diff --git a/roles/alert-compose/vars/main.yml b/roles/alert-compose/vars/main.yml deleted file mode 100644 index 435127f4..00000000 --- a/roles/alert-compose/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -application_id: compose diff --git a/roles/alert-telegram/vars/main.yml b/roles/alert-telegram/vars/main.yml index 20c4ecd0..50048eed 100644 --- a/roles/alert-telegram/vars/main.yml +++ b/roles/alert-telegram/vars/main.yml @@ -1,3 +1,2 @@ systemd_telegram_folder: /opt/ansible-roles/alert-telegram/ systemd_telegram_script: '{{systemd_telegram_folder}}alert-telegram.sh' -application_id: telegram diff --git a/roles/categories.yml b/roles/categories.yml index 78d64aa3..4414ec66 100644 --- a/roles/categories.yml +++ b/roles/categories.yml @@ -82,7 +82,7 @@ roles: title: "Alerting" description: "Notification handlers for system events" icon: "fas fa-bell" - invokable: true + invokable: false maint: title: "Maintenance & Healing" description: "Periodic maintenance & auto-recovery" diff --git a/roles/net-dns-records/vars/main.yml b/roles/net-dns-records/vars/main.yml deleted file mode 100644 index a6eeac26..00000000 --- a/roles/net-dns-records/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ -application_id: dns-records diff --git a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 b/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 index dbeb1a82..d7c75c68 100644 --- a/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 +++ b/roles/srv-proxy-7-4-core/templates/vhost/basic.conf.j2 @@ -13,7 +13,7 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% if applications | is_feature_enabled('oauth2', application_id) %} {% set acl = applications[application_id].oauth2_proxy.acl | default({}) %} diff --git a/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 b/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 index 7eda2829..93363f97 100644 --- a/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 +++ b/roles/srv-proxy-7-4-core/templates/vhost/ws_generic.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { server_name {{ domain }}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2' %} client_max_body_size {{ client_max_body_size | default('100m') }}; diff --git a/roles/srv-web-7-6-https/README.md b/roles/srv-web-7-6-https/README.md index 57d150b8..6b5ea0e7 100644 --- a/roles/srv-web-7-6-https/README.md +++ b/roles/srv-web-7-6-https/README.md @@ -17,7 +17,7 @@ When you apply **srv-web-7-6-https**, it will: 1. **Include** the `srv-web-7-4-core` role to install and configure Nginx. 2. **Clean up** any stale vHost files under `cln-domains`. -3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `net-letsencrypt`. +3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-web-7-7-letsencrypt`. 4. **Reload** Nginx automatically when any template changes. All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs. diff --git a/roles/srv-web-7-6-https/meta/main.yml b/roles/srv-web-7-6-https/meta/main.yml index e58a0904..ab1f924f 100644 --- a/roles/srv-web-7-6-https/meta/main.yml +++ b/roles/srv-web-7-6-https/meta/main.yml @@ -26,4 +26,4 @@ galaxy_info: dependencies: - srv-web-7-4-core - cln-domains - - net-letsencrypt \ No newline at end of file + - srv-web-7-7-letsencrypt \ No newline at end of file diff --git a/roles/net-dns-records/README.md b/roles/srv-web-7-7-dns-records/README.md similarity index 100% rename from roles/net-dns-records/README.md rename to roles/srv-web-7-7-dns-records/README.md diff --git a/roles/net-dns-records/meta/main.yml b/roles/srv-web-7-7-dns-records/meta/main.yml similarity index 100% rename from roles/net-dns-records/meta/main.yml rename to roles/srv-web-7-7-dns-records/meta/main.yml diff --git a/roles/net-dns-records/tasks/main.yml b/roles/srv-web-7-7-dns-records/tasks/main.yml similarity index 100% rename from roles/net-dns-records/tasks/main.yml rename to roles/srv-web-7-7-dns-records/tasks/main.yml diff --git a/roles/net-letsencrypt/README.md b/roles/srv-web-7-7-letsencrypt/README.md similarity index 100% rename from roles/net-letsencrypt/README.md rename to roles/srv-web-7-7-letsencrypt/README.md diff --git a/roles/net-letsencrypt/TODO.md b/roles/srv-web-7-7-letsencrypt/TODO.md similarity index 100% rename from roles/net-letsencrypt/TODO.md rename to roles/srv-web-7-7-letsencrypt/TODO.md diff --git a/roles/net-letsencrypt/meta/main.yml b/roles/srv-web-7-7-letsencrypt/meta/main.yml similarity index 100% rename from roles/net-letsencrypt/meta/main.yml rename to roles/srv-web-7-7-letsencrypt/meta/main.yml diff --git a/roles/net-letsencrypt/tasks/main.yml b/roles/srv-web-7-7-letsencrypt/tasks/main.yml similarity index 100% rename from roles/net-letsencrypt/tasks/main.yml rename to roles/srv-web-7-7-letsencrypt/tasks/main.yml diff --git a/roles/net-letsencrypt/tasks/set-caa-records.yml b/roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml similarity index 100% rename from roles/net-letsencrypt/tasks/set-caa-records.yml rename to roles/srv-web-7-7-letsencrypt/tasks/set-caa-records.yml diff --git a/roles/net-letsencrypt/templates/letsencrypt.conf.j2 b/roles/srv-web-7-7-letsencrypt/templates/letsencrypt.conf.j2 similarity index 100% rename from roles/net-letsencrypt/templates/letsencrypt.conf.j2 rename to roles/srv-web-7-7-letsencrypt/templates/letsencrypt.conf.j2 diff --git a/roles/net-letsencrypt/templates/ssl_credentials.j2 b/roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2 similarity index 100% rename from roles/net-letsencrypt/templates/ssl_credentials.j2 rename to roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2 diff --git a/roles/net-letsencrypt/templates/ssl_header.j2 b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 similarity index 87% rename from roles/net-letsencrypt/templates/ssl_header.j2 rename to roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 index 1e254e6f..b355f7fb 100644 --- a/roles/net-letsencrypt/templates/ssl_header.j2 +++ b/roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2 @@ -12,4 +12,4 @@ ssl_session_tickets on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; -{% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file +{% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file diff --git a/roles/net-letsencrypt/vars/main.yml b/roles/srv-web-7-7-letsencrypt/vars/main.yml similarity index 82% rename from roles/net-letsencrypt/vars/main.yml rename to roles/srv-web-7-7-letsencrypt/vars/main.yml index 4a8acec2..b68ea536 100644 --- a/roles/net-letsencrypt/vars/main.yml +++ b/roles/srv-web-7-7-letsencrypt/vars/main.yml @@ -2,4 +2,3 @@ caa_entries: - tag: issue value: letsencrypt.org base_sld_domains: '{{ current_play_domains_all | generate_base_sld_domains }}' -application_id: letsencrypt diff --git a/roles/svc-openldap/templates/nginx.stream.conf.j2 b/roles/svc-openldap/templates/nginx.stream.conf.j2 index 13a28f85..278e7d68 100644 --- a/roles/svc-openldap/templates/nginx.stream.conf.j2 +++ b/roles/svc-openldap/templates/nginx.stream.conf.j2 @@ -2,5 +2,5 @@ server { listen {{ports.public.ldaps.ldap}}ssl; proxy_pass 127.0.0.1:{{ports.localhost.ldap.openldap}}; - {% include 'roles/net-letsencrypt/templates/ssl_credentials.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2' %} } diff --git a/roles/web-app-collabora/templates/nginx.conf.j2 b/roles/web-app-collabora/templates/nginx.conf.j2 index 42c91e18..2532213d 100644 --- a/roles/web-app-collabora/templates/nginx.conf.j2 +++ b/roles/web-app-collabora/templates/nginx.conf.j2 @@ -1,7 +1,7 @@ server { server_name {{domain}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%} diff --git a/roles/web-app-gitea/tasks/main.yml b/roles/web-app-gitea/tasks/main.yml index e22605f0..f84972a7 100644 --- a/roles/web-app-gitea/tasks/main.yml +++ b/roles/web-app-gitea/tasks/main.yml @@ -57,7 +57,7 @@ - name: Include DNS role to register Gitea domain(s) include_role: - name: net-dns-records + name: srv-web-7-7-dns-records vars: cloudflare_api_token: "{{ certbot_dns_api_token }}" cloudflare_domains: "{{ [ domains | get_domain(application_id) ] }}" diff --git a/roles/web-app-matrix/templates/nginx.conf.j2 b/roles/web-app-matrix/templates/nginx.conf.j2 index 26bd8fe3..8eb24708 100644 --- a/roles/web-app-matrix/templates/nginx.conf.j2 +++ b/roles/web-app-matrix/templates/nginx.conf.j2 @@ -5,7 +5,7 @@ server { {% set http_port = ports.localhost.http.synapse %} server_name {{domains.matrix.synapse}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} # For the federation port listen 8448 ssl default_server; diff --git a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 index addda90e..f8272ef7 100644 --- a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 @@ -4,7 +4,7 @@ server { server_name {{domain}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%} # Remove X-Powered-By, which is an information leak diff --git a/roles/web-app-peertube/templates/peertube.conf.j2 b/roles/web-app-peertube/templates/peertube.conf.j2 index fa70fc3a..68c589c3 100644 --- a/roles/web-app-peertube/templates/peertube.conf.j2 +++ b/roles/web-app-peertube/templates/peertube.conf.j2 @@ -1,7 +1,7 @@ server { server_name {{domain}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%} diff --git a/roles/web-app-syncope/templates/proxy.conf b/roles/web-app-syncope/templates/proxy.conf index bc989882..751afa0b 100644 --- a/roles/web-app-syncope/templates/proxy.conf +++ b/roles/web-app-syncope/templates/proxy.conf @@ -13,7 +13,7 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% for path in syncope_paths.values() %} {% set location = web_protocol ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %} diff --git a/roles/web-svc-file/templates/nginx.conf.j2 b/roles/web-svc-file/templates/nginx.conf.j2 index 2adf4c50..58a0e9e7 100644 --- a/roles/web-svc-file/templates/nginx.conf.j2 +++ b/roles/web-svc-file/templates/nginx.conf.j2 @@ -2,7 +2,7 @@ server { server_name {{domains | get_domain(application_id)}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%} diff --git a/roles/web-svc-html/templates/nginx.conf.j2 b/roles/web-svc-html/templates/nginx.conf.j2 index aa631fb8..bebc2e9b 100644 --- a/roles/web-svc-html/templates/nginx.conf.j2 +++ b/roles/web-svc-html/templates/nginx.conf.j2 @@ -2,7 +2,7 @@ server { server_name {{domains | get_domain(application_id)}}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/srv-web-7-7-inj-compose/templates/global.includes.conf.j2'%} diff --git a/roles/web-svc-redir-domains/templates/redirect.domain.nginx.conf.j2 b/roles/web-svc-redir-domains/templates/redirect.domain.nginx.conf.j2 index 8ed2363c..c30f8240 100644 --- a/roles/web-svc-redir-domains/templates/redirect.domain.nginx.conf.j2 +++ b/roles/web-svc-redir-domains/templates/redirect.domain.nginx.conf.j2 @@ -1,6 +1,6 @@ server { server_name {{ domain }}; - {% include 'roles/net-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/srv-web-7-7-letsencrypt/templates/ssl_header.j2' %} return 301 https://{{ target }}$request_uri; } diff --git a/roles/web-svc-redir-www/tasks/main.yml b/roles/web-svc-redir-www/tasks/main.yml index 03c48f59..b8bb9100 100644 --- a/roles/web-svc-redir-www/tasks/main.yml +++ b/roles/web-svc-redir-www/tasks/main.yml @@ -17,7 +17,7 @@ - name: Include DNS role to set redirects include_role: - name: net-dns-records + name: srv-web-7-7-dns-records vars: cloudflare_api_token: "{{ certbot_dns_api_token }}" cloudflare_domains: "{{ www_domains }}" diff --git a/tasks/stages/02_desktop.yml b/tasks/stages/02_desktop.yml index b3f090b1..f337efce 100644 --- a/tasks/stages/02_desktop.yml +++ b/tasks/stages/02_desktop.yml @@ -2,7 +2,7 @@ - name: "setup docker role includes for desktop pc" include_tasks: "./tasks/groups/{{ item }}-roles.yml" loop: - - util-srv # Services need to run before applications + - desk - util-desk loop_control: label: "{{ item }}-roles.yml" diff --git a/tasks/stages/02_server.yml b/tasks/stages/02_server.yml index 68fac91e..3f8e7dae 100644 --- a/tasks/stages/02_server.yml +++ b/tasks/stages/02_server.yml @@ -13,6 +13,7 @@ - name: "Include server roles" include_tasks: "./tasks/groups/{{ item }}-roles.yml" loop: + - util-srv - web-svc # Services need to run before applications - web-app loop_control: