Renamed webserver roles to more speakable names

roles/cmp-db-docker-proxy/README.md

@@ -8,4 +8,4 @@ This role builds on `cmp-db-docker` by adding a reverse-proxy frontend for HTTP
   Leverages the `cmp-db-docker` role to stand up your containerized database (PostgreSQL, MariaDB, etc.) with backups and user management.
 
 - **Reverse Proxy**  
-  Includes the `srv-proxy-6-6-domain` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.
+  Includes the `srv-domain-provision` role to configure a proxy (e.g. nginx) for routing HTTP(S) traffic to your database UI or management endpoint.

roles/cmp-db-docker-proxy/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
   description: >
-    Extends cmp-db-docker by adding an HTTP reverse proxy via srv-proxy-6-6-domain.
+    Extends cmp-db-docker by adding an HTTP reverse proxy via srv-domain-provision.
   company: |
     Kevin Veen-Birkenbach
     Consulting & Coaching Solutions

roles/cmp-db-docker-proxy/tasks/main.yml

@@ -8,9 +8,9 @@
   include_role:
     name: cmp-db-docker
 
-- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain"
+- name: "For '{{ application_id }}': include role srv-domain-provision"
   include_role:
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   vars:
     domain:     "{{ domains | get_domain(application_id) }}"
     http_port:  "{{ ports.localhost.http[application_id] }}"

roles/cmp-docker-proxy/README.md

@@ -8,4 +8,4 @@ This role combines the standard Docker Compose setup with a reverse-proxy for an
   Brings up containers, networks, and volumes via the `docker-compose` role.
 
 - **Reverse Proxy**  
-  Uses the `srv-proxy-6-6-domain` role to expose your application under a custom domain and port.
+  Uses the `srv-domain-provision` role to expose your application under a custom domain and port.

roles/cmp-docker-proxy/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   author: "Kevin Veen-Birkenbach"
   description: >
-    Combines the docker-compose role with srv-proxy-6-6-domain to
+    Combines the docker-compose role with srv-domain-provision to
     deploy applications behind a reverse proxy.
   company: |
     Kevin Veen-Birkenbach

roles/cmp-docker-proxy/tasks/main.yml

@@ -1,9 +1,9 @@
 # run_once_cmp_docker_proxy: deactivated
 
 # Load the proxy first, so that openresty handlers are flushed before the main docker compose
-- name: "For '{{ application_id }}': include role srv-proxy-6-6-domain"
+- name: "For '{{ application_id }}': include role srv-domain-provision"
   include_role:
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"

roles/docker-compose/README.md

@@ -20,7 +20,7 @@ To offer a centralized, extensible system for managing containerized application
 - **Reset Logic:** Cleans previous Compose project files and data when `MODE_RESET` is enabled.
 - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers.
 - **Template-ready Service Files:** Predefined service base and health check templates.
-- **Integration Support:** Compatible with `srv-proxy-7-4-core` and other Infinito.Nexus service roles.
+- **Integration Support:** Compatible with `srv-proxy-core` and other Infinito.Nexus service roles.
 
 ## Administration Tips
 

roles/srv-composer/README.md

@@ -1,10 +1,10 @@
-# Role: srv-web-7-6-composer
+# Role: srv-composer
 
 This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
 
 1. **`sys-srv-web-inj-compose`**
    Injects global HTML snippets (CSS, Matomo tracking, iFrame notifier, custom JavaScript) into responses using Nginx `sub_filter`.
-2. **`srv-web-6-6-tls-core`**
+2. **`srv-tls-core`**
    Handles issuing, renewing, and managing TLS certificates via ACME/Certbot.
 
 By combining encryption setup with content enhancements, this role streamlines domain provisioning for secure, fully-featured HTTP/HTTPS delivery.
@@ -16,7 +16,7 @@ By combining encryption setup with content enhancements, this role streamlines d
 * **Content Injection**
   Adds global theming, analytics, and custom scripts before `</head>` and tracking noscript tags before `</body>`.
 * **Certificate Management**
-  Automates cert issuance and renewal via `srv-web-6-6-tls-core`.
+  Automates cert issuance and renewal via `srv-tls-core`.
 * **Idempotent Workflow**
   Ensures each component runs only once per domain.
 * **Simplified Playbooks**

roles/srv-composer/meta/main.yml

@@ -27,4 +27,4 @@ galaxy_info:
     - orchestration
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-web-7-6-composer"
+  documentation: "https://s.infinito.nexus/code/roles/srv-composer"

roles/srv-composer/tasks/main.yml

@@ -0,0 +1,9 @@
+# run_once_srv_composer: deactivated
+
+- name: "include role sys-srv-web-inj-compose for '{{ domain }}'"
+  include_role: 
+    name: sys-srv-web-inj-compose
+
+- name: "include role srv-tls-core for '{{ domain }}'"
+  include_role: 
+    name: srv-tls-core

roles/srv-core/meta/main.yml

@@ -18,4 +18,4 @@ galaxy_info:
     - performance
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-web-7-4-core"
+  documentation: "https://s.infinito.nexus/code/roles/srv-core"

roles/srv-core/tasks/main.yml

@@ -2,4 +2,4 @@
 - block:
   - include_tasks: 01_core.yml
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_web_7_4_core is not defined
+  when: run_once_srv_core is not defined

roles/srv-domain-provision/README.md

@@ -6,11 +6,11 @@ This role bootstraps **per-domain Nginx configuration**: it requests TLS certifi
 
 ## Overview
 
-A higher-level orchestration wrapper, *srv-proxy-6-6-domain* ties together several lower-level roles:
+A higher-level orchestration wrapper, *srv-domain-provision* ties together several lower-level roles:
 
 1. **`sys-srv-web-inj-compose`** – applies global tweaks and includes.  
-2. **`srv-web-6-6-tls-core`** – obtains Let’s Encrypt certificates.  
-3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-7-4-core*.  
+2. **`srv-tls-core`** – obtains Let’s Encrypt certificates.  
+3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*.  
 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
 
 The result is a complete, reproducible domain rollout in a single playbook task.

roles/srv-domain-provision/defaults/main.yml

@@ -2,4 +2,4 @@
 vhost_flavour:        "basic"               # valid: basic | ws_generic
 
 # build the full template path from the flavour
-vhost_template_src:   "roles/srv-proxy-7-4-core/templates/vhost/{{ vhost_flavour }}.conf.j2"
+vhost_template_src:   "roles/srv-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2"

roles/srv-domain-provision/tasks/cloudflare/02_enable_cf_dev_mode.yml

@@ -1,4 +1,4 @@
-# roles/srv-proxy-6-6-domain/tasks/02_enable_cf_dev_mode.yml
+# roles/srv-domain-provision/tasks/02_enable_cf_dev_mode.yml
 ---
 # Enables Cloudflare Development Mode (bypasses cache for ~3 hours).
 # Uses the same auth token as in 01_cleanup.yml: CLOUDFLARE_API_TOKEN

roles/srv-domain-provision/tasks/main.yml

@@ -1,10 +1,10 @@
 - block:
-  - name: Include dependency 'srv-proxy-7-4-core'
+  - name: Include dependency 'srv-proxy-core'
     include_role:
-      name: srv-proxy-7-4-core
-    when: run_once_srv_proxy_7_4_core is not defined
+      name: srv-proxy-core
+    when: run_once_srv_proxy_core is not defined
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_proxy_6_6_domain is not defined
+  when: run_once_srv_domain_provision is not defined
 
 - include_tasks: "01_cloudflare.yml"
   when: DNS_PROVIDER == "cloudflare"
@@ -15,7 +15,7 @@
 
 - name: "include role for {{ domain }} to receive certificates and do the modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
 
 - name: "Copy nginx config to {{ configuration_destination }}"
   template:

roles/srv-https-stack/README.md

@@ -1,23 +1,23 @@
 # Webserver HTTPS Provisioning 🚀
 
 ## Description
-The **srv-web-7-6-https** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
+The **srv-https-stack** role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:
 
 1. Ensures your Nginx server is configured for SSL/TLS.
 2. Pulls in Let’s Encrypt ACME challenge handling.
 3. Applies global cleanup of unused domain configs.
 
-This role is built on top of your existing `srv-web-7-4-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
+This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
 
 ---
 
 ## Overview
 
-When you apply **srv-web-7-6-https**, it will:
+When you apply **srv-https-stack**, it will:
 
-1. **Include** the `srv-web-7-4-core` role to install and configure Nginx.  
+1. **Include** the `srv-core` role to install and configure Nginx.  
 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.  
-3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-web-7-7-letsencrypt`.  
+3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-letsencrypt`.  
 4. **Reload** Nginx automatically when any template changes.
 
 All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.
@@ -42,7 +42,7 @@ All tasks are idempotent—once your certificates are in place and your configur
 
 ## Requirements
 
-- A working `srv-web-7-4-core` setup.
+- A working `srv-core` setup.
 - DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow.
 - Variables:
   - `LETSENCRYPT_WEBROOT_PATH`  

roles/srv-https-stack/tasks/main.yml

@@ -3,8 +3,8 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-web-7-4-core
+    - srv-core
     - sys-svc-cln-domains
-    - srv-web-7-7-letsencrypt
+    - srv-letsencrypt
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_web_7_6_https is not defined
+  when: run_once_srv_https_stack is not defined

roles/srv-letsencrypt/tasks/main.yml

@@ -1,4 +1,4 @@
 - block:
   - include_tasks: 01_core.yml
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_web_7_7_letsencrypt is not defined
+  when: run_once_srv_letsencrypt is not defined

roles/srv-letsencrypt/templates/ssl_header.j2

@@ -12,4 +12,4 @@ ssl_session_tickets on;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
-{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %}
+{% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}

roles/srv-proxy-core/README.md

@@ -16,7 +16,7 @@ The goal of this role is to deliver a **hassle-free, production-ready reverse pr
 
 ## Features
 
-- **Automatic TLS & HSTS** — integrates with the *srv-web-7-6-https* role for certificate management.  
+- **Automatic TLS & HSTS** — integrates with the *srv-https-stack* role for certificate management.  
 - **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications.  
 - **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings.  
 - **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured.  

roles/srv-proxy-core/tasks/main.yml

@@ -3,7 +3,7 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-web-7-6-https
-    - srv-web-7-4-core
+    - srv-https-stack
+    - srv-core
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_proxy_7_4_core is not defined
+  when: run_once_srv_proxy_core is not defined

roles/srv-proxy-core/templates/location/README.md

@@ -1,6 +1,6 @@
 # Nginx Location Templates
 
-This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-7-4-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
+This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
 
 ---
 

roles/srv-proxy-core/templates/location/html.conf.j2

@@ -16,7 +16,7 @@ location {{location}}
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
 
-  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
 
   # WebSocket specific header
   proxy_http_version 1.1;

roles/srv-proxy-core/templates/vhost/basic.conf.j2

@@ -13,7 +13,7 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
     {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %}
@@ -22,38 +22,38 @@ server
       {# 1. Expose everything by default, then protect blacklisted paths #}
       {% set oauth2_proxy_enabled = false %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
       {% for loc in acl.blacklist %}
         {% set oauth2_proxy_enabled = true %}
         {% set location = loc %}
-        {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
       {% endfor %}
 
     {% elif acl.whitelist is defined %}
       {# 2. Protect everything by default, then expose whitelisted paths #}
       {% set oauth2_proxy_enabled = true %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
       {% for loc in acl.whitelist %}
         {% set oauth2_proxy_enabled = false %}
         {% set location = loc %}
-        {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
       {% endfor %}
 
     {% else %}
       {# 3. OAuth2 enabled but no (or empty) ACL — protect all #}
       {% set oauth2_proxy_enabled = true %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
     {% endif %}
 
   {% else %}
     {# 4. OAuth2 completely disabled — expose all #}
     {% set oauth2_proxy_enabled = false %}
     {% set location = "/" %}
-    {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
   {% endif %}
 
 }

roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2' %}
 
@@ -25,10 +25,10 @@ server {
 
   add_header Strict-Transport-Security "max-age=31536000";
 
-  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
   {% if location_ws is defined %}
-    {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %}
+    {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
   {% endif %}
 
   error_page 500 501 502 503 504 /500.html;

roles/srv-tls-core/tasks/main.yml

@@ -1,10 +1,10 @@
 - block:
-  - name: Include dependency 'srv-web-7-6-https'
+  - name: Include dependency 'srv-https-stack'
     include_role:
-      name: srv-web-7-6-https
-    when: run_once_srv_web_7_6_https is not defined
+      name: srv-https-stack
+    when: run_once_srv_https_stack is not defined
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_web_6_6_tls_core is not defined
+  when: run_once_srv_tls_core is not defined
 
 - name: "Include flavor '{{ CERTBOT_FLAVOR }}' for '{{ domain }}'"
   include_tasks: "{{ role_path }}/tasks/flavors/{{ CERTBOT_FLAVOR }}.yml"

roles/srv-web-7-6-composer/tasks/main.yml

@@ -1,9 +0,0 @@
-# run_once_srv_web_7_6_composer: deactivated
-
-- name: "include role sys-srv-web-inj-compose for '{{ domain }}'"
-  include_role: 
-    name: sys-srv-web-inj-compose
-
-- name: "include role srv-web-6-6-tls-core for '{{ domain }}'"
-  include_role: 
-    name: srv-web-6-6-tls-core

roles/svc-db-openldap/templates/nginx.stream.conf.j2

@@ -2,5 +2,5 @@ server {
     listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl;
     proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }};
     
-    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %}
+    {% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}
 }

roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml

@@ -3,7 +3,7 @@
     name: '{{ item }}'
   loop:
   - sys-svc-certbot
-  - srv-web-7-4-core
+  - srv-core
   - sys-ctl-alm-compose
 
 - name: install certbot

roles/sys-srv-web-inj-compose/tasks/main.yml

@@ -3,10 +3,10 @@
     inj_enabled: "{{ applications | inj_enabled(application_id, SRV_WEB_INJ_COMP_FEATURES_ALL) }}"
 
 - block:
-  - name: Include dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-core'
     include_role:
-      name: srv-web-7-4-core
-    when: run_once_srv_web_7_4_core is not defined
+      name: srv-core
+    when: run_once_srv_core is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_srv_web_inj_compose is not defined
 

roles/sys-srv-web-inj-css/tasks/01_core.yml

@@ -1,7 +1,7 @@
-- name: Include dependency 'srv-web-7-4-core'
+- name: Include dependency 'srv-core'
   include_role:
-    name: srv-web-7-4-core
-  when: run_once_srv_web_7_4_core is not defined
+    name: srv-core
+  when: run_once_srv_core is not defined
 
 - name: Generate color palette with colorscheme-generator
   set_fact:

roles/sys-srv-web-inj-desktop/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-core'
     include_role:
-      name: srv-web-7-4-core
-    when: run_once_srv_web_7_4_core is not defined
+      name: srv-core
+    when: run_once_srv_core is not defined
   - include_tasks: 01_deploy.yml
   - include_tasks: utils/run_once.yml
   when: run_once_sys_srv_web_inj_desktop is not defined

roles/sys-srv-web-inj-javascript/tasks/main.yml

@@ -1,9 +1,9 @@
 - block:
 
-  - name: Include dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-core'
     include_role:
-      name: srv-web-7-4-core
-    when: run_once_srv_web_7_4_core is not defined
+      name: srv-core
+    when: run_once_srv_core is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_srv_web_inj_javascript is not defined
 

roles/sys-srv-web-inj-logout/tasks/01_core.yml

@@ -1,8 +1,8 @@
-- name: Include dependency 'srv-web-7-4-core'
+- name: Include dependency 'srv-core'
   include_role:
-    name: srv-web-7-4-core
+    name: srv-core
   when: 
-    - run_once_srv_web_7_4_core is not defined
+    - run_once_srv_core is not defined
   
 - name: "deploy the logout.js"
   include_tasks: "02_deploy.yml"

roles/sys-srv-web-inj-matomo/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-core'
     include_role:
-      name: srv-web-7-4-core
-    when: run_once_srv_web_7_4_core is not defined
+      name: srv-core
+    when: run_once_srv_core is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_srv_web_inj_matomo is not defined
 

roles/sys-svc-cln-domains/tasks/main.yml

@@ -3,7 +3,7 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-web-7-4-core
+    - srv-core
 
   - name: Include task to remove deprecated nginx configs
     include_tasks: remove_deprecated_nginx_configs.yml

roles/web-app-attendize/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "For '{{ application_id }}': include role to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
   vars:
     domain: "{{ item }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"
@@ -17,7 +17,7 @@
     
 - name: "For '{{ application_id }}': configure {{ domains | get_domain(application_id) }}.conf"
   template: 
-    src: roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 
+    src: roles/srv-proxy-core/templates/vhost/basic.conf.j2 
     dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf"
   notify: restart openresty
 

roles/web-app-bigbluebutton/README.md

@@ -35,7 +35,7 @@ By default, BigBlueButton is deployed with best-practice hardening, modular secr
 ## System Requirements
 
 - Arch Linux with Docker, Compose, and Nginx roles pre-installed
-- DNS and reverse proxy configuration using `srv-proxy-7-4-core`
+- DNS and reverse proxy configuration using `srv-proxy-core`
 - Functional email system for Greenlight SMTP
 
 ## Important Resources

roles/web-app-bigbluebutton/tasks/main.yml

@@ -3,7 +3,7 @@
   set_fact:
     proxy_extra_configuration: >-
       {{ lookup('ansible.builtin.template',
-                playbook_dir ~ '/roles/srv-proxy-7-4-core/templates/location/html.conf.j2') | trim }}
+                playbook_dir ~ '/roles/srv-proxy-core/templates/location/html.conf.j2') | trim }}
   vars:
     location: '^~ /html5client'
     oauth2_proxy_enabled: false

roles/web-app-bluesky/tasks/main.yml

@@ -2,9 +2,9 @@
   include_role: 
     name: docker-compose
 
-- name: "include role srv-proxy-6-6-domain for {{ application_id }}"
+- name: "include role srv-domain-provision for {{ application_id }}"
   include_role:
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   vars:
     domain: "{{ item.domain }}"
     http_port: "{{ item.http_port }}"

roles/web-app-elk/tasks/main.yml

@@ -1,8 +1,8 @@
 ---
 
-- name: "include role srv-proxy-6-6-domain for {{ application_id }}"
+- name: "include role srv-domain-provision for {{ application_id }}"
   include_role:
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   vars:
     domain:   "{{ domains | get_domain(application_id) }}"
     http_port:   "{{ ports.localhost.http[application_id] }}"

roles/web-app-fusiondirectory/README.md

@@ -9,7 +9,7 @@ This Ansible role deploys and configures [FusionDirectory](https://www.fusiondir
 - Loads and templating of FusionDirectory-specific variables  
 - Generates a `.env` file for the container environment  
 - Deploys the FusionDirectory container via Docker Compose  
-- Configures NGINX (via the `srv-proxy-6-6-domain` role) to expose the service  
+- Configures NGINX (via the `srv-domain-provision` role) to expose the service  
 - Integrates with your central LDAP server for authentication  
 
 ## Features

roles/web-app-mastodon/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "Include setup for domain '{{ domain }}'"
   include_role: 
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   loop: "{{ domains['web-app-mastodon'] }}"
   loop_control:
     loop_var: domain

roles/web-app-matrix/tasks/03_webserver.yml

@@ -9,16 +9,16 @@
     src:  "well-known.j2" 
     dest: "{{ MATRIX_WELL_KNOWN_FILE }}"
         
-- name: "include role srv-proxy-6-6-domain for {{ MATRIX_ELEMENT_DOMAIN }}"
+- name: "include role srv-domain-provision for {{ MATRIX_ELEMENT_DOMAIN }}"
   include_role: 
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   vars:        
     domain:     "{{ MATRIX_ELEMENT_DOMAIN }}"
     http_port:  "{{ MATRIX_ELEMENT_PORT }}"
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
   vars:
     domain:     "{{ MATRIX_SYNAPSE_DOMAIN }}"
     http_port:  "{{ MATRIX_SYNAPSE_PORT }}"

roles/web-app-matrix/templates/nginx.conf.j2

@@ -1,6 +1,6 @@
 server {
     server_name {{ domain }};
-    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+    {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port
     listen {{ FEDERATION_PORT }} ssl default_server;
@@ -8,7 +8,7 @@ server {
 
     {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
 
-    {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
-    {% include 'roles/srv-proxy-7-4-core/templates/location/upload.conf.j2' %}
+    {% include 'roles/srv-proxy-core/templates/location/upload.conf.j2' %}
 }

roles/web-app-mybb/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-proxy-7-4-core'
+  - name: Include dependency 'srv-proxy-core'
     include_role:
-      name: srv-proxy-7-4-core
-    when: run_once_srv_proxy_7_4_core is not defined
+      name: srv-proxy-core
+    when: run_once_srv_proxy_core is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_web_app_mybb is not defined
 

roles/web-app-mybb/tasks/setup-domain.yml

@@ -1,12 +1,12 @@
 - name: "include role receive certbot certificate"
   include_role: 
-    name: srv-web-6-6-tls-core
+    name: srv-tls-core
   vars:
     domain: "{{ domains | get_domain(application_id) }}"
 
 - name: configure {{ domains | get_domain(application_id) }}.conf
   template: 
-    src:  "roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2" 
+    src:  "roles/srv-proxy-core/templates/vhost/basic.conf.j2" 
     dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domains | get_domain(application_id) }}.conf"
   notify: restart openresty
   vars: 

roles/web-app-nextcloud/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
 
 - name: create nextcloud proxy configuration file
   template: 

roles/web-app-nextcloud/templates/nginx/host.conf.j2

@@ -4,7 +4,7 @@ server
 {
   server_name {{ domain }};
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
 
@@ -19,7 +19,7 @@ server
   client_body_buffer_size 400M;
   fastcgi_buffers 64 4K;
 
-  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
   location ^~ /.well-known {
     rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;

roles/web-app-peertube/tasks/create-domains.yml

@@ -1,6 +1,6 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
 
 - name: configure {{ domain }}.conf
   template: 

roles/web-app-peertube/templates/peertube.conf.j2

@@ -1,18 +1,18 @@
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
   
-  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
   
   ##
   # Application
   ##
 
   {% set location = "@html" %}
-  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
   location / {
     try_files /dev/null {{ location }};
@@ -45,7 +45,7 @@ server {
   ##
 
   {% set location_ws = "@websocket" %}
-  {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
 
   location /socket.io {
     try_files /dev/null {{ location_ws }};

roles/web-app-syncope/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
 
 - name: "load docker and db for {{ application_id }}"
   include_role: 

roles/web-app-syncope/templates/proxy.conf

@@ -13,10 +13,10 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% for path in syncope_paths.values() %}
     {% set location =  WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}
-    {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2'%}
+    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2'%}
   {% endfor %}
 }

roles/web-app-taiga/README.md

@@ -39,7 +39,7 @@ By using this role, teams can set up Taiga in minutes on Arch Linux systems —
     - [taiga-contrib-oidc-auth (official)](https://github.com/taigaio/taiga-contrib-oidc-auth)
 - 📨 **Email Backend:** Supports SMTP and console backends for development.
 - 🔁 **Async & Realtime Events:** Includes RabbitMQ and support for Taiga’s event system.
-- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `srv-proxy-6-6-domain` role.
+- 🌐 **Reverse Proxy Ready:** Integrates with Nginx using the `srv-domain-provision` role.
 - 🧩 **Composable Design:** Integrates cleanly with other Infinito.Nexus infrastructure roles.
 
 ---

roles/web-app-wordpress/tasks/main.yml

@@ -1,7 +1,7 @@
 ---
-- name: "Include role srv-proxy-6-6-domain for {{ application_id }}"
+- name: "Include role srv-domain-provision for {{ application_id }}"
   include_role:
-    name: srv-proxy-6-6-domain
+    name: srv-domain-provision
   loop: "{{ wordpress_domains }}"
   loop_control:
     loop_var: domain

roles/web-opt-rdr-domains/README.md

@@ -9,7 +9,7 @@ This Ansible role configures Nginx to perform 301 redirects from one domain to a
 
 ## Dependencies
 
-- `srv-web-7-6-https`: A role for setting up HTTPS for Nginx
+- `srv-https-stack`: A role for setting up HTTPS for Nginx
 - `letsencrypt`: A role for managing SSL certificates with Let's Encrypt
 
 ## Author Information

roles/web-opt-rdr-domains/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-web-7-6-https'
+  - name: Include dependency 'srv-https-stack'
     include_role:
-      name: srv-web-7-6-https
-    when: run_once_srv_web_7_6_https is not defined
+      name: srv-https-stack
+    when: run_once_srv_https_stack is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_web_opt_rdr_domains is not defined
 

roles/web-opt-rdr-domains/tasks/redirect-domain.yml

@@ -1,6 +1,6 @@
 - name: "include task receive certbot certificate"
   include_role: 
-    name: srv-web-6-6-tls-core
+    name: srv-tls-core
 
 - name: "Deploying NGINX redirect configuration for '{{ domain }}'"
   template:

roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2

@@ -1,6 +1,6 @@
 server {
   server_name {{ domain }};
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   return 301 https://{{ target }}$request_uri;
 }

roles/web-opt-rdr-www/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-web-7-4-core'
+  - name: Include dependency 'srv-core'
     include_role:
-      name: srv-web-7-4-core
-    when: run_once_srv_web_7_4_core is not defined
+      name: srv-core
+    when: run_once_srv_core is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_web_opt_rdr_www is not defined
 

roles/web-svc-cdn/tasks/01_core.yml

@@ -2,12 +2,12 @@
   include_role:
     name: '{{ item }}'
   loop:
-  - srv-web-7-6-https
+  - srv-https-stack
   - dev-git
   
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
   vars:
     http_port: "{{ ports.localhost.http[application_id] }}"
 

roles/web-svc-cdn/templates/nginx.conf.j2

@@ -2,11 +2,11 @@ server
 {
   server_name {{ domains | get_domain(application_id) }};
   
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
   
   charset utf-8;
   

roles/web-svc-collabora/templates/nginx.conf.j2

@@ -1,22 +1,22 @@
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
 
   {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #}
   {% set proxy_lua_enabled = false %}
   {% set location = "/" %}
-  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
   {# Optional explicit fast path for discovery #}
   {% set location = "= " ~ container_healthcheck %}
-  {% include 'roles/srv-proxy-7-4-core/templates/location/html.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
 
   {# WebSocket handling for Collabora #}
   {% set location_ws = '^~ /cool/' %}
   {% set ws_port = http_port %}
-  {% include 'roles/srv-proxy-7-4-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
 }

roles/web-svc-file/tasks/main.yml

@@ -3,14 +3,14 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-web-7-6-https
+    - srv-https-stack
     - dev-git
   - include_tasks: utils/run_once.yml
   when: run_once_web_svc_file is not defined
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
   vars:
     domain: "{{ domains | get_domain(application_id) }}"
     http_port: "{{ ports.localhost.http[application_id] }}"

roles/web-svc-file/templates/nginx.conf.j2

@@ -2,11 +2,11 @@ server
 {
   server_name {{ domains | get_domain(application_id) }};
   
-  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-srv-web-inj-compose/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
   
   charset utf-8;
   

roles/web-svc-html/tasks/main.yml

@@ -3,14 +3,14 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-web-7-6-https
+    - srv-https-stack
     - dev-git
   - include_tasks: utils/run_once.yml
   when: run_once_web_svc_html is not defined
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-web-7-6-composer
+    name: srv-composer
   vars:
     domain: "{{ domains | get_domain(application_id) }}"
     http_port: "{{ ports.localhost.http[application_id] }}"