Implemented Global CSS draft

roles/nginx-global-www/README.md

@@ -0,0 +1,37 @@
+# README.md for nginx-global-www Role
+
+## Overview
+The `nginx-global-www` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
+
+## Role Description
+This role performs several key tasks:
+1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected.
+   
+2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path.
+
+3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`.
+
+4. **Include nginx-domain-redirect Role**: Applies the redirection configuration using the `nginx-domain-redirect` role with the dynamically generated domain mappings.
+
+## Usage
+To use this role, include it in your playbook and ensure that the `nginx-domain-redirect` role is available in your Ansible environment. No additional configuration is required as the role is designed to dynamically identify and process the domain configurations.
+
+Example playbook:
+```yaml
+- hosts: web-servers
+  roles:
+    - nginx-global-www
+```
+
+## Requirements
+- Ansible environment set up and configured to run roles.
+- Access to the `{{nginx.directories.http.servers}}` directory on the target hosts.
+- The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings.
+
+## Notes
+- This role is designed to work in environments where domain and subdomain configurations follow the naming pattern `*domain.tld.conf`.
+- It automatically excludes any configurations that begin with `www.`, preventing duplicate redirects.
+
+---
+
+This `nginx-global-www` role was crafted by [Kevin Veen-Birkenbach](https://www.veen.world) with insights and guidance provided by ChatGPT, an advanced AI language model from OpenAI. The development process, including the discussions with ChatGPT that shaped this role, can be [here](https://chat.openai.com/share/a68e3574-f543-467d-aea7-0895f0e00bbb) explored in detail.

roles/nginx-global-www/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - nginx

roles/nginx-global-www/tasks/main.yml

@@ -0,0 +1,94 @@
+---
+- name: Find all .conf
+  ansible.builtin.find:
+    paths: "{{nginx.directories.http.servers}}"
+    patterns: '*.*.conf'
+  register: conf_files
+
+# Filter all domains
+
+- name: Filter domain names and remove .conf extension and path
+  set_fact:
+    filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
+  vars:
+    domain_regex: "^{{nginx.directories.http.servers}}(?!www\\.)[^/]+\\.conf$"
+    path_regex: "^{{nginx.directories.http.servers}}"
+
+- name: The domains for which a www. redirect will be implemented
+  debug:
+    var: filtered_domains
+  when: enable_debug | bool
+
+# Routine for domains with primary domain included
+
+- name: Set filtered_domains_with_primary_domain
+  set_fact:
+    filtered_domains_with_primary_domain: "{{ filtered_domains | select('search', primary_domain + '$') | list }}"
+
+- name: Debug with primary domain
+  debug:
+    var: filtered_domains_with_primary_domain
+  when: enable_debug | bool
+
+- name: Include nginx-domain-redirect role with dynamic domain mappings for domains with {{primary_domain}} included
+  include_role:
+    name: nginx-domain-redirect
+  vars:
+    domain_mappings: "{{ filtered_domains_with_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
+  when: not enable_wildcard_certificate | bool
+
+- name: Include wildcard www. redirect for domains with {{primary_domain}} included
+  vars:
+    domain: "{{primary_domain}}"
+  template: 
+    src:  www.wildcard.conf.j2
+    dest: "{{nginx_www_wildcard_configuration}}"
+  notify: restart nginx
+  when: enable_wildcard_certificate | bool
+
+# Routine for domains without the primary domain included
+
+- name: Set filtered_domains_without_primary_domain
+  set_fact:
+    filtered_domains_without_primary_domain: "{{ filtered_domains | reject('search', primary_domain + '$') | list }}"
+
+- name: Debug domains without primary domain
+  debug:
+    var: filtered_domains_without_primary_domain
+  when: enable_debug | bool
+
+- name: Include nginx-domain-redirect role with dynamic domain mappings for domains without primary domain
+  include_role:
+    name: nginx-domain-redirect
+  vars:
+    domain_mappings: "{{ filtered_domains_without_primary_domain | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}"
+
+
+# Cleanup
+# Deactivated due to complexity
+#- name: Cleanup dedicated nginx configurations for www redirect configuration
+#  file:
+#    path: "{{ nginx.directories.http.servers }}{{ item.source }}.conf"
+#    state: absent
+#  # Filter: Only first-level subdomains of primary_domain
+#  # Exclude the primary domain itself
+#  # Transform for www redirection
+#  loop: "{{ filtered_domains_with_primary_domain 
+#            | select('regex_search', '^[^.]+\\.' ~ primary_domain ~ '$') 
+#            | reject('equalto', primary_domain)  
+#            | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }')  
+#            | map('from_yaml') 
+#            | list }}"
+#  notify: restart nginx
+#  when: 
+#    - enable_wildcard_certificate | bool  # Wildcard certificate must be enabled
+#    - mode_cleanup | bool                 # Cleanup mode must be enabled
+
+- name: Cleanup {{nginx_www_wildcard_configuration}}
+  file:
+    path: "{{nginx_www_wildcard_configuration}}"
+    state: absent
+  notify: restart nginx
+  when: 
+    - not enable_wildcard_certificate | bool
+    - mode_cleanup | bool

roles/nginx-global-www/templates/www.wildcard.conf.j2

@@ -0,0 +1,6 @@
+server {
+    server_name ~^www\.(?<domain>.+)$;
+    {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+
+    return 301 https://$domain$request_uri;
+}

roles/nginx-global-www/vars/main.yml

@@ -0,0 +1 @@
+nginx_www_wildcard_configuration: "{{nginx.directories.http.global}}www.wildcard.conf"