Removed unecessary application_id s

roles/alert-compose/vars/main.yml

@@ -1 +0,0 @@
-application_id: compose

roles/alert-telegram/vars/main.yml

@@ -1,3 +1,2 @@
 systemd_telegram_folder: /opt/ansible-roles/alert-telegram/
 systemd_telegram_script: '{{systemd_telegram_folder}}alert-telegram.sh'
-application_id: telegram

roles/categories.yml

@@ -82,7 +82,7 @@ roles:
     title: "Alerting"
     description: "Notification handlers for system events"
     icon: "fas fa-bell"
-    invokable: true
+    invokable: false
   maint:
     title: "Maintenance & Healing"
     description: "Periodic maintenance & auto-recovery"

roles/net-dns-records/vars/main.yml

@@ -1 +0,0 @@
-application_id: dns-records

roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2

@@ -13,7 +13,7 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% if applications | is_feature_enabled('oauth2', application_id) %}
     {% set acl = applications[application_id].oauth2_proxy.acl | default({}) %}

roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
   server_name {{ domain }};
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2' %}
 
   client_max_body_size {{ client_max_body_size | default('100m') }};

roles/srv-web-7-6-https/README.md

@@ -17,7 +17,7 @@ When you apply **srv-web-7-6-https**, it will:
 
 1. **Include** the `srv-web-7-4-core` role to install and configure Nginx.  
 2. **Clean up** any stale vHost files under `cln-domains`.  
-3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `net-letsencrypt`.  
+3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-web-7-7-letsencrypt`.  
 4. **Reload** Nginx automatically when any template changes.
 
 All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

roles/srv-web-7-6-https/meta/main.yml

@@ -26,4 +26,4 @@ galaxy_info:
 dependencies:
   - srv-web-7-4-core
   - cln-domains
-  - net-letsencrypt
+  - srv-web-7-7-letsencrypt

roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2

@@ -12,4 +12,4 @@ ssl_session_tickets on;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
-{% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %}
+{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %}

roles/srv-web-7-7-letsencrypt/vars/main.yml

@@ -2,4 +2,3 @@ caa_entries:
 - tag: issue
   value: letsencrypt.org
 base_sld_domains: '{{ current_play_domains_all | generate_base_sld_domains }}'
-application_id: letsencrypt

roles/svc-openldap/templates/nginx.stream.conf.j2

@@ -2,5 +2,5 @@ server {
     listen {{ports.public.ldaps.ldap}}ssl;
     proxy_pass 127.0.0.1:{{ports.localhost.ldap.openldap}};
     
-    {% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %}
+    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %}
 }

roles/web-app-collabora/templates/nginx.conf.j2

@@ -1,7 +1,7 @@
 server {
   server_name {{domain}};
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%}
   

roles/web-app-gitea/tasks/main.yml

@@ -57,7 +57,7 @@
 
 - name: Include DNS role to register Gitea domain(s)
   include_role:
-    name: net-dns-records
+    name: srv-web-7-7-dns-records
   vars:
     cloudflare_api_token:   "{{ certbot_dns_api_token }}"
     cloudflare_domains:     "{{ [ domains | get_domain(application_id) ] }}"

roles/web-app-matrix/templates/nginx.conf.j2

@@ -5,7 +5,7 @@ server {
     {% set http_port = ports.localhost.http.synapse %}
 
     server_name {{domains.matrix.synapse}};
-    {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+    {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port
     listen 8448 ssl default_server;

roles/web-app-nextcloud/templates/nginx/host.conf.j2

@@ -4,7 +4,7 @@ server
 {
   server_name {{domain}};
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%}
   # Remove X-Powered-By, which is an information leak

roles/web-app-peertube/templates/peertube.conf.j2

@@ -1,7 +1,7 @@
 server {
   server_name {{domain}};
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%}
   

roles/web-app-syncope/templates/proxy.conf

@@ -13,7 +13,7 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% for path in syncope_paths.values() %}
     {% set location =  web_protocol ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}

roles/web-svc-file/templates/nginx.conf.j2

@@ -2,7 +2,7 @@ server
 {
   server_name {{domains | get_domain(application_id)}};
   
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%}
 

roles/web-svc-html/templates/nginx.conf.j2

@@ -2,7 +2,7 @@ server
 {
   server_name {{domains | get_domain(application_id)}};
   
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%}
 

roles/web-svc-redir-domains/templates/redirect.domain.nginx.conf.j2

@@ -1,6 +1,6 @@
 server {
   server_name {{ domain }};
-  {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %}
 
   return 301 https://{{ target }}$request_uri;
 }

roles/web-svc-redir-www/tasks/main.yml

@@ -17,7 +17,7 @@
 
 - name: Include DNS role to set redirects
   include_role:
-    name: net-dns-records
+    name: srv-web-7-7-dns-records
   vars:
     cloudflare_api_token:     "{{ certbot_dns_api_token }}"
     cloudflare_domains:       "{{ www_domains }}"

tasks/stages/02_desktop.yml

@@ -2,7 +2,7 @@
 - name: "setup docker role includes for desktop pc"
   include_tasks: "./tasks/groups/{{ item }}-roles.yml"
   loop:
-    - util-srv  # Services need to run before applications
+    - desk
     - util-desk
   loop_control:
     label: "{{ item }}-roles.yml"

tasks/stages/02_server.yml

@@ -13,6 +13,7 @@
 - name: "Include server roles"
   include_tasks: "./tasks/groups/{{ item }}-roles.yml"
   loop:
+    - util-srv
     - web-svc # Services need to run before applications
     - web-app
   loop_control: