Refactor: migrate cmp/* and srv/* roles into sys-stk/* and sys-svc/* namespaces

- Removed obsolete 'cmp' category, introduced 'stk' category (fa-bars-staggered icon).
- Renamed roles:
  * cmp-db-docker → sys-stk-back-stateful
  * cmp-docker-oauth2 → sys-stk-back-stateless
  * srv-domain-provision → sys-stk-front
  * cmp-db-docker-proxy → sys-stk-full-stateful
  * cmp-docker-proxy → sys-stk-full-stateless
  * cmp-rdbms → sys-svc-rdbms
- Updated all include_role references, vars, templates and README.md files.
- Adjusted run_once comments and variable paths accordingly.
- Updated all web-app roles to use new sys-stk/* and sys-svc/* roles.

Conversation: https://chatgpt.com/share/68b0ba66-09f8-800f-86fc-76c47009d431

roles/sys-stk-back-stateless/README.md

@@ -0,0 +1,21 @@
+# sys-stk-back-stateless
+
+This Ansible role enhances a Docker Compose application by conditionally enabling OAuth2-based authentication. It ensures that the `docker-compose` role is always loaded, and if the application has OAuth2 support enabled via `features.oauth2`, it also configures the OAuth2 proxy.
+
+## Features
+
+- Loads the `docker-compose` role
+- Conditionally configures OAuth2 reverse proxy via `web-app-oauth2-proxy`
+- Supports OIDC providers like Keycloak
+- Application-driven behavior via `features.oauth2` in the configuration
+
+## License
+
+Infinito.Nexus NonCommercial License
+See: [https://s.infinito.nexus/license](https://s.infinito.nexus/license)
+
+## Author
+
+Kevin Veen-Birkenbach
+Consulting & Coaching Solutions
+[https://www.veen.world](https://www.veen.world)

roles/sys-stk-back-stateless/defaults/main.yml

@@ -0,0 +1 @@
+docker_compose_flush_handlers: false # Set to true in the vars/main.yml of the including role to autoflush after docker compose routine

roles/sys-stk-back-stateless/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: >
+    Loads the docker-compose role and adds OAuth2 proxy support if enabled
+    in the application's configuration. This ensures authentication via a
+    centralized OIDC provider (e.g., Keycloak) with minimal configuration overhead.
+  license: "Infinito.Nexus NonCommercial License"
+  license_url: "https://s.infinito.nexus/license"
+  company: "Kevin Veen-Birkenbach Consulting & Coaching Solutions"
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Docker
+      versions:
+        - "latest"
+  galaxy_tags:
+    - docker
+    - compose
+    - oauth2
+    - oidc
+    - authentication
+    - proxy
+  repository: "https://s.infinito.nexus/code"
+  issue_tracker_url: "https://s.infinito.nexus/issues"
+  documentation: "https://docs.infinito.nexus"

roles/sys-stk-back-stateless/tasks/main.yml

@@ -0,0 +1,19 @@
+# run_once_sys_stk_back_stateless: disabled
+
+- name: "For '{{ application_id }}': Load docker-compose"
+  include_role: 
+    name: docker-compose
+  vars:
+    docker_compose_flush_handlers: false
+
+- block:
+    - name: "set oauth2_proxy_application_id (Needed due to lazzy loading issue)"
+      set_fact:
+        oauth2_proxy_application_id: "{{ application_id }}"
+    - name: "include the web-app-oauth2-proxy role {{ domain }}"
+      include_tasks: "{{ playbook_dir }}/roles/web-app-oauth2-proxy/tasks/main.yml"
+  when: applications | get_app_conf(application_id, 'features.oauth2', False)
+
+- name: "flush docker compose and oauth2 proxy for '{{ application_id }}'"
+  meta: flush_handlers
+  when: docker_compose_flush_handlers | bool