Renamed server roles by osi they work on

roles/srv-web-7-4-core/README.md

@@ -0,0 +1,24 @@
+# Webserver
+
+This Ansible role installs and configures **Nginx** as a core HTTP/stream server on Arch Linux systems. It provides:
+
+* **HTTP serving** with MIME types, gzip compression, caching, and custom `nginx.conf` templating.
+* **TCP/UDP stream support** via the Nginx Streams module.
+* **Directory management** for configuration, `sites-available`/`enabled`, cache, and data.
+* **Debugging helpers**: log formats and instructions for general and detailed troubleshooting.
+
+## Features
+
+* **Package installation** of `nginx` and `nginx-mod-stream`.
+* **Idempotent setup**: tasks run only once per host.
+* **Configurable reset and cleanup** modes to purge and recreate directories.
+* **Custom `nginx.conf`** template with sensible defaults for performance and security.
+* **Stream proxy support**: includes `stream` block for TCP/UDP proxies.
+* **Cache directory management**: cleanup and recreation based on `mode_cleanup`.
+
+
+## Debugging Tips
+
+* **General logs**: `journalctl -f -u nginx`
+* **Filter by host**: `journalctl -u nginx -f | grep "{{ inventory_hostname }}"`
+* **Enable detailed format**: set `enable_debug: true` and reload Nginx.

roles/srv-web-7-4-core/handlers/main.yml

@@ -0,0 +1,14 @@
+---
+- name: Validate Nginx configuration
+  command: nginx -t
+  register: nginx_test
+  changed_when: false
+  failed_when: nginx_test.rc != 0
+  listen: restart nginx
+
+- name: restart nginx
+  service: 
+    name: nginx 
+    state:  restarted 
+    enabled: yes
+  listen: restart nginx

roles/srv-web-7-4-core/meta/main.yml

@@ -0,0 +1,24 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Installs and configures Nginx HTTP and stream modules with performance-tuned defaults."
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  min_ansible_version: "2.9"
+  galaxy_tags:
+    - nginx
+    - http
+    - stream
+    - caching
+    - compression
+    - security
+    - performance
+  repository: "https://github.com/kevinveenbirkenbach/cymais"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/roles/srv-web-7-4-core"
+dependencies:
+  - mon-bot-webserver
+  - mon-bot-csp

roles/srv-web-7-4-core/tasks/cache_directories.yml

@@ -0,0 +1,30 @@
+- name: Cleanup all NGINX cache directories
+  become: true
+  ansible.builtin.file:
+    path: "{{ item.value }}"
+    state: absent
+  when:
+    - mode_cleanup | bool
+    - run_once_nginx_reverse_proxy is not defined
+  loop: "{{ nginx.directories.cache | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: Ensure all NGINX cache directories exist
+  become: true
+  ansible.builtin.file:
+    path: "{{ item.value }}"
+    state: directory
+    owner: "{{ nginx.user }}"
+    group: "{{ nginx.user }}"
+    mode: '0700'
+      
+  when: run_once_nginx_reverse_proxy is not defined
+  loop: "{{ nginx.directories.cache | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+
+- name: run the nginx_reverse_proxy tasks once
+  set_fact:
+    run_once_nginx_reverse_proxy: true
+  when: run_once_nginx_reverse_proxy is not defined

roles/srv-web-7-4-core/tasks/main.yml

@@ -0,0 +1,60 @@
+---
+- name: install nginx
+  pacman:
+    name:
+      - nginx
+      - nginx-mod-stream
+    state:  present
+  notify: restart nginx
+  when: run_once_srv_web_core is not defined
+
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_srv_web_core is not defined
+  
+- name: Ensure nginx configuration directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{nginx.user}}"
+    group: "{{nginx.user}}"
+    mode: '0755'
+    recurse: yes
+  loop: >
+    {{
+      [ nginx.directories.configuration ] +
+      (nginx.directories.http.values() | list) +
+      [ nginx.directories.streams ] 
+    }}
+  when: run_once_srv_web_core is not defined
+
+- name: Ensure nginx data storage directories are present
+  file:
+    path: "{{ item }}"
+    state: directory
+    recurse: yes
+    owner: "{{nginx.user}}"
+    group: "{{nginx.user}}"
+    mode:  '0755'
+  loop: >
+    {{ nginx.directories.data.values() | list }}
+  when: run_once_srv_web_core is not defined
+
+- name: "Include tasks to create cache directories"
+  include_tasks: cache_directories.yml
+
+- name: create nginx config file
+  template: 
+    src:  nginx.conf.j2 
+    dest: /etc/nginx/nginx.conf
+  notify: restart nginx
+  when: run_once_srv_web_core is not defined
+
+- name: flush nginx service
+  meta: flush_handlers
+  when: run_once_srv_web_core is not defined
+
+- name: run {{ role_name }} once
+  set_fact:
+    run_once_srv_web_core: true
+  when: run_once_srv_web_core is not defined

roles/srv-web-7-4-core/tasks/reset.yml

@@ -0,0 +1,4 @@
+- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
+  file:
+    path: "{{ nginx.directories.configuration }}"
+    state: absent

roles/srv-web-7-4-core/templates/nginx.conf.j2

@@ -0,0 +1,63 @@
+load_module /usr/lib/nginx/modules/ngx_stream_module.so;
+worker_processes auto;
+
+events
+{
+  worker_connections 1024;
+}
+
+http
+{
+  include mime.types;
+  default_type text/html;
+
+  {# caching #}
+  proxy_cache_path {{ nginx.directories.cache.general }} levels=1:2 keys_zone=cache:20m max_size=20g inactive=14d use_temp_path=off;
+  proxy_cache_path {{ nginx.directories.cache.image }} levels=1:2 keys_zone=imgcache:10m inactive=60m use_temp_path=off;
+
+  # --------------------------------------------------------------------------------
+  # Tweak the hash table used to store your server_name entries:
+  server_names_hash_bucket_size 64;   # size of each bucket for server_name lookups (in bytes)
+  server_names_hash_max_size    512;  # maximum total buckets for the server_name hash table
+  # --------------------------------------------------------------------------------
+
+  {# logging and debugging #}
+{% if enable_debug | bool %}
+  {# individual log format for better debugging #}
+  log_format debug '$host - $remote_addr [$time_local] '
+                  '"$request" $status $body_bytes_sent '
+                  '"Referer: $http_referer" '
+                  '"User-Agent: $http_user_agent" '
+                  '"ReqTime: $request_time" "UpstreamTime: $upstream_response_time" '
+                  '"ReqLength: $request_length" "BytesSent: $bytes_sent" '
+                  '"ConnRequests: $connection_requests" '
+                  '"X-Forwarded-For: $http_x_forwarded_for" '
+                  '"Scheme: $scheme" "Protocol: $server_protocol" "ServerName: $server_name"';
+  access_log syslog:server=unix:/dev/log debug;
+{% else %}
+  access_log syslog:server=unix:/dev/log;
+{% endif %}
+  error_log syslog:server=unix:/dev/log;
+
+  sendfile on;
+  keepalive_timeout 65;
+
+  {# gzip #}
+  gzip on;
+  gzip_proxied any;
+  gzip_vary on;
+  gzip_disable "MSIE [1-6]\.(?!.*SV1)"; # Disable for Internetexplorer 6
+  gzip_comp_level 4;
+  gzip_min_length 256;
+  gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml;
+
+  types_hash_max_size 4096;  
+  {% for dir in nginx.directories.http.values() %}
+  include {{ dir }}*.conf;
+  {% endfor %}
+}
+
+# For port proxies
+stream{
+  include {{nginx.directories.streams}}*.conf;
+}