 - **Remote Backup Retrieval:** Pulls backups from a remote server using secure SSH connections.
 - **Incremental Backup with rsync:** Uses rsync with options for archive, backup, and hard linking to efficiently manage changes.
 - **Retry Logic:** Implements a retry mechanism to handle transient network issues or remote errors.
-- **Integration with Other Roles:** Works alongside roles like backup-directory-validator, cleanup-failed-docker-backups, systemd-timer, backup-provider, and system-maintenance-lock.
+- **Integration with Other Roles:** Works alongside roles like backup-directory-validator, cleanup-failed-docker-backups, generic-timer, backup-provider, and maintenance-lock.
 - **Administrative Debugging:** Detailed debug instructions and administrative tasks are provided in a separate file.
 
 ## Other Resources

roles/backup-remote-to-local/meta/main.yml

@@ -25,9 +25,9 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - git
-  - systemd-notifier
+  - generic-git
+  - alert-core
   - cleanup-backups-timer
   - cleanup-failed-docker-backups
-  - system-maintenance-lock
+  - maintenance-lock
   - user-root

roles/backup-remote-to-local/tasks/main.yml

@@ -26,9 +26,9 @@
   set_fact:
     service_name: "{{ role_name }}"
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{on_calendar_backup_remote_to_local}}"
 

roles/backup-remote-to-local/templates/backup-remote-to-local.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=pull remote backups
-OnFailure=systemd-notifier.cymais@%n.service cleanup-failed-docker-backups.cymais.service
+OnFailure=alert-core.cymais@%n.service cleanup-failed-docker-backups.cymais.service
 
 [Service]
 Type=oneshot

roles/cleanup-backups-service/README.md

@@ -10,7 +10,7 @@ Optimized for effective disk space management, this role:
 - Installs required packages (e.g. [lsof](https://en.wikipedia.org/wiki/Lsof) and [psutil](https://pypi.org/project/psutil/)) using pacman.
 - Creates a directory for storing cleanup scripts.
 - Deploys a Python script that deletes old backup directories when disk usage is too high.
-- Configures a systemd service to run the cleanup script, with notifications via [systemd-notifier](../systemd-notifier/README.md).
+- Configures a systemd service to run the cleanup script, with notifications via [alert-core](../alert-core/README.md).
 
 ## Purpose
 

roles/cleanup-backups-service/meta/main.yml

@@ -22,6 +22,6 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:  
-  - python-pip
-  - systemd-notifier
-  - system-maintenance-lock
+  - generic-python-pip
+  - alert-core
+  - maintenance-lock

roles/cleanup-backups-service/templates/cleanup-backups.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=delete old backups
-OnFailure=systemd-notifier.cymais@%n.service
+OnFailure=alert-core.cymais@%n.service
 
 [Service]
 Type=oneshot

roles/cleanup-backups-timer/README.md

@@ -8,7 +8,7 @@ This role sets up a systemd timer to schedule the periodic cleanup of old backup
 
 Optimized for automated maintenance, this role:
 - Sets a fact for the service name.
-- Integrates with the [systemd-timer](../systemd-timer/README.md) role to schedule cleanup-backups tasks at defined intervals.
+- Integrates with the [generic-timer](../generic-timer/README.md) role to schedule cleanup-backups tasks at defined intervals.
 
 ## Purpose
 

roles/cleanup-backups-timer/tasks/main.yml

@@ -3,9 +3,9 @@
     service_name: "cleanup-backups"
   when: run_once_cleanup_backups_timer is not defined
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{on_calendar_cleanup_backups}}"
   when: run_once_cleanup_backups_timer is not defined

roles/cleanup-certs/README.md

@@ -8,8 +8,8 @@ This Ansible role automates the detection, revocation and deletion of unused Let
 
 - Installs the `certreap` cleanup tool using the `pkgmgr-install` role
 - Deploys and configures a `cleanup-certs.cymais.service` systemd unit
-- (Optionally) Sets up a recurring cleanup via a systemd timer using the `systemd-timer` role
-- Integrates with `systemd-notifier` to send failure notifications
+- (Optionally) Sets up a recurring cleanup via a systemd timer using the `generic-timer` role
+- Integrates with `alert-core` to send failure notifications
 - Ensures idempotent execution with a `run_once_cleanup_certs` flag
 
 ## Features
@@ -21,13 +21,13 @@ This Ansible role automates the detection, revocation and deletion of unused Let
   Deploys `cleanup-certs.cymais.service` and reloads/restarts it on changes.
 
 - **Systemd Timer Scheduling**  
-  Optionally wires in a timer via the `systemd-timer` role, controlled by the `on_calendar_cleanup_certs` variable.
+  Optionally wires in a timer via the `generic-timer` role, controlled by the `on_calendar_cleanup_certs` variable.
 
 - **Smart Execution Logic**  
   Prevents multiple runs in one play by setting a `run_once_cleanup_certs` fact.
 
 - **Failure Notification**  
-  Triggers `systemd-notifier.cymais@cleanup-certs.cymais.service` on failure.
+  Triggers `alert-core.cymais@cleanup-certs.cymais.service` on failure.
 
 ## Further Resources
 

roles/cleanup-certs/meta/main.yml

@@ -24,4 +24,4 @@ galaxy_info:
   documentation: "https://github.com/kevinveenbirkenbach/certreap#readme"
 
 dependencies:
-  - systemd-notifier
+  - alert-core

roles/cleanup-certs/tasks/main.yml

@@ -17,9 +17,9 @@
     service_name: "{{ role_name }}"
   when: run_once_cleanup_certs is not defined
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{ on_calendar_cleanup_certs }}"
   when: run_once_cleanup_certs is not defined

roles/cleanup-certs/templates/cleanup-certs.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=Detect, revoke, and delete unused Let's Encrypt certificates based on active NGINX configuration files.
-OnFailure=systemd-notifier.cymais@%n.service
+OnFailure=alert-core.cymais@%n.service
 
 [Service]
 Type=oneshot

roles/cleanup-disc-space/meta/main.yml

@@ -22,5 +22,5 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - systemd-notifier
-  - system-maintenance-lock
+  - alert-core
+  - maintenance-lock

roles/cleanup-disc-space/tasks/main.yml

@@ -19,8 +19,8 @@
   set_fact:
     service_name: "{{ role_name }}"
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{on_calendar_cleanup_disc_space}}"

roles/cleanup-disc-space/templates/cleanup-disc-space.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=freeing disc space
-OnFailure=systemd-notifier.cymais@%n.service
+OnFailure=alert-core.cymais@%n.service
 
 [Service]
 Type=oneshot

roles/cleanup-docker-anonymous-volumes/README.md

@@ -2,7 +2,7 @@
 
 ## Description
 
-This Ansible role installs and executes [`dockreap`](https://github.com/kevinveenbirkenbach/docker-volume-cleaner), a tool designed to clean up unused anonymous Docker volumes (including symlinks and their targets) to maintain a tidy Docker environment.
+This Ansible role installs and executes [`dockreap`](https://github.com/kevinveenbirkenbach/web-app-volume-cleaner), a tool designed to clean up unused anonymous Docker volumes (including symlinks and their targets) to maintain a tidy Docker environment.
 
 ## Overview
 

roles/cleanup-docker-anonymous-volumes/meta/main.yml

@@ -20,6 +20,6 @@ galaxy_info:
     - maintenance
     - volumes
     - pkgmgr
-  repository: "https://github.com/kevinveenbirkenbach/docker-volume-cleaner"
-  issue_tracker_url: "https://github.com/kevinveenbirkenbach/docker-volume-cleaner/issues"
-  documentation: "https://github.com/kevinveenbirkenbach/docker-volume-cleaner#readme"
+  repository: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner#readme"

roles/cleanup-domains/meta/main.yml

@@ -21,4 +21,4 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - nginx
+  - webserver-core

roles/cleanup-failed-docker-backups/README.md

@@ -9,7 +9,7 @@ This role cleans up failed Docker backups by pulling a [Git repository](https://
 Optimized for backup maintenance, this role:
 - Clones the cleanup-failed-docker-backups repository.
 - Configures a systemd service to run the cleanup script.
-- Integrates with the [systemd-timer](../systemd-timer/README.md) role to schedule periodic cleanup.
+- Integrates with the [generic-timer](../generic-timer/README.md) role to schedule periodic cleanup.
 - Works in conjunction with the backup-directory-validator role for additional verification.
 
 ## Purpose

roles/cleanup-failed-docker-backups/meta/main.yml

@@ -22,6 +22,6 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - systemd-notifier
-  - system-maintenance-lock
+  - alert-core
+  - maintenance-lock
   - backup-directory-validator

roles/cleanup-failed-docker-backups/tasks/main.yml

@@ -29,9 +29,9 @@
     service_name: "{{ role_name }}"
   when: run_once_cleanup_failed_docker_backups is not defined
 
-- name: "include role for systemd-timer for {{service_name}}"
+- name: "include role for generic-timer for {{service_name}}"
   include_role:
-    name: systemd-timer
+    name: generic-timer
   vars:
     on_calendar:  "{{on_calendar_cleanup_failed_docker}}"
   when: run_once_cleanup_failed_docker_backups is not defined

roles/cleanup-failed-docker-backups/templates/cleanup-failed-docker-backups.service.j2

@@ -1,6 +1,6 @@
 [Unit]
 Description=Cleaning up failed docker volume backups
-OnFailure=systemd-notifier.cymais@%n.service
+OnFailure=alert-core.cymais@%n.service
 
 [Service]
 Type=oneshot

roles/client-qbittorrent/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-- system-aur-helper

roles/client-zoom/meta/main.yml

@@ -1,2 +0,0 @@
-dependencies:
-- system-aur-helper

roles/core-journalctl/README.md

@@ -0,0 +1,32 @@
+# Journalctl
+
+This Ansible role manages the configuration of `systemd-journald` on target hosts.
+
+## Description
+
+- Copies a customized `journald.conf` to `/etc/systemd/journald.conf`  
+- Ensures log retention for one week  
+- Restarts the `systemd-journald` service when configuration changes  
+- Supports live log streaming via `journalctl -f`
+
+## Overview
+
+1. **Template deployment**  
+   The role places your `journald.conf.j2` template into `/etc/systemd/journald.conf`.
+2. **Service handler**  
+   On change, it notifies a handler to restart `systemd-journald`.
+3. **Monitoring**  
+   You can follow logs in real time with `journalctl -f`.
+
+## Features
+
+- Customizable retention and runtime limits  
+- Seamless restarts on config update  
+- Integration with `monitor-bot-journalctl` for downstream monitoring
+
+## Usage
+
+```yaml
+- hosts: all
+  roles:
+    - role: core-journalctl

roles/core-journalctl/meta/main.yml

@@ -0,0 +1,20 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Configure and manage systemd-journald settings"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  galaxy_tags:
+    - system
+    - logging
+    - journald
+  repository: "https://github.com/kevinveenbirkenbach/cymais"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/core-journalctl"
+  run_after: []
+dependencies:
+  - monitor-bot-journalctl

roles/core-security/meta/main.yml

@@ -21,4 +21,4 @@ galaxy_info:
   issue_tracker_url: "https://s.veen.world/cymaisissues"
   documentation: "https://s.veen.world/cymais"
 dependencies:
-  - sshd
+  - core-sshd

roles/desktop-bluray-player/README.md

@@ -1,4 +1,4 @@
-# client-bluray-player
+# desktop-bluray-player
 
 ## Description
 

roles/desktop-bluray-player/meta/main.yml

@@ -1,2 +1,2 @@
 dependencies:
-- nginx-https
+- generic-java

roles/desktop-browser/README.md

@@ -6,7 +6,7 @@ This Ansible role serves as a wrapper to install and configure multiple browsers
 
 ## Overview
 
-The **client-browser** role orchestrates the deployment of two specialized roles: **client-browser-chromium** and **client-browser-firefox**. By executing both roles, it provides a unified solution for browser management, making it easier to maintain a secure and consistent browsing environment across your systems.
+The **desktop-browser** role orchestrates the deployment of two specialized roles: **desktop-browser-chromium** and **desktop-browser-firefox**. By executing both roles, it provides a unified solution for browser management, making it easier to maintain a secure and consistent browsing environment across your systems.
 
 ## Purpose
 

roles/desktop-browser/meta/main.yml

@@ -34,5 +34,5 @@ galaxy_info:
   issue_tracker_url: https://s.veen.world/cymaisissues
   documentation: https://s.veen.world/cymais
 dependencies:
-  - client-browser-chromium
-  - client-browser-firefox
+  - desktop-browser-chromium
+  - desktop-browser-firefox

roles/desktop-docker/README.md

@@ -1,10 +1,10 @@
 # README for PC-Docker Playbook
 
 ## Overview
-This playbook, `client-docker`, is part of a larger collection housed within the `cymais` repository. It is specifically tailored for setting up Docker and Docker Compose on personal computers (PCs) used for development purposes. The primary goal is to facilitate a development environment on individual workstations rather than configuring servers for hosting or distributing Docker images.
+This playbook, `desktop-docker`, is part of a larger collection housed within the `cymais` repository. It is specifically tailored for setting up Docker and Docker Compose on personal computers (PCs) used for development purposes. The primary goal is to facilitate a development environment on individual workstations rather than configuring servers for hosting or distributing Docker images.
 
 ## Contents
-The `main.yml` file in the `client-docker` role consists of two primary tasks:
+The `main.yml` file in the `desktop-docker` role consists of two primary tasks:
 
 1. **Install Docker**: This task uses the `community.general.pacman` module to install `docker` and `docker-compose` on the system. It ensures that these packages are present on the PC.
 
@@ -20,7 +20,7 @@ The playbook is designed for developers who require Docker in their local develo
 ## Running the Playbook
 To run this playbook:
 1. Clone the `cymais` repository.
-2. Navigate to the `roles/client-docker` directory.
+2. Navigate to the `roles/desktop-docker` directory.
 3. Run the playbook using the appropriate Ansible commands, ensuring that you have the necessary privileges.
 
 ## Important Notes