From a4f39ac732016f4e876dbdbafef014627d75e398 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 20 Aug 2025 08:54:17 +0200 Subject: [PATCH] Renamed webserver roles to more speakable names --- roles/cmp-db-docker-proxy/README.md | 2 +- roles/cmp-db-docker-proxy/meta/main.yml | 2 +- roles/cmp-db-docker-proxy/tasks/main.yml | 4 ++-- roles/cmp-docker-proxy/README.md | 2 +- roles/cmp-docker-proxy/meta/main.yml | 2 +- roles/cmp-docker-proxy/tasks/main.yml | 4 ++-- roles/docker-compose/README.md | 2 +- .../README.md | 6 +++--- .../meta/main.yml | 2 +- roles/srv-composer/tasks/main.yml | 9 +++++++++ roles/{srv-web-7-4-core => srv-core}/README.md | 0 roles/{srv-web-7-4-core => srv-core}/Todo.md | 0 roles/{srv-web-7-4-core => srv-core}/meta/main.yml | 2 +- .../tasks/01_core.yml | 0 .../tasks/02_cleanup.yml | 0 .../tasks/03_reset.yml | 0 .../tasks/04_directories.yml | 0 .../{srv-web-7-4-core => srv-core}/tasks/main.yml | 2 +- .../templates/nginx.conf.j2 | 0 .../README.md | 6 +++--- .../defaults/main.yml | 2 +- .../meta/main.yml | 0 .../tasks/01_cloudflare.yml | 0 .../tasks/cloudflare/01_cleanup.yml | 0 .../tasks/cloudflare/02_enable_cf_dev_mode.yml | 2 +- .../tasks/main.yml | 10 +++++----- .../vars/main.yml | 0 .../README.md | 12 ++++++------ .../meta/main.yml | 0 .../tasks/main.yml | 6 +++--- .../README.md | 0 .../TODO.md | 0 .../meta/main.yml | 0 .../tasks/01_core.yml | 0 .../tasks/01_set-caa-records.yml | 0 .../tasks/main.yml | 2 +- .../templates/letsencrypt.conf.j2 | 0 .../templates/ssl_credentials.j2 | 0 .../templates/ssl_header.j2 | 2 +- .../vars/main.yml | 0 .../README.md | 2 +- .../{srv-proxy-7-4-core => srv-proxy-core}/Todo.md | 0 .../meta/main.yml | 0 .../tasks/main.yml | 6 +++--- .../headers/content_security_policy.conf.j2 | 0 .../templates/location/README.md | 2 +- .../templates/location/Todo.md | 0 .../templates/location/html.conf.j2 | 2 +- .../templates/location/media.conf.j2 | 0 .../templates/location/upload.conf.j2 | 0 .../templates/location/ws.conf.j2 | 0 .../templates/vhost/README.md | 0 .../templates/vhost/basic.conf.j2 | 14 +++++++------- .../templates/vhost/ws_generic.conf.j2 | 6 +++--- .../README.md | 0 .../meta/main.yml | 0 .../tasks/flavors/dedicated.yml | 0 .../tasks/flavors/san.yml | 0 .../tasks/flavors/wildcard.yml | 0 .../tasks/main.yml | 8 ++++---- roles/srv-web-7-6-composer/tasks/main.yml | 9 --------- .../svc-db-openldap/templates/nginx.stream.conf.j2 | 2 +- roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml | 2 +- roles/sys-srv-web-inj-compose/tasks/main.yml | 6 +++--- roles/sys-srv-web-inj-css/tasks/01_core.yml | 6 +++--- roles/sys-srv-web-inj-desktop/tasks/main.yml | 6 +++--- roles/sys-srv-web-inj-javascript/tasks/main.yml | 6 +++--- roles/sys-srv-web-inj-logout/tasks/01_core.yml | 6 +++--- roles/sys-srv-web-inj-matomo/tasks/main.yml | 6 +++--- roles/sys-svc-cln-domains/tasks/main.yml | 2 +- roles/web-app-attendize/tasks/main.yml | 4 ++-- roles/web-app-bigbluebutton/README.md | 2 +- roles/web-app-bigbluebutton/tasks/main.yml | 2 +- roles/web-app-bluesky/tasks/main.yml | 4 ++-- roles/web-app-elk/tasks/main.yml | 4 ++-- roles/web-app-fusiondirectory/README.md | 2 +- roles/web-app-mastodon/tasks/main.yml | 2 +- roles/web-app-matrix/tasks/03_webserver.yml | 6 +++--- roles/web-app-matrix/templates/nginx.conf.j2 | 6 +++--- roles/web-app-mybb/tasks/main.yml | 6 +++--- roles/web-app-mybb/tasks/setup-domain.yml | 4 ++-- roles/web-app-nextcloud/tasks/main.yml | 2 +- .../web-app-nextcloud/templates/nginx/host.conf.j2 | 4 ++-- roles/web-app-peertube/tasks/create-domains.yml | 2 +- roles/web-app-peertube/templates/peertube.conf.j2 | 8 ++++---- roles/web-app-syncope/tasks/main.yml | 2 +- roles/web-app-syncope/templates/proxy.conf | 4 ++-- roles/web-app-taiga/README.md | 2 +- roles/web-app-wordpress/tasks/main.yml | 4 ++-- roles/web-opt-rdr-domains/README.md | 2 +- roles/web-opt-rdr-domains/tasks/main.yml | 6 +++--- .../web-opt-rdr-domains/tasks/redirect-domain.yml | 2 +- .../templates/redirect.domain.nginx.conf.j2 | 2 +- roles/web-opt-rdr-www/tasks/main.yml | 6 +++--- roles/web-svc-cdn/tasks/01_core.yml | 4 ++-- roles/web-svc-cdn/templates/nginx.conf.j2 | 4 ++-- roles/web-svc-collabora/templates/nginx.conf.j2 | 10 +++++----- roles/web-svc-file/tasks/main.yml | 4 ++-- roles/web-svc-file/templates/nginx.conf.j2 | 4 ++-- roles/web-svc-html/tasks/main.yml | 4 ++-- roles/web-svc-html/templates/nginx.conf.j2 | 4 ++-- 101 files changed, 147 insertions(+), 147 deletions(-) rename roles/{srv-web-7-6-composer => srv-composer}/README.md (89%) rename roles/{srv-web-7-6-composer => srv-composer}/meta/main.yml (90%) create mode 100644 roles/srv-composer/tasks/main.yml rename roles/{srv-web-7-4-core => srv-core}/README.md (100%) rename roles/{srv-web-7-4-core => srv-core}/Todo.md (100%) rename roles/{srv-web-7-4-core => srv-core}/meta/main.yml (89%) rename roles/{srv-web-7-4-core => srv-core}/tasks/01_core.yml (100%) rename roles/{srv-web-7-4-core => srv-core}/tasks/02_cleanup.yml (100%) rename roles/{srv-web-7-4-core => srv-core}/tasks/03_reset.yml (100%) rename roles/{srv-web-7-4-core => srv-core}/tasks/04_directories.yml (100%) rename roles/{srv-web-7-4-core => srv-core}/tasks/main.yml (62%) rename roles/{srv-web-7-4-core => srv-core}/templates/nginx.conf.j2 (100%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/README.md (89%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/defaults/main.yml (61%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/meta/main.yml (100%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/tasks/01_cloudflare.yml (100%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/tasks/cloudflare/01_cleanup.yml (100%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/tasks/cloudflare/02_enable_cf_dev_mode.yml (95%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/tasks/main.yml (83%) rename roles/{srv-proxy-6-6-domain => srv-domain-provision}/vars/main.yml (100%) rename roles/{srv-web-7-6-https => srv-https-stack}/README.md (77%) rename roles/{srv-web-7-6-https => srv-https-stack}/meta/main.yml (100%) rename roles/{srv-web-7-6-https => srv-https-stack}/tasks/main.yml (60%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/README.md (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/TODO.md (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/meta/main.yml (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/tasks/01_core.yml (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/tasks/01_set-caa-records.yml (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/tasks/main.yml (58%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/templates/letsencrypt.conf.j2 (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/templates/ssl_credentials.j2 (100%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/templates/ssl_header.j2 (87%) rename roles/{srv-web-7-7-letsencrypt => srv-letsencrypt}/vars/main.yml (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/README.md (93%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/Todo.md (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/meta/main.yml (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/tasks/main.yml (57%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/headers/content_security_policy.conf.j2 (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/README.md (92%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/Todo.md (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/html.conf.j2 (93%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/media.conf.j2 (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/upload.conf.j2 (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/location/ws.conf.j2 (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/vhost/README.md (100%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/vhost/basic.conf.j2 (75%) rename roles/{srv-proxy-7-4-core => srv-proxy-core}/templates/vhost/ws_generic.conf.j2 (77%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/README.md (100%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/meta/main.yml (100%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/tasks/flavors/dedicated.yml (100%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/tasks/flavors/san.yml (100%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/tasks/flavors/wildcard.yml (100%) rename roles/{srv-web-6-6-tls-core => srv-tls-core}/tasks/main.yml (89%) delete mode 100644 roles/srv-web-7-6-composer/tasks/main.yml diff --git a/roles/cmp-db-docker-proxy/README.md b/roles/cmp-db-docker-proxy/README.md index f5928878..17e1db78 100644 --- a/roles/cmp-db-docker-proxy/README.md +++ b/roles/cmp-db-docker-proxy/README.md @@ -8,4 +8,4 @@ This role builds on `cmp-db-docker` by adding a reverse-proxy frontend for HTTP Leverages the `cmp-db-docker` role to stand up your containerized database (PostgreSQL, MariaDB, etc.) with backups and user management. - **Reverse Proxy** - Includes the `srv-proxy-6-6-domain` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint. \ No newline at end of file + Includes the `srv-domain-provision` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint. \ No newline at end of file diff --git a/roles/cmp-db-docker-proxy/meta/main.yml b/roles/cmp-db-docker-proxy/meta/main.yml index 8489ca52..a53be4e1 100644 --- a/roles/cmp-db-docker-proxy/meta/main.yml +++ b/roles/cmp-db-docker-proxy/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: "Kevin Veen-Birkenbach" description: > - Extends cmp-db-docker by adding an HTTP reverse proxy via srv-proxy-6-6-domain. + Extends cmp-db-docker by adding an HTTP reverse proxy via srv-domain-provision. company: | Kevin Veen-Birkenbach Consulting & Coaching Solutions diff --git a/roles/cmp-db-docker-proxy/tasks/main.yml b/roles/cmp-db-docker-proxy/tasks/main.yml index 8ca3f921..4414c440 100644 --- a/roles/cmp-db-docker-proxy/tasks/main.yml +++ b/roles/cmp-db-docker-proxy/tasks/main.yml @@ -8,9 +8,9 @@ include_role: name: cmp-db-docker -- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain" +- name: "For '{{ application_id }}': include role srv-domain-provision" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/cmp-docker-proxy/README.md b/roles/cmp-docker-proxy/README.md index ff4ecaeb..07e93906 100644 --- a/roles/cmp-docker-proxy/README.md +++ b/roles/cmp-docker-proxy/README.md @@ -8,4 +8,4 @@ This role combines the standard Docker Compose setup with a reverse-proxy for an Brings up containers, networks, and volumes via the `docker-compose` role. - **Reverse Proxy** - Uses the `srv-proxy-6-6-domain` role to expose your application under a custom domain and port. + Uses the `srv-domain-provision` role to expose your application under a custom domain and port. diff --git a/roles/cmp-docker-proxy/meta/main.yml b/roles/cmp-docker-proxy/meta/main.yml index b62b7676..1ee278ca 100644 --- a/roles/cmp-docker-proxy/meta/main.yml +++ b/roles/cmp-docker-proxy/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: author: "Kevin Veen-Birkenbach" description: > - Combines the docker-compose role with srv-proxy-6-6-domain to + Combines the docker-compose role with srv-domain-provision to deploy applications behind a reverse proxy. company: | Kevin Veen-Birkenbach diff --git a/roles/cmp-docker-proxy/tasks/main.yml b/roles/cmp-docker-proxy/tasks/main.yml index 31d6f8e9..728c636b 100644 --- a/roles/cmp-docker-proxy/tasks/main.yml +++ b/roles/cmp-docker-proxy/tasks/main.yml @@ -1,9 +1,9 @@ # run_once_cmp_docker_proxy: deactivated # Load the proxy first, so that openresty handlers are flushed before the main docker compose -- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain" +- name: "For '{{ application_id }}': include role srv-domain-provision" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/docker-compose/README.md b/roles/docker-compose/README.md index fbbcc9ba..47703808 100644 --- a/roles/docker-compose/README.md +++ b/roles/docker-compose/README.md @@ -20,7 +20,7 @@ To offer a centralized, extensible system for managing containerized application - **Reset Logic:** Cleans previous Compose project files and data when `MODE_RESET` is enabled. - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers. - **Template-ready Service Files:** Predefined service base and health check templates. -- **Integration Support:** Compatible with `srv-proxy-7-4-core` and other Infinito.Nexus service roles. +- **Integration Support:** Compatible with `srv-proxy-core` and other Infinito.Nexus service roles. ## Administration Tips diff --git a/roles/srv-web-7-6-composer/README.md b/roles/srv-composer/README.md similarity index 89% rename from roles/srv-web-7-6-composer/README.md rename to roles/srv-composer/README.md index 22dca0a6..439c90b1 100644 --- a/roles/srv-web-7-6-composer/README.md +++ b/roles/srv-composer/README.md @@ -1,10 +1,10 @@ -# Role: srv-web-7-6-composer +# Role: srv-composer This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow: 1. **`sys-srv-web-inj-compose`** Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx `sub_filter`. -2. **`srv-web-6-6-tls-core`** +2. **`srv-tls-core`** Handles issuing, renewing, and managing TLS certificates via ACME/Certbot. By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery. @@ -16,7 +16,7 @@ By combining encryption setup with content enhancements, this role streamlines d * **Content Injection** Adds global theming, analytics, and custom scripts before `` and tracking noscript tags before ``. * **Certificate Management** - Automates cert issuance and renewal via `srv-web-6-6-tls-core`. + Automates cert issuance and renewal via `srv-tls-core`. * **Idempotent Workflow** Ensures each component runs only once per domain. * **Simplified Playbooks** diff --git a/roles/srv-web-7-6-composer/meta/main.yml b/roles/srv-composer/meta/main.yml similarity index 90% rename from roles/srv-web-7-6-composer/meta/main.yml rename to roles/srv-composer/meta/main.yml index 22198045..9f4cf09e 100644 --- a/roles/srv-web-7-6-composer/meta/main.yml +++ b/roles/srv-composer/meta/main.yml @@ -27,4 +27,4 @@ galaxy_info: - orchestration repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/srv-web-7-6-composer" + documentation: "https://s.infinito.nexus/code/roles/srv-composer" diff --git a/roles/srv-composer/tasks/main.yml b/roles/srv-composer/tasks/main.yml new file mode 100644 index 00000000..4cf02f06 --- /dev/null +++ b/roles/srv-composer/tasks/main.yml @@ -0,0 +1,9 @@ +# run_once_srv_composer: deactivated + +- name: "include role sys-srv-web-inj-compose for '{{ domain }}'" + include_role: + name: sys-srv-web-inj-compose + +- name: "include role srv-tls-core for '{{ domain }}'" + include_role: + name: srv-tls-core diff --git a/roles/srv-web-7-4-core/README.md b/roles/srv-core/README.md similarity index 100% rename from roles/srv-web-7-4-core/README.md rename to roles/srv-core/README.md diff --git a/roles/srv-web-7-4-core/Todo.md b/roles/srv-core/Todo.md similarity index 100% rename from roles/srv-web-7-4-core/Todo.md rename to roles/srv-core/Todo.md diff --git a/roles/srv-web-7-4-core/meta/main.yml b/roles/srv-core/meta/main.yml similarity index 89% rename from roles/srv-web-7-4-core/meta/main.yml rename to roles/srv-core/meta/main.yml index 51e42bc4..911fe228 100644 --- a/roles/srv-web-7-4-core/meta/main.yml +++ b/roles/srv-core/meta/main.yml @@ -18,4 +18,4 @@ galaxy_info: - performance repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/srv-web-7-4-core" \ No newline at end of file + documentation: "https://s.infinito.nexus/code/roles/srv-core" \ No newline at end of file diff --git a/roles/srv-web-7-4-core/tasks/01_core.yml b/roles/srv-core/tasks/01_core.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/01_core.yml rename to roles/srv-core/tasks/01_core.yml diff --git a/roles/srv-web-7-4-core/tasks/02_cleanup.yml b/roles/srv-core/tasks/02_cleanup.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/02_cleanup.yml rename to roles/srv-core/tasks/02_cleanup.yml diff --git a/roles/srv-web-7-4-core/tasks/03_reset.yml b/roles/srv-core/tasks/03_reset.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/03_reset.yml rename to roles/srv-core/tasks/03_reset.yml diff --git a/roles/srv-web-7-4-core/tasks/04_directories.yml b/roles/srv-core/tasks/04_directories.yml similarity index 100% rename from roles/srv-web-7-4-core/tasks/04_directories.yml rename to roles/srv-core/tasks/04_directories.yml diff --git a/roles/srv-web-7-4-core/tasks/main.yml b/roles/srv-core/tasks/main.yml similarity index 62% rename from roles/srv-web-7-4-core/tasks/main.yml rename to roles/srv-core/tasks/main.yml index 43c7b724..fa92bd70 100644 --- a/roles/srv-web-7-4-core/tasks/main.yml +++ b/roles/srv-core/tasks/main.yml @@ -2,4 +2,4 @@ - block: - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml - when: run_once_srv_web_7_4_core is not defined + when: run_once_srv_core is not defined diff --git a/roles/srv-web-7-4-core/templates/nginx.conf.j2 b/roles/srv-core/templates/nginx.conf.j2 similarity index 100% rename from roles/srv-web-7-4-core/templates/nginx.conf.j2 rename to roles/srv-core/templates/nginx.conf.j2 diff --git a/roles/srv-proxy-6-6-domain/README.md b/roles/srv-domain-provision/README.md similarity index 89% rename from roles/srv-proxy-6-6-domain/README.md rename to roles/srv-domain-provision/README.md index 72d08be5..e88e68f4 100644 --- a/roles/srv-proxy-6-6-domain/README.md +++ b/roles/srv-domain-provision/README.md @@ -6,11 +6,11 @@ This role bootstraps **per-domain Nginx configuration**: it requests TLS certifi ## Overview -A higher-level orchestration wrapper, *srv-proxy-6-6-domain* ties together several lower-level roles: +A higher-level orchestration wrapper, *srv-domain-provision* ties together several lower-level roles: 1. **`sys-srv-web-inj-compose`** – applies global tweaks and includes. -2. **`srv-web-6-6-tls-core`** – obtains Let’s Encrypt certificates. -3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-7-4-core*. +2. **`srv-tls-core`** – obtains Let’s Encrypt certificates. +3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*. 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2. The result is a complete, reproducible domain rollout in a single playbook task. diff --git a/roles/srv-proxy-6-6-domain/defaults/main.yml b/roles/srv-domain-provision/defaults/main.yml similarity index 61% rename from roles/srv-proxy-6-6-domain/defaults/main.yml rename to roles/srv-domain-provision/defaults/main.yml index dc9b222f..1d2369de 100644 --- a/roles/srv-proxy-6-6-domain/defaults/main.yml +++ b/roles/srv-domain-provision/defaults/main.yml @@ -2,4 +2,4 @@ vhost_flavour: "basic" # valid: basic | ws_generic # build the full template path from the flavour -vhost_template_src: "roles/srv-proxy-7-4-core/templates/vhost/{{ vhost_flavour }}.conf.j2" \ No newline at end of file +vhost_template_src: "roles/srv-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2" \ No newline at end of file diff --git a/roles/srv-proxy-6-6-domain/meta/main.yml b/roles/srv-domain-provision/meta/main.yml similarity index 100% rename from roles/srv-proxy-6-6-domain/meta/main.yml rename to roles/srv-domain-provision/meta/main.yml diff --git a/roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml b/roles/srv-domain-provision/tasks/01_cloudflare.yml similarity index 100% rename from roles/srv-proxy-6-6-domain/tasks/01_cloudflare.yml rename to roles/srv-domain-provision/tasks/01_cloudflare.yml diff --git a/roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml b/roles/srv-domain-provision/tasks/cloudflare/01_cleanup.yml similarity index 100% rename from roles/srv-proxy-6-6-domain/tasks/cloudflare/01_cleanup.yml rename to roles/srv-domain-provision/tasks/cloudflare/01_cleanup.yml diff --git a/roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml b/roles/srv-domain-provision/tasks/cloudflare/02_enable_cf_dev_mode.yml similarity index 95% rename from roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml rename to roles/srv-domain-provision/tasks/cloudflare/02_enable_cf_dev_mode.yml index 9f29c72e..1f4d79af 100644 --- a/roles/srv-proxy-6-6-domain/tasks/cloudflare/02_enable_cf_dev_mode.yml +++ b/roles/srv-domain-provision/tasks/cloudflare/02_enable_cf_dev_mode.yml @@ -1,4 +1,4 @@ -# roles/srv-proxy-6-6-domain/tasks/02_enable_cf_dev_mode.yml +# roles/srv-domain-provision/tasks/02_enable_cf_dev_mode.yml --- # Enables Cloudflare Development Mode (bypasses cache for ~3 hours). # Uses the same auth token as in 01_cleanup.yml: CLOUDFLARE_API_TOKEN diff --git a/roles/srv-proxy-6-6-domain/tasks/main.yml b/roles/srv-domain-provision/tasks/main.yml similarity index 83% rename from roles/srv-proxy-6-6-domain/tasks/main.yml rename to roles/srv-domain-provision/tasks/main.yml index fa41da08..eb784d02 100644 --- a/roles/srv-proxy-6-6-domain/tasks/main.yml +++ b/roles/srv-domain-provision/tasks/main.yml @@ -1,10 +1,10 @@ - block: - - name: Include dependency 'srv-proxy-7-4-core' + - name: Include dependency 'srv-proxy-core' include_role: - name: srv-proxy-7-4-core - when: run_once_srv_proxy_7_4_core is not defined + name: srv-proxy-core + when: run_once_srv_proxy_core is not defined - include_tasks: utils/run_once.yml - when: run_once_srv_proxy_6_6_domain is not defined + when: run_once_srv_domain_provision is not defined - include_tasks: "01_cloudflare.yml" when: DNS_PROVIDER == "cloudflare" @@ -15,7 +15,7 @@ - name: "include role for {{ domain }} to receive certificates and do the modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer - name: "Copy nginx config to {{ configuration_destination }}" template: diff --git a/roles/srv-proxy-6-6-domain/vars/main.yml b/roles/srv-domain-provision/vars/main.yml similarity index 100% rename from roles/srv-proxy-6-6-domain/vars/main.yml rename to roles/srv-domain-provision/vars/main.yml diff --git a/roles/srv-web-7-6-https/README.md b/roles/srv-https-stack/README.md similarity index 77% rename from roles/srv-web-7-6-https/README.md rename to roles/srv-https-stack/README.md index cb4b4eaa..717659d1 100644 --- a/roles/srv-web-7-6-https/README.md +++ b/roles/srv-https-stack/README.md @@ -1,23 +1,23 @@ # Webserver HTTPS Provisioning 🚀 ## Description -The **srv-web-7-6-https** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: +The **srv-https-stack** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS: 1. Ensures your Nginx server is configured for SSL/TLS. 2. Pulls in Let’s Encrypt ACME challenge handling. 3. Applies global cleanup of unused domain configs. -This role is built on top of your existing `srv-web-7-4-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. +This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. --- ## Overview -When you apply **srv-web-7-6-https**, it will: +When you apply **srv-https-stack**, it will: -1. **Include** the `srv-web-7-4-core` role to install and configure Nginx. +1. **Include** the `srv-core` role to install and configure Nginx. 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`. -3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-web-7-7-letsencrypt`. +3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-letsencrypt`. 4. **Reload** Nginx automatically when any template changes. All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs. @@ -42,7 +42,7 @@ All tasks are idempotent—once your certificates are in place and your configur ## Requirements -- A working `srv-web-7-4-core` setup. +- A working `srv-core` setup. - DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow. - Variables: - `LETSENCRYPT_WEBROOT_PATH` diff --git a/roles/srv-web-7-6-https/meta/main.yml b/roles/srv-https-stack/meta/main.yml similarity index 100% rename from roles/srv-web-7-6-https/meta/main.yml rename to roles/srv-https-stack/meta/main.yml diff --git a/roles/srv-web-7-6-https/tasks/main.yml b/roles/srv-https-stack/tasks/main.yml similarity index 60% rename from roles/srv-web-7-6-https/tasks/main.yml rename to roles/srv-https-stack/tasks/main.yml index 9228d22c..1f2ca2b0 100644 --- a/roles/srv-web-7-6-https/tasks/main.yml +++ b/roles/srv-https-stack/tasks/main.yml @@ -3,8 +3,8 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-4-core + - srv-core - sys-svc-cln-domains - - srv-web-7-7-letsencrypt + - srv-letsencrypt - include_tasks: utils/run_once.yml - when: run_once_srv_web_7_6_https is not defined + when: run_once_srv_https_stack is not defined diff --git a/roles/srv-web-7-7-letsencrypt/README.md b/roles/srv-letsencrypt/README.md similarity index 100% rename from roles/srv-web-7-7-letsencrypt/README.md rename to roles/srv-letsencrypt/README.md diff --git a/roles/srv-web-7-7-letsencrypt/TODO.md b/roles/srv-letsencrypt/TODO.md similarity index 100% rename from roles/srv-web-7-7-letsencrypt/TODO.md rename to roles/srv-letsencrypt/TODO.md diff --git a/roles/srv-web-7-7-letsencrypt/meta/main.yml b/roles/srv-letsencrypt/meta/main.yml similarity index 100% rename from roles/srv-web-7-7-letsencrypt/meta/main.yml rename to roles/srv-letsencrypt/meta/main.yml diff --git a/roles/srv-web-7-7-letsencrypt/tasks/01_core.yml b/roles/srv-letsencrypt/tasks/01_core.yml similarity index 100% rename from roles/srv-web-7-7-letsencrypt/tasks/01_core.yml rename to roles/srv-letsencrypt/tasks/01_core.yml diff --git a/roles/srv-web-7-7-letsencrypt/tasks/01_set-caa-records.yml b/roles/srv-letsencrypt/tasks/01_set-caa-records.yml similarity index 100% rename from roles/srv-web-7-7-letsencrypt/tasks/01_set-caa-records.yml rename to roles/srv-letsencrypt/tasks/01_set-caa-records.yml diff --git a/roles/srv-web-7-7-letsencrypt/tasks/main.yml b/roles/srv-letsencrypt/tasks/main.yml similarity index 58% rename from roles/srv-web-7-7-letsencrypt/tasks/main.yml rename to roles/srv-letsencrypt/tasks/main.yml index 0d7b9248..10962ab0 100644 --- a/roles/srv-web-7-7-letsencrypt/tasks/main.yml +++ b/roles/srv-letsencrypt/tasks/main.yml @@ -1,4 +1,4 @@ - block: - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml - when: run_once_srv_web_7_7_letsencrypt is not defined + when: run_once_srv_letsencrypt is not defined diff --git a/roles/srv-web-7-7-letsencrypt/templates/letsencrypt.conf.j2 b/roles/srv-letsencrypt/templates/letsencrypt.conf.j2 similarity index 100% rename from roles/srv-web-7-7-letsencrypt/templates/letsencrypt.conf.j2 rename to roles/srv-letsencrypt/templates/letsencrypt.conf.j2 diff --git a/roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2 b/roles/srv-letsencrypt/templates/ssl_credentials.j2 similarity index 100% rename from roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2 rename to roles/srv-letsencrypt/templates/ssl_credentials.j2 diff --git a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 b/roles/srv-letsencrypt/templates/ssl_header.j2 similarity index 87% rename from roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 rename to roles/srv-letsencrypt/templates/ssl_header.j2 index c4e5849d..3d7fceee 100644 --- a/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 +++ b/roles/srv-letsencrypt/templates/ssl_header.j2 @@ -12,4 +12,4 @@ ssl_session_tickets on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; -{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file +{% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file diff --git a/roles/srv-web-7-7-letsencrypt/vars/main.yml b/roles/srv-letsencrypt/vars/main.yml similarity index 100% rename from roles/srv-web-7-7-letsencrypt/vars/main.yml rename to roles/srv-letsencrypt/vars/main.yml diff --git a/roles/srv-proxy-7-4-core/README.md b/roles/srv-proxy-core/README.md similarity index 93% rename from roles/srv-proxy-7-4-core/README.md rename to roles/srv-proxy-core/README.md index a4ed0b74..c7bbc764 100644 --- a/roles/srv-proxy-7-4-core/README.md +++ b/roles/srv-proxy-core/README.md @@ -16,7 +16,7 @@ The goal of this role is to deliver a **hassle-free, production-ready reverse pr ## Features -- **Automatic TLS & HSTS** — integrates with the *srv-web-7-6-https* role for certificate management. +- **Automatic TLS & HSTS** — integrates with the *srv-https-stack* role for certificate management. - **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications. - **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings. - **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured. diff --git a/roles/srv-proxy-7-4-core/Todo.md b/roles/srv-proxy-core/Todo.md similarity index 100% rename from roles/srv-proxy-7-4-core/Todo.md rename to roles/srv-proxy-core/Todo.md diff --git a/roles/srv-proxy-7-4-core/meta/main.yml b/roles/srv-proxy-core/meta/main.yml similarity index 100% rename from roles/srv-proxy-7-4-core/meta/main.yml rename to roles/srv-proxy-core/meta/main.yml diff --git a/roles/srv-proxy-7-4-core/tasks/main.yml b/roles/srv-proxy-core/tasks/main.yml similarity index 57% rename from roles/srv-proxy-7-4-core/tasks/main.yml rename to roles/srv-proxy-core/tasks/main.yml index 9ab7703e..db3bc09e 100644 --- a/roles/srv-proxy-7-4-core/tasks/main.yml +++ b/roles/srv-proxy-core/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-6-https - - srv-web-7-4-core + - srv-https-stack + - srv-core - include_tasks: utils/run_once.yml - when: run_once_srv_proxy_7_4_core is not defined + when: run_once_srv_proxy_core is not defined diff --git a/roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2 b/roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2 similarity index 100% rename from roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2 rename to roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2 diff --git a/roles/srv-proxy-7-4-core/templates/location/README.md b/roles/srv-proxy-core/templates/location/README.md similarity index 92% rename from roles/srv-proxy-7-4-core/templates/location/README.md rename to roles/srv-proxy-core/templates/location/README.md index a1f7fb67..abdd622e 100644 --- a/roles/srv-proxy-7-4-core/templates/location/README.md +++ b/roles/srv-proxy-core/templates/location/README.md @@ -1,6 +1,6 @@ # Nginx Location Templates -This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-7-4-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications. +This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications. --- diff --git a/roles/srv-proxy-7-4-core/templates/location/Todo.md b/roles/srv-proxy-core/templates/location/Todo.md similarity index 100% rename from roles/srv-proxy-7-4-core/templates/location/Todo.md rename to roles/srv-proxy-core/templates/location/Todo.md diff --git a/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 b/roles/srv-proxy-core/templates/location/html.conf.j2 similarity index 93% rename from roles/srv-proxy-7-4-core/templates/location/html.conf.j2 rename to roles/srv-proxy-core/templates/location/html.conf.j2 index 8b8e5d51..013ed767 100644 --- a/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 +++ b/roles/srv-proxy-core/templates/location/html.conf.j2 @@ -16,7 +16,7 @@ location {{location}} proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port {{ WEB_PORT }}; - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} # WebSocket specific header proxy_http_version 1.1; diff --git a/roles/srv-proxy-7-4-core/templates/location/media.conf.j2 b/roles/srv-proxy-core/templates/location/media.conf.j2 similarity index 100% rename from roles/srv-proxy-7-4-core/templates/location/media.conf.j2 rename to roles/srv-proxy-core/templates/location/media.conf.j2 diff --git a/roles/srv-proxy-7-4-core/templates/location/upload.conf.j2 b/roles/srv-proxy-core/templates/location/upload.conf.j2 similarity index 100% rename from roles/srv-proxy-7-4-core/templates/location/upload.conf.j2 rename to roles/srv-proxy-core/templates/location/upload.conf.j2 diff --git a/roles/srv-proxy-7-4-core/templates/location/ws.conf.j2 b/roles/srv-proxy-core/templates/location/ws.conf.j2 similarity index 100% rename from roles/srv-proxy-7-4-core/templates/location/ws.conf.j2 rename to roles/srv-proxy-core/templates/location/ws.conf.j2 diff --git a/roles/srv-proxy-7-4-core/templates/vhost/README.md b/roles/srv-proxy-core/templates/vhost/README.md similarity index 100% rename from roles/srv-proxy-7-4-core/templates/vhost/README.md rename to roles/srv-proxy-core/templates/vhost/README.md diff --git a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 b/roles/srv-proxy-core/templates/vhost/basic.conf.j2 similarity index 75% rename from roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 rename to roles/srv-proxy-core/templates/vhost/basic.conf.j2 index c1caccea..8eafb142 100644 --- a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 +++ b/roles/srv-proxy-core/templates/vhost/basic.conf.j2 @@ -13,7 +13,7 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %} @@ -22,38 +22,38 @@ server {# 1. Expose everything by default, then protect blacklisted paths #} {% set oauth2_proxy_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% for loc in acl.blacklist %} {% set oauth2_proxy_enabled = true %} {% set location = loc %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% endfor %} {% elif acl.whitelist is defined %} {# 2. Protect everything by default, then expose whitelisted paths #} {% set oauth2_proxy_enabled = true %} {% set location = "/" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% for loc in acl.whitelist %} {% set oauth2_proxy_enabled = false %} {% set location = loc %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% endfor %} {% else %} {# 3. OAuth2 enabled but no (or empty) ACL — protect all #} {% set oauth2_proxy_enabled = true %} {% set location = "/" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% endif %} {% else %} {# 4. OAuth2 completely disabled — expose all #} {% set oauth2_proxy_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% endif %} } diff --git a/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 b/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 similarity index 77% rename from roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 rename to roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 index b1ad85aa..5d819bf8 100644 --- a/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 +++ b/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2' %} @@ -25,10 +25,10 @@ server { add_header Strict-Transport-Security "max-age=31536000"; - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {% if location_ws is defined %} - {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} {% endif %} error_page 500 501 502 503 504 /500.html; diff --git a/roles/srv-web-6-6-tls-core/README.md b/roles/srv-tls-core/README.md similarity index 100% rename from roles/srv-web-6-6-tls-core/README.md rename to roles/srv-tls-core/README.md diff --git a/roles/srv-web-6-6-tls-core/meta/main.yml b/roles/srv-tls-core/meta/main.yml similarity index 100% rename from roles/srv-web-6-6-tls-core/meta/main.yml rename to roles/srv-tls-core/meta/main.yml diff --git a/roles/srv-web-6-6-tls-core/tasks/flavors/dedicated.yml b/roles/srv-tls-core/tasks/flavors/dedicated.yml similarity index 100% rename from roles/srv-web-6-6-tls-core/tasks/flavors/dedicated.yml rename to roles/srv-tls-core/tasks/flavors/dedicated.yml diff --git a/roles/srv-web-6-6-tls-core/tasks/flavors/san.yml b/roles/srv-tls-core/tasks/flavors/san.yml similarity index 100% rename from roles/srv-web-6-6-tls-core/tasks/flavors/san.yml rename to roles/srv-tls-core/tasks/flavors/san.yml diff --git a/roles/srv-web-6-6-tls-core/tasks/flavors/wildcard.yml b/roles/srv-tls-core/tasks/flavors/wildcard.yml similarity index 100% rename from roles/srv-web-6-6-tls-core/tasks/flavors/wildcard.yml rename to roles/srv-tls-core/tasks/flavors/wildcard.yml diff --git a/roles/srv-web-6-6-tls-core/tasks/main.yml b/roles/srv-tls-core/tasks/main.yml similarity index 89% rename from roles/srv-web-6-6-tls-core/tasks/main.yml rename to roles/srv-tls-core/tasks/main.yml index fed011c1..e2514055 100644 --- a/roles/srv-web-6-6-tls-core/tasks/main.yml +++ b/roles/srv-tls-core/tasks/main.yml @@ -1,10 +1,10 @@ - block: - - name: Include dependency 'srv-web-7-6-https' + - name: Include dependency 'srv-https-stack' include_role: - name: srv-web-7-6-https - when: run_once_srv_web_7_6_https is not defined + name: srv-https-stack + when: run_once_srv_https_stack is not defined - include_tasks: utils/run_once.yml - when: run_once_srv_web_6_6_tls_core is not defined + when: run_once_srv_tls_core is not defined - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'" include_tasks: "{{ role_path }}/tasks/flavors/{{ CERTBOT_FLAVOR }}.yml" diff --git a/roles/srv-web-7-6-composer/tasks/main.yml b/roles/srv-web-7-6-composer/tasks/main.yml deleted file mode 100644 index 4e7ef4bd..00000000 --- a/roles/srv-web-7-6-composer/tasks/main.yml +++ /dev/null @@ -1,9 +0,0 @@ -# run_once_srv_web_7_6_composer: deactivated - -- name: "include role sys-srv-web-inj-compose for '{{ domain }}'" - include_role: - name: sys-srv-web-inj-compose - -- name: "include role srv-web-6-6-tls-core for '{{ domain }}'" - include_role: - name: srv-web-6-6-tls-core diff --git a/roles/svc-db-openldap/templates/nginx.stream.conf.j2 b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 index 0c846b81..aeffe589 100644 --- a/roles/svc-db-openldap/templates/nginx.stream.conf.j2 +++ b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 @@ -2,5 +2,5 @@ server { listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl; proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %} } diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 3ea59420..1e7cbab2 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -3,7 +3,7 @@ name: '{{ item }}' loop: - sys-svc-certbot - - srv-web-7-4-core + - srv-core - sys-ctl-alm-compose - name: install certbot diff --git a/roles/sys-srv-web-inj-compose/tasks/main.yml b/roles/sys-srv-web-inj-compose/tasks/main.yml index badf4167..91518243 100644 --- a/roles/sys-srv-web-inj-compose/tasks/main.yml +++ b/roles/sys-srv-web-inj-compose/tasks/main.yml @@ -3,10 +3,10 @@ inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}" - block: - - name: Include dependency 'srv-web-7-4-core' + - name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_srv_web_inj_compose is not defined diff --git a/roles/sys-srv-web-inj-css/tasks/01_core.yml b/roles/sys-srv-web-inj-css/tasks/01_core.yml index 46542112..862688ab 100644 --- a/roles/sys-srv-web-inj-css/tasks/01_core.yml +++ b/roles/sys-srv-web-inj-css/tasks/01_core.yml @@ -1,7 +1,7 @@ -- name: Include dependency 'srv-web-7-4-core' +- name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - name: Generate color palette with colorscheme-generator set_fact: diff --git a/roles/sys-srv-web-inj-desktop/tasks/main.yml b/roles/sys-srv-web-inj-desktop/tasks/main.yml index 92fecdcd..a96b19e0 100644 --- a/roles/sys-srv-web-inj-desktop/tasks/main.yml +++ b/roles/sys-srv-web-inj-desktop/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-web-7-4-core' + - name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - include_tasks: 01_deploy.yml - include_tasks: utils/run_once.yml when: run_once_sys_srv_web_inj_desktop is not defined diff --git a/roles/sys-srv-web-inj-javascript/tasks/main.yml b/roles/sys-srv-web-inj-javascript/tasks/main.yml index e9f93e24..4bf9e9be 100644 --- a/roles/sys-srv-web-inj-javascript/tasks/main.yml +++ b/roles/sys-srv-web-inj-javascript/tasks/main.yml @@ -1,9 +1,9 @@ - block: - - name: Include dependency 'srv-web-7-4-core' + - name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_srv_web_inj_javascript is not defined diff --git a/roles/sys-srv-web-inj-logout/tasks/01_core.yml b/roles/sys-srv-web-inj-logout/tasks/01_core.yml index d920cb76..6e1c8fd9 100644 --- a/roles/sys-srv-web-inj-logout/tasks/01_core.yml +++ b/roles/sys-srv-web-inj-logout/tasks/01_core.yml @@ -1,8 +1,8 @@ -- name: Include dependency 'srv-web-7-4-core' +- name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core + name: srv-core when: - - run_once_srv_web_7_4_core is not defined + - run_once_srv_core is not defined - name: "deploy the logout.js" include_tasks: "02_deploy.yml" \ No newline at end of file diff --git a/roles/sys-srv-web-inj-matomo/tasks/main.yml b/roles/sys-srv-web-inj-matomo/tasks/main.yml index 96b508ed..5996ba81 100644 --- a/roles/sys-srv-web-inj-matomo/tasks/main.yml +++ b/roles/sys-srv-web-inj-matomo/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-web-7-4-core' + - name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - include_tasks: utils/run_once.yml when: run_once_sys_srv_web_inj_matomo is not defined diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index d23ca641..b82ad570 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-4-core + - srv-core - name: Include task to remove deprecated nginx configs include_tasks: remove_deprecated_nginx_configs.yml diff --git a/roles/web-app-attendize/tasks/main.yml b/roles/web-app-attendize/tasks/main.yml index 613660fa..d1183ac4 100644 --- a/roles/web-app-attendize/tasks/main.yml +++ b/roles/web-app-attendize/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: "For '{{ application_id }}': include role to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer vars: domain: "{{ item }}" http_port: "{{ ports.localhost.http[application_id] }}" @@ -17,7 +17,7 @@ - name: "For '{{ application_id }}': configure {{ domains | get_domain(application_id) }}.conf" template: - src: roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 + src: roles/srv-proxy-core/templates/vhost/basic.conf.j2 dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf" notify: restart openresty diff --git a/roles/web-app-bigbluebutton/README.md b/roles/web-app-bigbluebutton/README.md index 469f5d5e..a4a34bfb 100644 --- a/roles/web-app-bigbluebutton/README.md +++ b/roles/web-app-bigbluebutton/README.md @@ -35,7 +35,7 @@ By default, BigBlueButton is deployed with best-practice hardening, modular secr ## System Requirements - Arch Linux with Docker, Compose, and Nginx roles pre-installed -- DNS and reverse proxy configuration using `srv-proxy-7-4-core` +- DNS and reverse proxy configuration using `srv-proxy-core` - Functional email system for Greenlight SMTP ## Important Resources diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 20960ecd..a6c9d133 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -3,7 +3,7 @@ set_fact: proxy_extra_configuration: >- {{ lookup('ansible.builtin.template', - playbook_dir ~ '/roles/srv-proxy-7-4-core/templates/location/html.conf.j2') | trim }} + playbook_dir ~ '/roles/srv-proxy-core/templates/location/html.conf.j2') | trim }} vars: location: '^~ /html5client' oauth2_proxy_enabled: false diff --git a/roles/web-app-bluesky/tasks/main.yml b/roles/web-app-bluesky/tasks/main.yml index 58678345..497021a8 100644 --- a/roles/web-app-bluesky/tasks/main.yml +++ b/roles/web-app-bluesky/tasks/main.yml @@ -2,9 +2,9 @@ include_role: name: docker-compose -- name: "include role srv-proxy-6-6-domain for {{ application_id }}" +- name: "include role srv-domain-provision for {{ application_id }}" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision vars: domain: "{{ item.domain }}" http_port: "{{ item.http_port }}" diff --git a/roles/web-app-elk/tasks/main.yml b/roles/web-app-elk/tasks/main.yml index 74202d83..3d04767d 100644 --- a/roles/web-app-elk/tasks/main.yml +++ b/roles/web-app-elk/tasks/main.yml @@ -1,8 +1,8 @@ --- -- name: "include role srv-proxy-6-6-domain for {{ application_id }}" +- name: "include role srv-domain-provision for {{ application_id }}" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-app-fusiondirectory/README.md b/roles/web-app-fusiondirectory/README.md index 0d11cb5b..445766e7 100644 --- a/roles/web-app-fusiondirectory/README.md +++ b/roles/web-app-fusiondirectory/README.md @@ -9,7 +9,7 @@ This Ansible role deploys and configures [FusionDirectory](https://www.fusiondir - Loads and templating of FusionDirectory-specific variables - Generates a `.env` file for the container environment - Deploys the FusionDirectory container via Docker Compose -- Configures NGINX (via the `srv-proxy-6-6-domain` role) to expose the service +- Configures NGINX (via the `srv-domain-provision` role) to expose the service - Integrates with your central LDAP server for authentication ## Features diff --git a/roles/web-app-mastodon/tasks/main.yml b/roles/web-app-mastodon/tasks/main.yml index 0fd9b3bc..2284aff9 100644 --- a/roles/web-app-mastodon/tasks/main.yml +++ b/roles/web-app-mastodon/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: "Include setup for domain '{{ domain }}'" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision loop: "{{ domains['web-app-mastodon'] }}" loop_control: loop_var: domain diff --git a/roles/web-app-matrix/tasks/03_webserver.yml b/roles/web-app-matrix/tasks/03_webserver.yml index 89aea52d..b3f93157 100644 --- a/roles/web-app-matrix/tasks/03_webserver.yml +++ b/roles/web-app-matrix/tasks/03_webserver.yml @@ -9,16 +9,16 @@ src: "well-known.j2" dest: "{{ MATRIX_WELL_KNOWN_FILE }}" -- name: "include role srv-proxy-6-6-domain for {{ MATRIX_ELEMENT_DOMAIN }}" +- name: "include role srv-domain-provision for {{ MATRIX_ELEMENT_DOMAIN }}" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision vars: domain: "{{ MATRIX_ELEMENT_DOMAIN }}" http_port: "{{ MATRIX_ELEMENT_PORT }}" - name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}" include_role: - name: srv-web-7-6-composer + name: srv-composer vars: domain: "{{ MATRIX_SYNAPSE_DOMAIN }}" http_port: "{{ MATRIX_SYNAPSE_PORT }}" diff --git a/roles/web-app-matrix/templates/nginx.conf.j2 b/roles/web-app-matrix/templates/nginx.conf.j2 index ac6dc86f..a3bd5bb0 100644 --- a/roles/web-app-matrix/templates/nginx.conf.j2 +++ b/roles/web-app-matrix/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} # For the federation port listen {{ FEDERATION_PORT }} ssl default_server; @@ -8,7 +8,7 @@ server { {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} - {% include 'roles/srv-proxy-7-4-core/templates/location/upload.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/upload.conf.j2' %} } diff --git a/roles/web-app-mybb/tasks/main.yml b/roles/web-app-mybb/tasks/main.yml index 08058176..c3deefb8 100644 --- a/roles/web-app-mybb/tasks/main.yml +++ b/roles/web-app-mybb/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-proxy-7-4-core' + - name: Include dependency 'srv-proxy-core' include_role: - name: srv-proxy-7-4-core - when: run_once_srv_proxy_7_4_core is not defined + name: srv-proxy-core + when: run_once_srv_proxy_core is not defined - include_tasks: utils/run_once.yml when: run_once_web_app_mybb is not defined diff --git a/roles/web-app-mybb/tasks/setup-domain.yml b/roles/web-app-mybb/tasks/setup-domain.yml index 94636324..b7d92143 100644 --- a/roles/web-app-mybb/tasks/setup-domain.yml +++ b/roles/web-app-mybb/tasks/setup-domain.yml @@ -1,12 +1,12 @@ - name: "include role receive certbot certificate" include_role: - name: srv-web-6-6-tls-core + name: srv-tls-core vars: domain: "{{ domains | get_domain(application_id) }}" - name: configure {{ domains | get_domain(application_id) }}.conf template: - src: "roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2" + src: "roles/srv-proxy-core/templates/vhost/basic.conf.j2" dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf" notify: restart openresty vars: diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index 67381a00..129b26f7 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -11,7 +11,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer - name: create nextcloud proxy configuration file template: diff --git a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 index 7cf082dc..00abe54a 100644 --- a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 @@ -4,7 +4,7 @@ server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} @@ -19,7 +19,7 @@ server client_body_buffer_size 400M; fastcgi_buffers 64 4K; - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} location ^~ /.well-known { rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; diff --git a/roles/web-app-peertube/tasks/create-domains.yml b/roles/web-app-peertube/tasks/create-domains.yml index 45652dc8..f31c39e7 100644 --- a/roles/web-app-peertube/tasks/create-domains.yml +++ b/roles/web-app-peertube/tasks/create-domains.yml @@ -1,6 +1,6 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer - name: configure {{ domain }}.conf template: diff --git a/roles/web-app-peertube/templates/peertube.conf.j2 b/roles/web-app-peertube/templates/peertube.conf.j2 index 5f1e2808..5296ba90 100644 --- a/roles/web-app-peertube/templates/peertube.conf.j2 +++ b/roles/web-app-peertube/templates/peertube.conf.j2 @@ -1,18 +1,18 @@ server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} ## # Application ## {% set location = "@html" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} location / { try_files /dev/null {{ location }}; @@ -45,7 +45,7 @@ server { ## {% set location_ws = "@websocket" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} location /socket.io { try_files /dev/null {{ location_ws }}; diff --git a/roles/web-app-syncope/tasks/main.yml b/roles/web-app-syncope/tasks/main.yml index 569ba1ce..98aad797 100644 --- a/roles/web-app-syncope/tasks/main.yml +++ b/roles/web-app-syncope/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer - name: "load docker and db for {{ application_id }}" include_role: diff --git a/roles/web-app-syncope/templates/proxy.conf b/roles/web-app-syncope/templates/proxy.conf index f0598404..e02f180d 100644 --- a/roles/web-app-syncope/templates/proxy.conf +++ b/roles/web-app-syncope/templates/proxy.conf @@ -13,10 +13,10 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% for path in syncope_paths.values() %} {% set location = WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2'%} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2'%} {% endfor %} } \ No newline at end of file diff --git a/roles/web-app-taiga/README.md b/roles/web-app-taiga/README.md index d95062ba..30bff843 100644 --- a/roles/web-app-taiga/README.md +++ b/roles/web-app-taiga/README.md @@ -39,7 +39,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems — - [taiga-contrib-oidc-auth (official)](https://github.com/taigaio/taiga-contrib-oidc-auth) - 📨 **Email Backend:** Supports SMTP and console backends for development. - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system. -- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `srv-proxy-6-6-domain` role. +- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `srv-domain-provision` role. - 🧩 **Composable Design:** Integrates cleanly with other Infinito.Nexus infrastructure roles. --- diff --git a/roles/web-app-wordpress/tasks/main.yml b/roles/web-app-wordpress/tasks/main.yml index 82ff660a..97c0daf8 100644 --- a/roles/web-app-wordpress/tasks/main.yml +++ b/roles/web-app-wordpress/tasks/main.yml @@ -1,7 +1,7 @@ --- -- name: "Include role srv-proxy-6-6-domain for {{ application_id }}" +- name: "Include role srv-domain-provision for {{ application_id }}" include_role: - name: srv-proxy-6-6-domain + name: srv-domain-provision loop: "{{ wordpress_domains }}" loop_control: loop_var: domain diff --git a/roles/web-opt-rdr-domains/README.md b/roles/web-opt-rdr-domains/README.md index a7e0c193..c09e6704 100644 --- a/roles/web-opt-rdr-domains/README.md +++ b/roles/web-opt-rdr-domains/README.md @@ -9,7 +9,7 @@ This Ansible role configures Nginx to perform 301 redirects from one domain to a ## Dependencies -- `srv-web-7-6-https`: A role for setting up HTTPS for Nginx +- `srv-https-stack`: A role for setting up HTTPS for Nginx - `letsencrypt`: A role for managing SSL certificates with Let's Encrypt ## Author Information diff --git a/roles/web-opt-rdr-domains/tasks/main.yml b/roles/web-opt-rdr-domains/tasks/main.yml index 23469159..4b8defae 100644 --- a/roles/web-opt-rdr-domains/tasks/main.yml +++ b/roles/web-opt-rdr-domains/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-web-7-6-https' + - name: Include dependency 'srv-https-stack' include_role: - name: srv-web-7-6-https - when: run_once_srv_web_7_6_https is not defined + name: srv-https-stack + when: run_once_srv_https_stack is not defined - include_tasks: utils/run_once.yml when: run_once_web_opt_rdr_domains is not defined diff --git a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml index 42b72696..ed72875b 100644 --- a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml +++ b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml @@ -1,6 +1,6 @@ - name: "include task receive certbot certificate" include_role: - name: srv-web-6-6-tls-core + name: srv-tls-core - name: "Deploying NGINX redirect configuration for '{{ domain }}'" template: diff --git a/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 b/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 index c30f8240..1c95bde1 100644 --- a/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 +++ b/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 @@ -1,6 +1,6 @@ server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} return 301 https://{{ target }}$request_uri; } diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index 7dcd5552..ba043b9a 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-web-7-4-core' + - name: Include dependency 'srv-core' include_role: - name: srv-web-7-4-core - when: run_once_srv_web_7_4_core is not defined + name: srv-core + when: run_once_srv_core is not defined - include_tasks: utils/run_once.yml when: run_once_web_opt_rdr_www is not defined diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index fef8ffd6..49c84eb7 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -2,12 +2,12 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-6-https + - srv-https-stack - dev-git - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer vars: http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-cdn/templates/nginx.conf.j2 b/roles/web-svc-cdn/templates/nginx.conf.j2 index 4092f5e5..8464204f 100644 --- a/roles/web-svc-cdn/templates/nginx.conf.j2 +++ b/roles/web-svc-cdn/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-collabora/templates/nginx.conf.j2 b/roles/web-svc-collabora/templates/nginx.conf.j2 index 934982bf..2867241f 100644 --- a/roles/web-svc-collabora/templates/nginx.conf.j2 +++ b/roles/web-svc-collabora/templates/nginx.conf.j2 @@ -1,22 +1,22 @@ server { server_name {{ domain }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #} {% set proxy_lua_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {# Optional explicit fast path for discovery #} {% set location = "= " ~ container_healthcheck %} - {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} {# WebSocket handling for Collabora #} {% set location_ws = '^~ /cool/' %} {% set ws_port = http_port %} - {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} } diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index 8786edfe..7c94649e 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -3,14 +3,14 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-6-https + - srv-https-stack - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_file is not defined - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-file/templates/nginx.conf.j2 b/roles/web-svc-file/templates/nginx.conf.j2 index 8c60172b..8e42af95 100644 --- a/roles/web-svc-file/templates/nginx.conf.j2 +++ b/roles/web-svc-file/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index 598733e1..7ab50392 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -3,14 +3,14 @@ include_role: name: '{{ item }}' loop: - - srv-web-7-6-https + - srv-https-stack - dev-git - include_tasks: utils/run_once.yml when: run_once_web_svc_html is not defined - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-web-7-6-composer + name: srv-composer vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-html/templates/nginx.conf.j2 b/roles/web-svc-html/templates/nginx.conf.j2 index 5dcd3762..586a8ce6 100644 --- a/roles/web-svc-html/templates/nginx.conf.j2 +++ b/roles/web-svc-html/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} charset utf-8;