Refactored ws implementation to use it in mastodon and in new espocrm role

roles/nginx-domain-setup/README.md

@@ -1,16 +1,35 @@
-# Nginx Domain Setup Role 🚀
+# Nginx Domain Setup 🚀
 
-This role streamlines your Nginx configuration by performing several essential tasks:
+## Description
 
-- **Modify Nginx configuration** with the `nginx-modifier-all` role.
-- **Request and receive HTTPS certificates** using the `nginx-https-get-cert` role.
-- **Deploy a domain configuration file** from a Jinja2 template.
-- **Optionally secure your domain** with OAuth2 via the `docker-oauth2-proxy` role if enabled.
+This role bootstraps **per-domain Nginx configuration**: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.
 
-## Author
+## Overview
 
-Developed by [Kevin Veen-Birkenbach](https://www.veen.world) 😎
+A higher-level orchestration wrapper, *nginx-domain-setup* ties together several lower-level roles:
 
----
+1. **`nginx-modifier-all`** – applies global tweaks and includes.  
+2. **`nginx-https-get-cert`** – obtains Let’s Encrypt certificates.  
+3. **Domain template deployment** – copies a Jinja2 vHost from *nginx-docker-reverse-proxy*.  
+4. **`docker-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
 
-Happy automating! 🎉
+The result is a complete, reproducible domain rollout in a single playbook task.
+
+## Purpose
+
+Provide **one-stop, idempotent domain provisioning** for Nginx-based homelabs or small production environments.
+
+## Features
+
+- **End-to-end TLS** — certificate retrieval and secure headers included.  
+- **Template-driven vHosts** — choose *basic* or *ws_generic* flavours (or your own).  
+- **Conditional OAuth2** — easily toggle authentication per application.  
+- **Handler-safe** — automatically triggers an Nginx reload when templates change.  
+- **Composable** — designed to be called repeatedly for many domains.
+
+## Credits 📝
+
+Developed and maintained by **Kevin Veen-Birkenbach**.  
+Learn more at <https://www.veen.world>
+
+Part of the **CyMaIS Project** — licensed under the [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)

roles/nginx-domain-setup/defaults/main.yml

@@ -0,0 +1,5 @@
+# default vhost flavour
+vhost_flavour:        "basic"               # valid: basic | ws_generic
+
+# build the full template path from the flavour
+vhost_template_src:   "roles/nginx-docker-reverse-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"

roles/nginx-domain-setup/meta/main.yml

@@ -0,0 +1,25 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automated domain provisioning (TLS, vHost, OAuth2) for Nginx."
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - nginx
+    - tls
+    - letsencrypt
+    - oauth2
+    - automation
+    - archlinux
+  repository: https://s.veen.world/cymais
+  issue_tracker_url: https://s.veen.world/cymaisissues
+  documentation: https://s.veen.world/cymais

roles/nginx-domain-setup/tasks/main.yml

@@ -2,10 +2,10 @@
   include_role:
     name: nginx-https-get-cert-modify-all
     
-- name: "copy nginx domain configuration to {{configuration_destination}}"
-  template: 
-    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{configuration_destination}}"
+- name: "copy nginx domain configuration to {{ configuration_destination }}"
+  template:
+    src:  "{{ vhost_template_src }}"
+    dest: "{{ configuration_destination }}"
   notify: restart nginx
   
 - name: "include the docker-oauth2-proxy role {{domain}}"