Restructured service und web role naming in inventor

Makefile

@@ -3,11 +3,17 @@ APPLICATIONS_OUT  	:= ./group_vars/all/04_applications.yml
 APPLICATIONS_SCRIPT := ./cli/generate_applications.py
 USERS_OUT           := ./group_vars/all/03_users.yml
 USERS_SCRIPT        := ./cli/generate_users.py
-INCLUDES_OUT      	:= ./tasks/utils/server-roles.yml
 INCLUDES_SCRIPT     := ./cli/generate_playbook.py
 
+# Define the prefixes for which we want individual role-include files
+INCLUDE_GROUPS      := "web-" "svc-"
+
+# Directory where these include-files will be written
+INCLUDES_OUT_DIR    := ./tasks/groups
+
+# Compute extra users as before
 EXTRA_USERS := $(shell \
-	find $(ROLES_DIR) -maxdepth 1 -type d -name '*' -printf '%f\n' \
+  find $(ROLES_DIR) -maxdepth 1 -type d -printf '%f\n' \
     | sed -E 's/.*-//' \
     | grep -E -x '[a-z0-9]+' \
     | sort -u \
@@ -17,27 +23,34 @@ EXTRA_USERS := $(shell \
 .PHONY: build install test
 
 build:
-	@echo "🔧 Generating applications defaults → $(APPLICATIONS_OUT) from roles in $(ROLES_DIR)…"
-	python3 $(USERS_SCRIPT) --roles-dir $(ROLES_DIR) --output $(USERS_OUT) --extra-users "$(EXTRA_USERS)"
+	@echo "🔧 Generating users defaults → $(USERS_OUT)…"
+	python3 $(USERS_SCRIPT) \
+	  --roles-dir $(ROLES_DIR) \
+	  --output $(USERS_OUT) \
+	  --extra-users "$(EXTRA_USERS)"
 	@echo "✅ Users defaults written to $(USERS_OUT)\n"
-	python3 $(APPLICATIONS_SCRIPT) --roles-dir $(ROLES_DIR) --output-file $(APPLICATIONS_OUT)
+
+	@echo "🔧 Generating applications defaults → $(APPLICATIONS_OUT)…"
+	python3 $(APPLICATIONS_SCRIPT) \
+	  --roles-dir $(ROLES_DIR) \
+	  --output-file $(APPLICATIONS_OUT)
 	@echo "✅ Applications defaults written to $(APPLICATIONS_OUT)\n"
-	@echo "🔧 Generating users defaults → $(USERS_OUT) from roles in $(ROLES_DIR)…"
-	@echo "🔧 Generating Docker role includes → $(INCLUDES_OUT)…"
-	@mkdir -p $(dir $(INCLUDES_OUT))
-	python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) -o $(INCLUDES_OUT) \
-		-p web-app \
-		-p web-svc \
-		-p svc-openldap \
-		-p svc-rdbms-postgres \
-		-p svc-rdbms-mariadb
-	@echo "✅ Docker role includes written to $(INCLUDES_OUT)"
+
+	@echo "🔧 Generating role-include files for each group…"
+	@mkdir -p $(INCLUDES_OUT_DIR)
+	@$(foreach grp,$(INCLUDE_GROUPS), \
+	  out=$(INCLUDES_OUT_DIR)/$(grp)roles.yml; \
+	  echo "→ Building $$out (pattern: '$(grp)')…"; \
+	  python3 $(INCLUDES_SCRIPT) $(ROLES_DIR) \
+	    -p $(grp) -o $$out; \
+	  echo "  ✅ $$out"; \
+	)
 
 install: build
 	@echo "⚙️  Install complete."
 
 test:
-	@echo "🧪 Running Python Tests..."
+	@echo "🧪 Running Python tests…"
 	python -m unittest discover -s tests
-	@echo "📑 Syntax Checking Ansible Playbook..."
+	@echo "📑 Checking Ansible syntax…"
 	ansible-playbook playbook.yml --syntax-check

roles/cmp-db-docker/README.md

@@ -1,18 +1,18 @@
 # Database Docker Composition
 
-This role combines the central RDBMS role (`svc-rdbms-central`) with Docker Compose to deliver a ready-to-use containerized database environment.
+This role combines the central RDBMS role (`cmp-rdbms-orchestrator`) with Docker Compose to deliver a ready-to-use containerized database environment.
 
 ## Features
 
 - **Central RDBMS Integration**  
-  Includes the `svc-rdbms-central` role, which handles backups, restores, user and permission management for your relational database system (PostgreSQL, MariaDB, etc.).
+  Includes the `cmp-rdbms-orchestrator` role, which handles backups, restores, user and permission management for your relational database system (PostgreSQL, MariaDB, etc.).
 
 - **Docker Compose**  
   Utilizes the standalone `docker-compose` role to define and bring up containers, networks, and volumes automatically.
 
 - **Variable Load Order**  
   1. Docker Compose variables (`roles/docker-compose/vars/docker-compose.yml`)  
-  2. Database variables (`roles/svc-rdbms-central/vars/database.yml`)  
+  2. Database variables (`roles/cmp-rdbms-orchestrator/vars/database.yml`)  
   Ensures compose ports and volumes are defined before the database role consumes them.
 
 The role will load both sub-roles and satisfy all dependencies transparently.
@@ -22,4 +22,4 @@ The role will load both sub-roles and satisfy all dependencies transparently.
 1. **Set Fact** `database_application_id` to work around lazy‐loading ordering.
 2. **Include Vars** in the specified order.
 3. **Invoke** `docker-compose` role to create containers, networks, and volumes.
-4. **Invoke** `svc-rdbms-central` role to provision the database, backups, and users.
+4. **Invoke** `cmp-rdbms-orchestrator` role to provision the database, backups, and users.

roles/cmp-db-docker/tasks/main.yml

@@ -14,4 +14,4 @@
 
 - name: "Load central rdbms for {{ application_id }}"
   include_role: 
-    name: svc-rdbms-central
+    name: cmp-rdbms-orchestrator

roles/cmp-db-docker/vars/main.yml

@@ -1,2 +1,2 @@
-cmp_db_docker_vars_file_db:     "{{ playbook_dir }}/roles/svc-rdbms-central/vars/database.yml"
+cmp_db_docker_vars_file_db:     "{{ playbook_dir }}/roles/cmp-rdbms-orchestrator/vars/database.yml"
 cmp_db_docker_vars_file_docker: "{{ playbook_dir }}/roles/docker-compose/vars/docker-compose.yml"

roles/cmp-rdbms-orchestrator/templates/services/main.yml.j2

@@ -0,0 +1 @@
+{% include 'roles/cmp-rdbms-orchestrator/templates/services/' + database_type + '.yml.j2' %}

roles/docker-compose/templates/base.yml.j2

@@ -2,7 +2,7 @@
 services:
 {# Load Database #}
 {% if applications[application_id].docker.services.database.enabled | default(false) | bool %}
-{% include 'roles/svc-rdbms-central/templates/services/main.yml.j2' %}
+{% include 'roles/cmp-rdbms-orchestrator/templates/services/main.yml.j2' %}
 {% endif %}
 {# Load Redis #}
 {% if applications[application_id].docker.services.redis.enabled | default(false) | bool %}

roles/svc-rdbms-central/templates/services/main.yml.j2

@@ -1 +0,0 @@
-{% include 'roles/svc-rdbms-central/templates/services/' + database_type + '.yml.j2' %}

roles/util-srv-corporate-identity/meta/main.yml

@@ -25,5 +25,5 @@ galaxy_info:
   documentation: https://s.veen.world/cymais
 dependencies:
   - web-svc-legal
-  - web-svc-assets
+  - web-svc-asset
   - web-app-portfolio

roles/web-app-discourse/tasks/reset.yml

@@ -1,5 +1,5 @@
 - name: "Load database variables for reset function"
-  include_vars: "{{playbook_dir}}/roles/svc-rdbms-central/vars/main.yml"
+  include_vars: "{{playbook_dir}}/roles/cmp-rdbms-orchestrator/vars/main.yml"
 
 - name: "cleanup central database from {{application_id}}_default network"
   command:

roles/web-app-espocrm/README.md

@@ -8,7 +8,7 @@ Enhance your sales and service processes with EspoCRM, an open-source CRM featur
 
 This Ansible role deploys EspoCRM using Docker. It handles:
 
-- MariaDB database provisioning via the `svc-rdbms-central` role  
+- MariaDB database provisioning via the `cmp-rdbms-orchestrator` role  
 - Nginx domain setup with WebSocket and reverse-proxy configuration  
 - Environment variable management through Jinja2 templates  
 - Docker Compose orchestration for **web**, **daemon**, and **websocket** services  

roles/web-app-friendica/meta/main.yml

@@ -21,4 +21,3 @@ galaxy_info:
   run_after:
     - web-app-matomo
     - web-app-keycloak
-    - svc-openldap

roles/web-app-funkwhale/meta/main.yml

@@ -22,4 +22,3 @@ galaxy_info:
     - web-app-matomo
     - web-app-keycloak
     - web-app-mailu
-    - svc-openldap

roles/web-app-keycloak/meta/main.yml

@@ -21,4 +21,3 @@ galaxy_info:
     class: "fa-solid fa-lock"
   run_after:
       - web-app-matomo
-      - svc-openldap

roles/web-app-matomo/meta/main.yml

@@ -18,5 +18,3 @@ galaxy_info:
   documentation: "https://s.veen.world/cymais"
   logo:
     class: "fa-solid fa-chart-line"
-  run_after:
-    - "svc-rdbms-postgres"

roles/web-app-mobilizon/meta/main.yml

@@ -22,5 +22,3 @@ galaxy_info:
     - web-app-matomo
     - web-app-keycloak
     - web-app-mailu
-    - svc-openldap
-    - svc-rdbms-postgres

roles/web-app-nextcloud/meta/main.yml

@@ -32,4 +32,3 @@ galaxy_info:
     - web-app-collabora
     - web-app-keycloak
     - web-app-mastodon
-    - svc-rdbms-mariadb

roles/web-app-phpldapadmin/meta/main.yml

@@ -24,6 +24,5 @@ galaxy_info:
   logo:
     class: "fa-solid fa-user-lock"
   run_after:
-    - svc-openldap
     - web-app-matomo
     - web-app-keycloak

roles/web-app-phpmyadmin/meta/main.yml

@@ -26,6 +26,5 @@ galaxy_info:
   logo:
     class: "fa-solid fa-database"
   run_after:
-    - svc-rdbms-mariadb
     - web-app-matomo
     - web-app-keycloak

roles/web-app-taiga/meta/main.yml

@@ -29,6 +29,5 @@ galaxy_info:
   logo:
     class: "fa-solid fa-tasks"
   run_after:
-    - svc-rdbms-postgres
     - web-app-matomo
     - web-app-keycloak

roles/web-app-yourls/meta/main.yml

@@ -25,6 +25,5 @@ galaxy_info:
   logo:
     class: "fa-solid fa-link"
   run_after:
-    - svc-rdbms-mariadb
     - web-app-matomo
     - web-app-keycloak

roles/web-svc-asset/meta/main.yml

@@ -14,11 +14,11 @@ galaxy_info:
     - static
   repository: "https://github.com/kevinveenbirkenbach/cymais"
   issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
-  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/web-svc-assets"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/web-svc-asset"
   min_ansible_version: "2.9"
   platforms:
     - name: Any
       versions:
         - all
 dependencies:
-  - web-svc-files
+  - web-svc-file

roles/web-svc-asset/vars/main.yml

@@ -1,3 +1,3 @@
-application_id:     "assets-server"                                         # Application identifier
+application_id:     "asset"                                         # Application identifier
 source_directory:   "{{ applications[application_id].source_directory }}/"  # Source directory from which the files are coming from
 target_directory:   "{{ nginx.directories.data.files }}assets"              # Directory to which the files will be copied

roles/web-svc-file/vars/main.yml

@@ -1,2 +1,2 @@
-application_id: "file-server"
+application_id: "file"
 domain:         "{{ domains | get_domain(application_id) }}"

roles/web-svc-html/vars/main.yml

@@ -1,4 +1,4 @@
-application_id:       "html-server"
+application_id:       "html"
 domain:               "{{domains | get_domain(application_id)}}"
 features:
   portfolio_iframe:   true  # Necessary for imprint loading

roles/web-svc-legal/vars/main.yml

@@ -1 +1 @@
-application_id: "legal"  # Application identifier
+application_id: "legal"

roles/web-svc-redir-domains/meta/main.yml

@@ -14,7 +14,7 @@ galaxy_info:
     - domains
   repository: "https://github.com/kevinveenbirkenbach/cymais"
   issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
-  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/web-redirect-domains"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/tree/main/roles/web-svc-redir-domains"
   min_ansible_version: "2.9"
   platforms:
     - name: Any

roles/web-svc-redir-domains/vars/main.yml

@@ -0,0 +1 @@
+application_id: "redir-domains"

roles/web-svc-redir-www/README.md

@@ -7,7 +7,7 @@ Automates the creation of Nginx server blocks that redirect all `www.` subdomain
 This role will:
 - **Discover** existing `*.conf` vhosts in your Nginx servers directory  
 - **Filter** domains with or without your `primary_domain`  
-- **Generate** redirect rules via the `web-redirect-domains` role  
+- **Generate** redirect rules via the `web-svc-redir-domains` role  
 - **Optionally** include a wildcard redirect template (experimental) ⭐️  
 - **Clean up** leftover configs when running in cleanup mode 🧹  
 

roles/web-svc-redir-www/tasks/main.yml

@@ -3,9 +3,9 @@
   set_fact:
     www_domains: "{{ current_play_domains_all | select('match', '^www\\.') | list }}"
 
-- name: Include web-redirect-domains role for www-to-bare redirects
+- name: Include web-svc-redir-domains role for www-to-bare redirects
   include_role:
-    name: web-redirect-domains
+    name: web-svc-redir-domains
   vars:
     domain_mappings: "{{ www_domains
        | map('regex_replace',

roles/web-svc-redir-www/vars/main.yml

@@ -0,0 +1 @@
+application_id: "redir-www"

tasks/groups/.gitignore

@@ -0,0 +1 @@
+*-roles.yml

tasks/plays/02_personal-computer.yml

@@ -69,7 +69,7 @@
 - name: setup nextcloud-client
   when: ("nextcloud_client" in group_names)
   include_role:
-    name: desk-nextcloud
+    name: desk-nextcloud-client
 
 - name: setup docker
   when: ("docker_client" in group_names)

tasks/plays/02_server.yml

@@ -12,29 +12,14 @@
     - maint-btrfs-auto-balancer
 
 - name: "Integrate Docker Role includes"
-  include_tasks: "./tasks/utils/server-roles.yml"
-
-# Native Webserver Roles
-- name: setup web-svc-htmls
-  include_role:
-    name: web-svc-html
-  vars:
-    domain: "{{primary_domain}}"
-  when: ('web-svc-htmls' | application_allowed(group_names, allowed_applications))
+  include_tasks: "./tasks/groups/{{ item }}-roles.yml"
+  loop:
+    - svc
+    - web
+  loop_control:
+    label: "{{ item }}-roles.yml"
 
 - name: "setup corporate identity"
   include_role:
     name: util-srv-corporate-identity
   when: ('corporate_identity' | application_allowed(group_names, allowed_applications))
-
-- name: setup redirect hosts
-  when: ('redirect' | application_allowed(group_names, allowed_applications))
-  include_role:
-    name: web-redirect-domains
-  vars:
-    domain_mappings: "{{ current_play_domain_mappings_redirect}}"
-
-- name: setup www redirect 
-  when: ('www_redirect' | application_allowed(group_names, allowed_applications))
-  include_role:
-    name: web-redirect-www

tasks/utils/.gitignore

@@ -1 +0,0 @@
-server-roles.yml

tests/integration/test_application_id_consistency.py

@@ -9,32 +9,43 @@ ROLES_DIR = Path(__file__).resolve().parent.parent.parent / "roles"
 class TestApplicationIdConsistency(unittest.TestCase):
     def test_application_id_matches_docker_prefix(self):
         failed_roles = []
+        prefixes = ("web-app-", "web-svc-")
 
         for role_path in ROLES_DIR.iterdir():
-            if role_path.name in ["docker-container","docker-compose", "svc-rdbms-central", "docker-repository-setup"]:
+            if not role_path.is_dir():
                 continue
 
-            if role_path.is_dir() and role_path.name.startswith("web-app-"):
-                expected_id = role_path.name.replace("web-app-", "", 1)
-                vars_file = role_path / "vars" / "main.yml"
+            role_name = role_path.name
+            # check if the role name starts with one of our prefixes
+            matching = [p for p in prefixes if role_name.startswith(p)]
+            if not matching:
+                continue
 
+            prefix = matching[0]
+            # expected_id is just the remainder after the prefix
+            expected_id = role_name[len(prefix):]
+
+            vars_file = role_path / "vars" / "main.yml"
             if not vars_file.exists():
-                    failed_roles.append((role_path.name, "vars/main.yml missing"))
+                failed_roles.append((role_name, "vars/main.yml missing"))
                 continue
 
             with open(vars_file, "r") as f:
                 try:
                     vars_data = yaml.safe_load(f) or {}
                 except yaml.YAMLError as e:
-                        failed_roles.append((role_path.name, f"YAML error: {e}"))
+                    failed_roles.append((role_name, f"YAML error: {e}"))
                     continue
 
             actual_id = vars_data.get("application_id")
             if actual_id != expected_id:
-                    failed_roles.append((role_path.name, f"application_id is '{actual_id}', expected '{expected_id}'"))
+                failed_roles.append((
+                    role_name,
+                    f"application_id is '{actual_id}', expected '{expected_id}'"
+                ))
 
         if failed_roles:
-            msg = "\n".join([f"{role}: {reason}" for role, reason in failed_roles])
+            msg = "\n".join(f"{r}: {reason}" for r, reason in failed_roles)
             self.fail(f"The following roles have mismatching or missing application_id:\n{msg}")