From 97af4990aa25082bd3982e305ecbb58ddb37d75c Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 26 Sep 2025 19:34:42 +0200 Subject: [PATCH] refactor(webserver): rename roles and update references - Rename sys-svc-webserver -> sys-svc-webserver-core - Rename sys-stk-front-pure -> sys-svc-webserver-https - Update includes, run_once flags, and docs across: * sys-ctl-mtn-cert-renew * sys-front-inj-* * sys-stk-front-proxy * sys-svc-certs * sys-svc-cln-domains * web-opt-rdr-* * web-svc-* - Remove redundant webserver include in web-opt-rdr-www - Fix documentation links Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b --- .../sys-ctl-mtn-cert-renew/tasks/01_core.yml | 2 +- roles/sys-front-inj-all/tasks/main.yml | 6 +++--- roles/sys-front-inj-css/tasks/01_core.yml | 6 +++--- roles/sys-front-inj-desktop/tasks/main.yml | 6 +++--- roles/sys-front-inj-javascript/tasks/main.yml | 6 +++--- roles/sys-front-inj-logout/tasks/01_core.yml | 6 +++--- roles/sys-front-inj-matomo/tasks/main.yml | 6 +++--- roles/sys-stk-front-proxy/tasks/01_base.yml | 6 +++--- roles/sys-svc-certs/tasks/main.yml | 6 +++--- roles/sys-svc-cln-domains/tasks/main.yml | 2 +- roles/sys-svc-proxy/README.md | 2 +- roles/sys-svc-proxy/TODO.md | 2 +- .../README.md | 0 .../TODO.md | 0 .../meta/main.yml | 2 +- .../tasks/01_core.yml | 0 .../tasks/02_cleanup.yml | 0 .../tasks/03_reset.yml | 0 .../tasks/04_directories.yml | 0 roles/sys-svc-webserver-core/tasks/main.yml | 4 ++++ .../templates/nginx.conf.j2 | 0 .../README.md | 19 ++++--------------- .../meta/main.yml | 0 .../tasks/main.yml | 4 ++-- roles/sys-svc-webserver/tasks/main.yml | 4 ---- roles/web-opt-rdr-domains/tasks/main.yml | 6 +++--- roles/web-opt-rdr-www/tasks/main.yml | 6 ------ roles/web-svc-cdn/tasks/01_core.yml | 2 +- roles/web-svc-file/tasks/main.yml | 2 +- roles/web-svc-html/tasks/main.yml | 2 +- 30 files changed, 45 insertions(+), 62 deletions(-) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/README.md (100%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/TODO.md (100%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/meta/main.yml (98%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/tasks/01_core.yml (100%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/tasks/02_cleanup.yml (100%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/tasks/03_reset.yml (100%) rename roles/{sys-svc-webserver => sys-svc-webserver-core}/tasks/04_directories.yml (100%) create mode 100644 roles/sys-svc-webserver-core/tasks/main.yml rename roles/{sys-svc-webserver => sys-svc-webserver-core}/templates/nginx.conf.j2 (100%) rename roles/{sys-stk-front-pure => sys-svc-webserver-https}/README.md (67%) rename roles/{sys-stk-front-pure => sys-svc-webserver-https}/meta/main.yml (100%) rename roles/{sys-stk-front-pure => sys-svc-webserver-https}/tasks/main.yml (70%) delete mode 100644 roles/sys-svc-webserver/tasks/main.yml diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 7e88eecb..d9654bf2 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -3,7 +3,7 @@ name: '{{ item }}' loop: - sys-svc-certbot - - sys-svc-webserver + - sys-svc-webserver-core - sys-ctl-alm-compose - name: install certbot diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index 4856acc4..5703dbb0 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -41,9 +41,9 @@ when: inj_enabled.logout - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_all is not defined \ No newline at end of file diff --git a/roles/sys-front-inj-css/tasks/01_core.yml b/roles/sys-front-inj-css/tasks/01_core.yml index 62083809..f20452b6 100644 --- a/roles/sys-front-inj-css/tasks/01_core.yml +++ b/roles/sys-front-inj-css/tasks/01_core.yml @@ -1,7 +1,7 @@ -- name: Include dependency 'sys-svc-webserver' +- name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - name: Generate color palette with colorscheme-generator set_fact: diff --git a/roles/sys-front-inj-desktop/tasks/main.yml b/roles/sys-front-inj-desktop/tasks/main.yml index ce679fb0..81b3ed2b 100644 --- a/roles/sys-front-inj-desktop/tasks/main.yml +++ b/roles/sys-front-inj-desktop/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: 01_deploy.yml - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_desktop is not defined diff --git a/roles/sys-front-inj-javascript/tasks/main.yml b/roles/sys-front-inj-javascript/tasks/main.yml index 79901fa8..eedc46ce 100644 --- a/roles/sys-front-inj-javascript/tasks/main.yml +++ b/roles/sys-front-inj-javascript/tasks/main.yml @@ -1,9 +1,9 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_javascript is not defined diff --git a/roles/sys-front-inj-logout/tasks/01_core.yml b/roles/sys-front-inj-logout/tasks/01_core.yml index 25e71680..4ab06876 100644 --- a/roles/sys-front-inj-logout/tasks/01_core.yml +++ b/roles/sys-front-inj-logout/tasks/01_core.yml @@ -1,8 +1,8 @@ -- name: Include dependency 'sys-svc-webserver' +- name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver + name: sys-svc-webserver-core when: - - run_once_sys_svc_webserver is not defined + - run_once_sys_svc_webserver_core is not defined - name: "deploy the logout.js" include_tasks: "02_deploy.yml" \ No newline at end of file diff --git a/roles/sys-front-inj-matomo/tasks/main.yml b/roles/sys-front-inj-matomo/tasks/main.yml index fb6edf0a..c7e393d6 100644 --- a/roles/sys-front-inj-matomo/tasks/main.yml +++ b/roles/sys-front-inj-matomo/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-svc-webserver' + - name: Include dependency 'sys-svc-webserver-core' include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined + name: sys-svc-webserver-core + when: run_once_sys_svc_webserver_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_matomo is not defined diff --git a/roles/sys-stk-front-proxy/tasks/01_base.yml b/roles/sys-stk-front-proxy/tasks/01_base.yml index 31b5cc9f..fdf3e559 100644 --- a/roles/sys-stk-front-proxy/tasks/01_base.yml +++ b/roles/sys-stk-front-proxy/tasks/01_base.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_sys_stk_front_proxy is not defined diff --git a/roles/sys-svc-certs/tasks/main.yml b/roles/sys-svc-certs/tasks/main.yml index fcabcbe2..0d1a6639 100644 --- a/roles/sys-svc-certs/tasks/main.yml +++ b/roles/sys-svc-certs/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_sys_svc_certs is not defined diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index ce84c21c..83e28d8a 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-svc-webserver + - sys-svc-webserver-core - name: Include task to remove deprecated nginx configs include_tasks: remove_deprecated_nginx_configs.yml diff --git a/roles/sys-svc-proxy/README.md b/roles/sys-svc-proxy/README.md index fa1ea4cd..cae6907d 100644 --- a/roles/sys-svc-proxy/README.md +++ b/roles/sys-svc-proxy/README.md @@ -16,7 +16,7 @@ The goal of this role is to deliver a **hassle-free, production-ready reverse pr ## Features -- **Automatic TLS & HSTS** — integrates with the *sys-stk-front-pure* role for certificate management. +- **Automatic TLS & HSTS** — integrates with the *sys-svc-webserver-https* role for certificate management. - **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications. - **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings. - **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured. diff --git a/roles/sys-svc-proxy/TODO.md b/roles/sys-svc-proxy/TODO.md index f6efbbbd..313d0bce 100644 --- a/roles/sys-svc-proxy/TODO.md +++ b/roles/sys-svc-proxy/TODO.md @@ -2,4 +2,4 @@ - Optimize buffering - Optimize caching - Make 'proxy_hide_header Content-Security-Policy' optional by using more_header option. See [ChatGPT Conversation](https://chatgpt.com/share/6825cb39-8db8-800f-8886-0cebdfad575a) -- Refactor this role - It seems like it's just an wrapper for 'sys-stk-front-pure' which doesn't add any additional logic +- Refactor this role - It seems like it's just an wrapper for 'sys-svc-webserver-https' which doesn't add any additional logic diff --git a/roles/sys-svc-webserver/README.md b/roles/sys-svc-webserver-core/README.md similarity index 100% rename from roles/sys-svc-webserver/README.md rename to roles/sys-svc-webserver-core/README.md diff --git a/roles/sys-svc-webserver/TODO.md b/roles/sys-svc-webserver-core/TODO.md similarity index 100% rename from roles/sys-svc-webserver/TODO.md rename to roles/sys-svc-webserver-core/TODO.md diff --git a/roles/sys-svc-webserver/meta/main.yml b/roles/sys-svc-webserver-core/meta/main.yml similarity index 98% rename from roles/sys-svc-webserver/meta/main.yml rename to roles/sys-svc-webserver-core/meta/main.yml index 85fd6dbe..57ff6fb8 100644 --- a/roles/sys-svc-webserver/meta/main.yml +++ b/roles/sys-svc-webserver-core/meta/main.yml @@ -18,4 +18,4 @@ galaxy_info: - performance repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver" \ No newline at end of file + documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver-core" \ No newline at end of file diff --git a/roles/sys-svc-webserver/tasks/01_core.yml b/roles/sys-svc-webserver-core/tasks/01_core.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/01_core.yml rename to roles/sys-svc-webserver-core/tasks/01_core.yml diff --git a/roles/sys-svc-webserver/tasks/02_cleanup.yml b/roles/sys-svc-webserver-core/tasks/02_cleanup.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/02_cleanup.yml rename to roles/sys-svc-webserver-core/tasks/02_cleanup.yml diff --git a/roles/sys-svc-webserver/tasks/03_reset.yml b/roles/sys-svc-webserver-core/tasks/03_reset.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/03_reset.yml rename to roles/sys-svc-webserver-core/tasks/03_reset.yml diff --git a/roles/sys-svc-webserver/tasks/04_directories.yml b/roles/sys-svc-webserver-core/tasks/04_directories.yml similarity index 100% rename from roles/sys-svc-webserver/tasks/04_directories.yml rename to roles/sys-svc-webserver-core/tasks/04_directories.yml diff --git a/roles/sys-svc-webserver-core/tasks/main.yml b/roles/sys-svc-webserver-core/tasks/main.yml new file mode 100644 index 00000000..2b46a771 --- /dev/null +++ b/roles/sys-svc-webserver-core/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- block: + - include_tasks: 01_core.yml + when: run_once_sys_svc_webserver_core is not defined diff --git a/roles/sys-svc-webserver/templates/nginx.conf.j2 b/roles/sys-svc-webserver-core/templates/nginx.conf.j2 similarity index 100% rename from roles/sys-svc-webserver/templates/nginx.conf.j2 rename to roles/sys-svc-webserver-core/templates/nginx.conf.j2 diff --git a/roles/sys-stk-front-pure/README.md b/roles/sys-svc-webserver-https/README.md similarity index 67% rename from roles/sys-stk-front-pure/README.md rename to roles/sys-svc-webserver-https/README.md index d02d8491..fa2322f0 100644 --- a/roles/sys-stk-front-pure/README.md +++ b/roles/sys-svc-webserver-https/README.md @@ -1,21 +1,21 @@ # Webserver HTTPS Provisioning 🚀 ## Description -The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: +The **sys-svc-webserver-https** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: 1. Ensures your Nginx server is configured for SSL/TLS. 2. Pulls in Let’s Encrypt ACME challenge handling. 3. Applies global cleanup of unused domain configs. -This role is built on top of your existing `sys-svc-webserver` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. +This role is built on top of your existing `sys-svc-webserver-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. --- ## Overview -When you apply **sys-stk-front-pure**, it will: +When you apply **sys-svc-webserver-https**, it will: -1. **Include** the `sys-svc-webserver` role to install and configure Nginx. +1. **Include** the `sys-svc-webserver-core` role to install and configure Nginx. 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`. 3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`. 4. **Reload** Nginx automatically when any template changes. @@ -40,17 +40,6 @@ All tasks are idempotent—once your certificates are in place and your configur --- -## Requirements - -- A working `sys-svc-webserver` setup. -- DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow. -- Variables: - - `LETSENCRYPT_WEBROOT_PATH` - - `LETSENCRYPT_LIVE_PATH` - - `on_calendar_renew_lets_encrypt_certificates` - ---- - ## License This role is released under the **Infinito.Nexus NonCommercial License**. diff --git a/roles/sys-stk-front-pure/meta/main.yml b/roles/sys-svc-webserver-https/meta/main.yml similarity index 100% rename from roles/sys-stk-front-pure/meta/main.yml rename to roles/sys-svc-webserver-https/meta/main.yml diff --git a/roles/sys-stk-front-pure/tasks/main.yml b/roles/sys-svc-webserver-https/tasks/main.yml similarity index 70% rename from roles/sys-stk-front-pure/tasks/main.yml rename to roles/sys-svc-webserver-https/tasks/main.yml index cde74987..f9a95994 100644 --- a/roles/sys-stk-front-pure/tasks/main.yml +++ b/roles/sys-svc-webserver-https/tasks/main.yml @@ -3,9 +3,9 @@ include_role: name: '{{ item }}' loop: - - sys-svc-webserver + - sys-svc-webserver-core - sys-svc-cln-domains - sys-svc-letsencrypt - sys-svc-dns - include_tasks: utils/run_once.yml - when: run_once_sys_stk_front_pure is not defined + when: run_once_sys_svc_webserver_https is not defined diff --git a/roles/sys-svc-webserver/tasks/main.yml b/roles/sys-svc-webserver/tasks/main.yml deleted file mode 100644 index 0d5d9cc2..00000000 --- a/roles/sys-svc-webserver/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- block: - - include_tasks: 01_core.yml - when: run_once_sys_svc_webserver is not defined diff --git a/roles/web-opt-rdr-domains/tasks/main.yml b/roles/web-opt-rdr-domains/tasks/main.yml index f8db46e5..4fc36e5d 100644 --- a/roles/web-opt-rdr-domains/tasks/main.yml +++ b/roles/web-opt-rdr-domains/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'sys-stk-front-pure' + - name: Include dependency 'sys-svc-webserver-https' include_role: - name: sys-stk-front-pure - when: run_once_sys_stk_front_pure is not defined + name: sys-svc-webserver-https + when: run_once_sys_svc_webserver_https is not defined - include_tasks: utils/run_once.yml when: run_once_web_opt_rdr_domains is not defined diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index f30bea45..8c1ab70d 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -1,10 +1,4 @@ - block: - - name: Include dependency 'sys-svc-webserver' - include_role: - name: sys-svc-webserver - when: run_once_sys_svc_webserver is not defined - - include_tasks: utils/run_once.yml - when: run_once_web_opt_rdr_www is not defined - name: Include web-opt-rdr-domains role for www-to-bare redirects include_role: diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index 171f3acb..11346274 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -2,7 +2,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - name: "include role for {{ application_id }} to receive certs & do modification routines" diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index a1f4701a..a4ccf075 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_file is not defined diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index 55bf5f84..70fdd84c 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - sys-stk-front-pure + - sys-svc-webserver-https - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_html is not defined