diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 7e88eecb..d9654bf2 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -3,7 +3,7 @@ name: '{{ item }}' loop: - sys-svc-certbot - - sys-svc-webserver + - sys-svc-webserver-core - sys-ctl-alm-compose - name: install certbot diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index 4856acc4..5703dbb0 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -41,9 +41,9 @@ when: inj_enabled.logout - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_all is not defined \ No newline at end of file diff --git a/roles/sys-front-inj-css/tasks/01_core.yml b/roles/sys-front-inj-css/tasks/01_core.yml index 62083809..f20452b6 100644 --- a/roles/sys-front-inj-css/tasks/01_core.yml +++ b/roles/sys-front-inj-css/tasks/01_core.yml @@ -1,7 +1,7 @@ -- name: Include dependency 'sys-svc-webserver' +- name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - name: Generate color palette with colorscheme-generator set_fact: diff --git a/roles/sys-front-inj-desktop/tasks/main.yml b/roles/sys-front-inj-desktop/tasks/main.yml index ce679fb0..81b3ed2b 100644 --- a/roles/sys-front-inj-desktop/tasks/main.yml +++ b/roles/sys-front-inj-desktop/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: 01_deploy.yml - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_desktop is not defined diff --git a/roles/sys-front-inj-javascript/tasks/main.yml b/roles/sys-front-inj-javascript/tasks/main.yml index 79901fa8..eedc46ce 100644 --- a/roles/sys-front-inj-javascript/tasks/main.yml +++ b/roles/sys-front-inj-javascript/tasks/main.yml @@ -1,9 +1,9 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_javascript is not defined diff --git a/roles/sys-front-inj-logout/tasks/01_core.yml b/roles/sys-front-inj-logout/tasks/01_core.yml index 25e71680..4ab06876 100644 --- a/roles/sys-front-inj-logout/tasks/01_core.yml +++ b/roles/sys-front-inj-logout/tasks/01_core.yml @@ -1,8 +1,8 @@ -- name: Include dependency 'sys-svc-webserver' +- name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver + name: sys-svc-webserver-core when: - - run_once_sys_svc_webserver is not defined + - run_once_sys_svc_webserver_core is not defined - name: "deploy the logout.js" include_tasks: "02_deploy.yml" \ No newline at end of file diff --git a/roles/sys-front-inj-matomo/tasks/main.yml b/roles/sys-front-inj-matomo/tasks/main.yml index fb6edf0a..c7e393d6 100644 --- a/roles/sys-front-inj-matomo/tasks/main.yml +++ b/roles/sys-front-inj-matomo/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_matomo is not defined diff --git a/roles/sys-stk-front-proxy/tasks/01_base.yml b/roles/sys-stk-front-proxy/tasks/01_base.yml index 31b5cc9f..fdf3e559 100644 --- a/roles/sys-stk-front-proxy/tasks/01_base.yml +++ b/roles/sys-stk-front-proxy/tasks/01_base.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_sys_stk_front_proxy is not defined diff --git a/roles/sys-svc-certs/tasks/main.yml b/roles/sys-svc-certs/tasks/main.yml index fcabcbe2..0d1a6639 100644 --- a/roles/sys-svc-certs/tasks/main.yml +++ b/roles/sys-svc-certs/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_sys_svc_certs is not defined diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index ce84c21c..83e28d8a 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-svc-webserver + - sys-svc-webserver-core - name: Include task to remove deprecated nginx configs include_tasks: remove_deprecated_nginx_configs.yml diff --git a/roles/sys-svc-proxy/README.md b/roles/sys-svc-proxy/README.md index fa1ea4cd..cae6907d 100644 --- a/roles/sys-svc-proxy/README.md +++ b/roles/sys-svc-proxy/README.md @@ -16,7 +16,7 @@ The goal of this role is to deliver a **hassle-free, production-ready reverse pr ## Features -- **Automatic TLS & HSTS** — integrates with the *sys-stk-front-pure* role for certificate management. +- **Automatic TLS & HSTS** — integrates with the *sys-svc-webserver-https* role for certificate management. - **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications. - **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings. - **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured. diff --git a/roles/sys-svc-proxy/TODO.md b/roles/sys-svc-proxy/TODO.md index f6efbbbd..313d0bce 100644 --- a/roles/sys-svc-proxy/TODO.md +++ b/roles/sys-svc-proxy/TODO.md @@ -2,4 +2,4 @@ - Optimize buffering - Optimize caching - Make 'proxy_hide_header Content-Security-Policy' optional by using more_header option. See [ChatGPT Conversation](https://chatgpt.com/share/6825cb39-8db8-800f-8886-0cebdfad575a) -- Refactor this role - It seems like it's just an wrapper for 'sys-stk-front-pure' which doesn't add any additional logic +- Refactor this role - It seems like it's just an wrapper for 'sys-svc-webserver-https' which doesn't add any additional logic diff --git a/roles/sys-svc-webserver/README.md b/roles/sys-svc-webserver-core/README.md similarity index 100% rename from roles/sys-svc-webserver/README.md rename to roles/sys-svc-webserver-core/README.md diff --git a/roles/sys-svc-webserver/TODO.md b/roles/sys-svc-webserver-core/TODO.md similarity index 100% rename from roles/sys-svc-webserver/TODO.md rename to roles/sys-svc-webserver-core/TODO.md diff --git a/roles/sys-svc-webserver/meta/main.yml b/roles/sys-svc-webserver-core/meta/main.yml similarity index 98% rename from roles/sys-svc-webserver/meta/main.yml rename to roles/sys-svc-webserver-core/meta/main.yml index 85fd6dbe..57ff6fb8 100644 --- a/roles/sys-svc-webserver/meta/main.yml +++ b/roles/sys-svc-webserver-core/meta/main.yml @@ -18,4 +18,4 @@ galaxy_info: - performance repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver" \ No newline at end of file + documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver-core" \ No newline at end of file diff --git a/roles/sys-svc-webserver/tasks/01_core.yml b/roles/sys-svc-webserver-core/tasks/01_core.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/01_core.yml rename to roles/sys-svc-webserver-core/tasks/01_core.yml diff --git a/roles/sys-svc-webserver/tasks/02_cleanup.yml b/roles/sys-svc-webserver-core/tasks/02_cleanup.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/02_cleanup.yml rename to roles/sys-svc-webserver-core/tasks/02_cleanup.yml diff --git a/roles/sys-svc-webserver/tasks/03_reset.yml b/roles/sys-svc-webserver-core/tasks/03_reset.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/03_reset.yml rename to roles/sys-svc-webserver-core/tasks/03_reset.yml diff --git a/roles/sys-svc-webserver/tasks/04_directories.yml b/roles/sys-svc-webserver-core/tasks/04_directories.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/04_directories.yml rename to roles/sys-svc-webserver-core/tasks/04_directories.yml diff --git a/roles/sys-svc-webserver-core/tasks/main.yml b/roles/sys-svc-webserver-core/tasks/main.yml new file mode 100644 index 00000000..2b46a771 --- /dev/null +++ b/roles/sys-svc-webserver-core/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- block: + - include_tasks: 01_core.yml + when: run_once_sys_svc_webserver_core is not defined diff --git a/roles/sys-svc-webserver/templates/nginx.conf.j2 b/roles/sys-svc-webserver-core/templates/nginx.conf.j2 similarity index 100% rename from roles/sys-svc-webserver/templates/nginx.conf.j2 rename to roles/sys-svc-webserver-core/templates/nginx.conf.j2 diff --git a/roles/sys-stk-front-pure/README.md b/roles/sys-svc-webserver-https/README.md similarity index 67% rename from roles/sys-stk-front-pure/README.md rename to roles/sys-svc-webserver-https/README.md index d02d8491..fa2322f0 100644 --- a/roles/sys-stk-front-pure/README.md +++ b/roles/sys-svc-webserver-https/README.md @@ -1,21 +1,21 @@ # Webserver HTTPS Provisioning 🚀 ## Description -The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: +The **sys-svc-webserver-https** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: 1. Ensures your Nginx server is configured for SSL/TLS. 2. Pulls in Let’s Encrypt ACME challenge handling. 3. Applies global cleanup of unused domain configs. -This role is built on top of your existing `sys-svc-webserver` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. +This role is built on top of your existing `sys-svc-webserver-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. --- ## Overview -When you apply **sys-stk-front-pure**, it will: +When you apply **sys-svc-webserver-https**, it will: -1. **Include** the `sys-svc-webserver` role to install and configure Nginx. +1. **Include** the `sys-svc-webserver-core` role to install and configure Nginx. 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`. 3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`. 4. **Reload** Nginx automatically when any template changes. @@ -40,17 +40,6 @@ All tasks are idempotent—once your certificates are in place and your configur --- -## Requirements - -- A working `sys-svc-webserver` setup. -- DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow. -- Variables: - - `LETSENCRYPT_WEBROOT_PATH` - - `LETSENCRYPT_LIVE_PATH` - - `on_calendar_renew_lets_encrypt_certificates` - ---- - ## License This role is released under the **Infinito.Nexus NonCommercial License**. diff --git a/roles/sys-stk-front-pure/meta/main.yml b/roles/sys-svc-webserver-https/meta/main.yml similarity index 100% rename from roles/sys-stk-front-pure/meta/main.yml rename to roles/sys-svc-webserver-https/meta/main.yml diff --git a/roles/sys-stk-front-pure/tasks/main.yml b/roles/sys-svc-webserver-https/tasks/main.yml similarity index 70% rename from roles/sys-stk-front-pure/tasks/main.yml rename to roles/sys-svc-webserver-https/tasks/main.yml index cde74987..f9a95994 100644 --- a/roles/sys-stk-front-pure/tasks/main.yml +++ b/roles/sys-svc-webserver-https/tasks/main.yml @@ -3,9 +3,9 @@ include_role: name: '{{ item }}' loop: - - sys-svc-webserver + - sys-svc-webserver-core - sys-svc-cln-domains - sys-svc-letsencrypt - sys-svc-dns - include_tasks: utils/run_once.yml - when: run_once_sys_stk_front_pure is not defined + when: run_once_sys_svc_webserver_https is not defined diff --git a/roles/sys-svc-webserver/tasks/main.yml b/roles/sys-svc-webserver/tasks/main.yml deleted file mode 100644 index 0d5d9cc2..00000000 --- a/roles/sys-svc-webserver/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- block: - - include_tasks: 01_core.yml - when: run_once_sys_svc_webserver is not defined diff --git a/roles/web-opt-rdr-domains/tasks/main.yml b/roles/web-opt-rdr-domains/tasks/main.yml index f8db46e5..4fc36e5d 100644 --- a/roles/web-opt-rdr-domains/tasks/main.yml +++ b/roles/web-opt-rdr-domains/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_web_opt_rdr_domains is not defined diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index f30bea45..8c1ab70d 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -1,10 +1,4 @@ - block: - - name: Include dependency 'sys-svc-webserver' - include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined - - include_tasks: utils/run_once.yml - when: run_once_web_opt_rdr_www is not defined - name: Include web-opt-rdr-domains role for www-to-bare redirects include_role: diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index 171f3acb..11346274 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -2,7 +2,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - name: "include role for {{ application_id }} to receive certs & do modification routines" diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index a1f4701a..a4ccf075 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_file is not defined diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index 55bf5f84..70fdd84c 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_html is not defined