Huge role refactoring/cleanup. Other commits will propably follow. Because some bugs will exist. Still important for longrun and also for auto docs/help/slideshow generation

roles/webserver-proxy-domain/README.md

@@ -0,0 +1,35 @@
+# Nginx Domain Setup 🚀
+
+## Description
+
+This role bootstraps **per-domain Nginx configuration**: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.
+
+## Overview
+
+A higher-level orchestration wrapper, *webserver-proxy-domain* ties together several lower-level roles:
+
+1. **`webserver-injector-core`** – applies global tweaks and includes.  
+2. **`webserver-tls-core`** – obtains Let’s Encrypt certificates.  
+3. **Domain template deployment** – copies a Jinja2 vHost from *webserver-proxy-core*.  
+4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
+
+The result is a complete, reproducible domain rollout in a single playbook task.
+
+## Purpose
+
+Provide **one-stop, idempotent domain provisioning** for Nginx-based homelabs or small production environments.
+
+## Features
+
+- **End-to-end TLS** — certificate retrieval and secure headers included.  
+- **Template-driven vHosts** — choose *basic* or *ws_generic* flavours (or your own).  
+- **Conditional OAuth2** — easily toggle authentication per application.  
+- **Handler-safe** — automatically triggers an Nginx reload when templates change.  
+- **Composable** — designed to be called repeatedly for many domains.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at <https://www.veen.world>
+
+Part of the **CyMaIS Project** — licensed under the [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/webserver-proxy-domain/defaults/main.yml

@@ -0,0 +1,5 @@
+# default vhost flavour
+vhost_flavour:        "basic"               # valid: basic | ws_generic
+
+# build the full template path from the flavour
+vhost_template_src:   "roles/webserver-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2"

roles/webserver-proxy-domain/meta/main.yml

@@ -0,0 +1,27 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automated domain provisioning (TLS, vHost, OAuth2) for Nginx."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - nginx
+    - tls
+    - letsencrypt
+    - oauth2
+    - automation
+    - archlinux
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais
+dependencies:
+  - nginx

roles/webserver-proxy-domain/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: "include role for {{domain}} to receive certificates and do the modification routines"
+  include_role:
+    name: webserver-composer
+    
+- name: "copy nginx domain configuration to {{ configuration_destination }}"
+  template:
+    src:  "{{ vhost_template_src }}"
+    dest: "{{ configuration_destination }}"
+  notify: restart nginx
+
+- name: "set oauth2_proxy_application_id (Needed due to lazzy loading issue)"
+  set_fact:
+    oauth2_proxy_application_id: "{{ application_id }}"
+  when: applications | is_feature_enabled('oauth2',application_id)
+
+- name: "include the web-app-oauth2-proxy role {{domain}}"
+  include_role:
+    name: web-app-oauth2-proxy
+  when: applications | is_feature_enabled('oauth2',application_id)

roles/webserver-proxy-domain/vars/main.yml

@@ -0,0 +1 @@
+configuration_destination:  "{{nginx.directories.http.servers}}{{domain}}.conf"