General optimations

2025-08-29 15:06:26 +02:00 · 2025-07-09 10:17:32 +02:00
parent a69b2c9cb2
commit af3767fdfa
72 changed files with 377 additions and 618 deletions
--- a/roles/README.md
+++ b/roles/README.md
@@ -18,7 +18,7 @@ For a complete list of role categories and detailed definitions, see:
  Generic helpers and language/tool installers (e.g. `gen-git`, `gen-locales`, `gen-timer`)

 - **desk-***  
-  Desktop environment and application roles (e.g. `desk-gnome`, `utils-desk-browser`, `desk-libreoffice`)
+  Desktop environment and application roles (e.g. `desk-gnome`, `desk-browser`, `desk-libreoffice`)

 ---

@@ -28,7 +28,7 @@ For a complete list of role categories and detailed definitions, see:
  Installs and configures the base Nginx server.

 - **srv-web-tls-***  
-  Manages TLS certificates and renewal (formerly “https”).
+  Manages TLS certificates and renewal (formerly “https”; e.g. `srv-web-tls-deploy`, `srv-web-tls-renew`).

 - **srv-web-proxy-***  
  Proxy and vhost orchestration roles (domain setup, OAuth2 proxy, etc.)
@@ -43,43 +43,43 @@ For a complete list of role categories and detailed definitions, see:
  Static‐content servers (assets, HTML, legal pages, file hosting).

 - **web-app-***  
-  Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon).
+  Application-specific Docker/Compose roles (e.g. GitLab, Nextcloud, Mastodon, Redis).

 ---

 ## Network

 - **net-***  
-  Network infrastructure (DNS records, WireGuard, Let’s Encrypt entrypoints).
+  Network infrastructure (DNS records, Let’s Encrypt HTTP entrypoints, WireGuard, etc.)

 - **svc-***  
-  Docker‐deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP).
+  Docker-deployed services that aren’t “apps” (RDBMS, LDAP, Redis, OpenLDAP).

 ---

 ## Monitoring & Alerting

 - **mon-bot-***  
-  “Bot”-style health checks with alerts via Telegram, email, etc.
+  “Bot”-style health checks (Btrfs, disk‐space, Docker, journalctl, CSP crawler, webserver) with alerts.

 - **monitor-core-***  
-  Low-level system monitors (journalctl, Docker containers, disk space).
+  Low-level system monitors (journalctl, Docker containers, disk space, etc.)

 - **alert-***  
-  Failure or status notification handlers (core, email, Telegram).
+  Notification handlers for failures (core, email, Telegram).

 ---

 ## Maintenance & Healing

 - **maint-***  
-  Periodic maintenance tasks (Btrfs balancing, swapfile management).
+  Periodic maintenance tasks (Btrfs balancing, swapfile management, etc.)

 - **maint-docker-***  
  Automated recovery and restarts for Docker Compose workloads.

 - **cln-***  
-  Housekeeping tasks (old backups, certs, log rotation).
+  Housekeeping tasks (old backups, expired certs, log rotation).

 ---

@@ -96,7 +96,7 @@ For a complete list of role categories and detailed definitions, see:
  Keeps OS and language packages up to date (`update-apt`, `update-docker`, `update-pip`, etc.)

 - **pkgmgr-***  
-  Language or platform package managers (npm, pip, AUR helper).
+  Language or platform package managers (npm, pip, AUR helper, etc.)

 ---

@@ -106,14 +106,15 @@ For a complete list of role categories and detailed definitions, see:
  Creates user accounts and SSH keys.

 - **user-administrator**, **user-root**  
-  Specialized account configurations for privileged users.
+  Specialized configurations for privileged users.

 ---

 > **Tip:** To find a role quickly, search for its prefix:  
 > `core-`, `gen-`, `desk-`, `srv-web-`, `web-svc-`, `web-app-`,  
-> `net-`, `svc-`, `monitor-`, `alert-`, `maint-`, `cln-`,  
-> `bkp-`, `update-`, `pkgmgr-`, `user-`.
+> `net-`, `svc-`, `mon-bot-`, `monitor-core-`, `alert-`,  
+> `maint-`, `maint-docker-`, `cln-`, `bkp-`, `update-`,  
+> `pkgmgr-`, `user-`.

 ---

--- a/roles/alert-email/meta/main.yml
+++ b/roles/alert-email/meta/main.yml
@@ -24,3 +24,4 @@ galaxy_info:
  documentation: "https://s.veen.world/cymais"
 dependencies:
  - gen-msmtp
+  - core-daemon
--- a/roles/alert-telegram/meta/main.yml
+++ b/roles/alert-telegram/meta/main.yml
@@ -22,4 +22,5 @@ galaxy_info:
  repository: "https://s.veen.world/cymais"
  issue_tracker_url: "https://s.veen.world/cymaisissues"
  documentation: "https://s.veen.world/cymais"
-dependencies: []
+dependencies:
+  - core-daemon
--- a/roles/bkp-docker-to-local/tasks/main.yml
+++ b/roles/bkp-docker-to-local/tasks/main.yml
@@ -2,57 +2,55 @@
  include_role:
    name: pkgmgr-install
  vars:
-    package_name: bkp-docker-to-local
-  when: run_once_backup_docker_to_local is not defined
+    package_name: "{{ bkp_docker_to_local_pkg }}"
+  when: run_once_bkp_docker_to_local is not defined

- name: Retrieve bkp-docker-to-local path from pkgmgr
-  command: pkgmgr path bkp-docker-to-local
+- name: "Retrieve {{ bkp_docker_to_local_pkg }} path from pkgmgr"
+  command: "pkgmgr path {{ bkp_docker_to_local_pkg }}"
  register: pkgmgr_output
  changed_when: false
-  when: run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined

 - name: Set fact for backup_docker_to_local_folder
  set_fact:
    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
  changed_when: false
-  when: run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined
+
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_bkp_docker_to_local is not defined

 - name: configure bkp-docker-to-local-everything.cymais.service
  template: 
    src: bkp-docker-to-local-everything.service.j2
    dest: /etc/systemd/system/bkp-docker-to-local-everything.cymais.service
  notify: reload bkp-docker-to-local-everything.cymais.service
-  when: run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined

 - name: configure bkp-docker-to-local.cymais.service
  template: 
    src: bkp-docker-to-local.service.j2
    dest: /etc/systemd/system/bkp-docker-to-local.cymais.service
  notify: reload bkp-docker-to-local.cymais.service
-  when: run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
-  when: run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined

 - name: "include role for gen-timer for {{service_name}}"
  include_role:
    name: gen-timer
  vars:
    on_calendar:  "{{on_calendar_backup_docker_to_local}}"
-  when: run_once_backup_docker_to_local is not defined
-
- name: "reset {{ backup_docker_to_local_folder }}databases.csv"
-  file:
-    path: "{{ backup_docker_to_local_folder }}databases.csv"
-    state: absent
-  when: mode_reset | bool and run_once_backup_docker_to_local is not defined
+  when: run_once_bkp_docker_to_local is not defined

 - name: "include seed-database-to-backup.yml"
  include_tasks: seed-database-to-backup.yml

 - name: run the backup_docker_to_local tasks once
  set_fact:
-    run_once_backup_docker_to_local: true
-  when: run_once_backup_docker_to_local is not defined
+    run_once_bkp_docker_to_local: true
+  when: run_once_bkp_docker_to_local is not defined
--- a/roles/bkp-docker-to-local/tasks/reset.yml
+++ b/roles/bkp-docker-to-local/tasks/reset.yml
@@ -0,0 +1,4 @@
+- name: "reset {{ backup_docker_to_local_folder }}databases.csv"
+  file:
+    path: "{{ backup_docker_to_local_folder }}databases.csv"
+    state: absent
--- a/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml
+++ b/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml
@@ -51,10 +51,10 @@
    database_name is defined and
    database_username is defined and
    database_password is defined) and
-    run_once_backup_docker_to_local_file_permission is not defined
+    run_once_bkp_docker_to_local_file_permission is not defined
  register: file_permission_result

 - name: run the backup_docker_to_local_file_permission tasks once
  set_fact:
-    run_once_backup_docker_to_local_file_permission: true
-  when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
+    run_once_bkp_docker_to_local_file_permission: true
+  when: run_once_bkp_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
--- a/roles/bkp-docker-to-local/vars/main.yml
+++ b/roles/bkp-docker-to-local/vars/main.yml
@@ -0,0 +1 @@
+bkp_docker_to_local_pkg: backup-docker-to-local
--- a/roles/bkp-remote-to-local/meta/main.yml
+++ b/roles/bkp-remote-to-local/meta/main.yml
@@ -31,3 +31,4 @@ dependencies:
  - cln-failed-docker-backups
  - maint-lock
  - user-root
+  - core-daemon
--- a/roles/bkp-remote-to-local/tasks/main.yml
+++ b/roles/bkp-remote-to-local/tasks/main.yml
@@ -22,7 +22,7 @@
    dest: "{{docker_backup_remote_to_local_folder}}backups-remote-to-local.sh"
    mode: 0755

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/cln-backups-service/meta/main.yml
+++ b/roles/cln-backups-service/meta/main.yml
@@ -25,3 +25,4 @@ dependencies:
  - gen-python-pip
  - alert-compose
  - maint-lock
+  - core-daemon
--- a/roles/cln-backups-timer/meta/main.yml
+++ b/roles/cln-backups-timer/meta/main.yml
@@ -23,3 +23,4 @@ galaxy_info:
  documentation: "https://s.veen.world/cymais"
 dependencies:
  - cln-backups-service
+  - core-daemon
--- a/roles/cln-certs/meta/main.yml
+++ b/roles/cln-certs/meta/main.yml
@@ -25,3 +25,4 @@ galaxy_info:

 dependencies:
  - alert-compose
+  - core-daemon
--- a/roles/cln-certs/tasks/main.yml
+++ b/roles/cln-certs/tasks/main.yml
@@ -12,7 +12,7 @@
  notify: Reload and restart cln-certs.cymais.service
  when: run_once_cleanup_certs is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_cleanup_certs is not defined
--- a/roles/cln-disc-space/meta/main.yml
+++ b/roles/cln-disc-space/meta/main.yml
@@ -24,3 +24,4 @@ galaxy_info:
 dependencies:
  - alert-compose
  - maint-lock
+  - core-daemon
--- a/roles/cln-disc-space/tasks/main.yml
+++ b/roles/cln-disc-space/tasks/main.yml
@@ -15,7 +15,7 @@
    dest: /etc/systemd/system/cln-disc-space.cymais.service
  notify: reload cln-disc-space.cymais.service

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/cln-docker-anonymous-volumes/meta/main.yml
+++ b/roles/cln-docker-anonymous-volumes/meta/main.yml
@@ -22,4 +22,6 @@ galaxy_info:
    - pkgmgr
  repository: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner"
  issue_tracker_url: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner/issues"
-  documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner#readme"
+  documentation: "https://github.com/kevinveenbirkenbach/web-app-volume-cleaner"
+  dependencies:
+    - core-daemon
--- a/roles/cln-domains/meta/main.yml
+++ b/roles/cln-domains/meta/main.yml
@@ -21,4 +21,5 @@ galaxy_info:
  issue_tracker_url: "https://s.veen.world/cymaisissues"
  documentation: "https://s.veen.world/cymais"
 dependencies:
-  - srv-web-core
+  - srv-web-core
+  - core-daemon
--- a/roles/cln-failed-docker-backups/meta/main.yml
+++ b/roles/cln-failed-docker-backups/meta/main.yml
@@ -25,3 +25,4 @@ dependencies:
  - alert-compose
  - maint-lock
  - bkp-directory-validator
+  - core-daemon
--- a/roles/cln-failed-docker-backups/tasks/main.yml
+++ b/roles/cln-failed-docker-backups/tasks/main.yml
@@ -2,41 +2,41 @@
  include_role:
    name: pkgmgr-install
  vars:
-    package_name: cln-failed-docker-backups 
-  when: run_once_cleanup_failed_docker_backups is not defined
+    package_name: "{{ cln_failed_docker_backups_pkg }}"
+  when: run_once_cln_failed_docker_backups is not defined

- name: Retrieve bkp-docker-to-local path from pkgmgr
-  command: pkgmgr path cln-failed-docker-backups
+- name: "Retrieve {{ cln_failed_docker_backups_pkg }} path from pkgmgr"
+  command: "pkgmgr path {{ cln_failed_docker_backups_pkg }}"
  register: pkgmgr_output
  changed_when: false
-  when: run_once_cleanup_failed_docker_backups is not defined
+  when: run_once_cln_failed_docker_backups is not defined

 - name: Set fact for backup_docker_to_local_cleanup_script
  set_fact:
    backup_docker_to_local_cleanup_script: "{{ pkgmgr_output.stdout.rstrip('/') ~ '/cln-all.sh' }}"
  changed_when: false
-  when: run_once_cleanup_failed_docker_backups is not defined
+  when: run_once_cln_failed_docker_backups is not defined

 - name: configure cln-failed-docker-backups.cymais.service
  template:
    src: cln-failed-docker-backups.service.j2
    dest: /etc/systemd/system/cln-failed-docker-backups.cymais.service
  notify: Reload cln-failed-docker-backups.cymais.service
-  when: run_once_cleanup_failed_docker_backups is not defined
+  when: run_once_cln_failed_docker_backups is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
-  when: run_once_cleanup_failed_docker_backups is not defined
+  when: run_once_cln_failed_docker_backups is not defined

 - name: "include role for gen-timer for {{service_name}}"
  include_role:
    name: gen-timer
  vars:
    on_calendar:  "{{on_calendar_cleanup_failed_docker}}"
-  when: run_once_cleanup_failed_docker_backups is not defined
+  when: run_once_cln_failed_docker_backups is not defined

 - name: run the cleanup_failed_docker_backups tasks once
  set_fact:
-    run_once_cleanup_failed_docker_backups: true
-  when: run_once_cleanup_failed_docker_backups is not defined
+    run_once_cln_failed_docker_backups: true
+  when: run_once_cln_failed_docker_backups is not defined
--- a/roles/cln-failed-docker-backups/vars/main.yml
+++ b/roles/cln-failed-docker-backups/vars/main.yml
@@ -0,0 +1 @@
+cln_failed_docker_backups_pkg: cleanup-failed-docker-backups
--- a/roles/core-daemon/README.md
+++ b/roles/core-daemon/README.md
@@ -0,0 +1,24 @@
+# Core Daemon Role
+
+This Ansible role handles resetting and cleaning up “CyMaIS” systemd service units for the core daemon.
+
+## Description
+
+When enabled via the `mode_reset` flag, this role will:
+
+1. Run its reset tasks exactly once per play (`run_once_core_daemon` guard).  
+2. Find all `/etc/systemd/system/*.cymais.service` units.  
+3. Stop and disable each unit.  
+4. Remove the unit files.  
+5. Reload the systemd daemon.
+
+## License
+
+This role is released under the CyMaIS NonCommercial License (CNCL).
+See [license details](https://s.veen.world/cncl)
+
+## Author Information
+
+Kevin Veen-Birkenbach
+Consulting & Coaching Solutions
+[https://www.veen.world](https://www.veen.world)
--- a/roles/core-daemon/meta/main.yml
+++ b/roles/core-daemon/meta/main.yml
@@ -0,0 +1,19 @@
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Role to reset and clean up CyMaIS systemd service units for the core daemon."
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  min_ansible_version: "2.9"
+  galaxy_tags:
+    - systemd
+    - cleanup
+    - cymais
+  repository: "https://github.com/kevinveenbirkenbach/cymais"
+  issue_tracker_url: "https://github.com/kevinveenbirkenbach/cymais/issues"
+  documentation: "https://github.com/kevinveenbirkenbach/cymais/#core-daemon-role"
+
+dependencies: []
--- a/roles/core-daemon/tasks/main.yml
+++ b/roles/core-daemon/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_core_daemon is not defined
+
+- name: run {{ role_name }} once
+  set_fact:
+    run_once_core_daemon: true
+  when: run_once_core_daemon is not defined
--- a/roles/core-daemon/tasks/reset.yml
+++ b/roles/core-daemon/tasks/reset.yml
@@ -0,0 +1,28 @@
+- name: Find all cymais.service units
+  find:
+    paths: /etc/systemd/system
+    patterns: '*.cymais.service'
+  register: cymais_services
+
+- name: Disable and stop each cymais service
+  become: true
+  systemd:
+    name: "{{ item.path | basename }}"
+    enabled: no
+    state: stopped
+  loop: "{{ cymais_services.files }}"
+  loop_control:
+    label: "{{ item.path | basename }}"
+
+- name: Remove all cymais.service files
+  become: true
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ cymais_services.files }}"
+  loop_control:
+    label: "{{ item.path | basename }}"
+
+- name: Reload systemd daemon
+  become: true
+  command: systemctl daemon-reload
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@@ -1,13 +1,4 @@
 ---
-# It is necessary to shut the projects down, when reset is activated. 
-# Otherwise it can lead to this bug:
-# https://github.com/ansible/ansible/issues/10244
-#- name: shut down docker compose project 
-#  command:
-#    cmd: docker-compose -p "{{ application_id }}" down
-#  listen: docker compose up
-#  when: mode_reset | bool
-
 - name: rebuild docker repository
  command:
    cmd:   docker compose build
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@@ -1,10 +1,8 @@
- name: "Load variables from {{ role_path }}/vars/docker-compose.yml for whole play"
-  include_vars: "{{ role_path }}/vars/docker-compose.yml"
+- name: "Load variables from {{ docker_compose_variable_file }} for whole play"
+  include_vars: "{{ docker_compose_variable_file }}"

- name: "Remove {{ docker_compose.directories.instance }} and all its contents"
-  file:
-    path: "{{ docker_compose.directories.instance }}"
-    state: absent
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
  when: mode_reset | bool

 # This could lead to problems in docker-compose directories which are based on a git repository
--- a/roles/docker-compose/tasks/reset.yml
+++ b/roles/docker-compose/tasks/reset.yml
@@ -0,0 +1,11 @@
+# It is necessary to shut the projects down, when reset is activated. 
+# Otherwise it can lead to this bug:
+# https://github.com/ansible/ansible/issues/10244
+- name: shut down docker compose project 
+  command:
+    cmd: "docker-compose -p {{ application_id }} down"
+
+- name: "Remove {{ docker_compose.directories.instance }} and all its contents"
+  file:
+    path: "{{ docker_compose.directories.instance }}"
+    state: absent
--- a/roles/docker-compose/vars/main.yml
+++ b/roles/docker-compose/vars/main.yml
@@ -0,0 +1 @@
+docker_compose_variable_file: "{{ role_path }}/vars/docker-compose.yml"
--- a/roles/drv-msi-keyboard-color/tasks/main.yml
+++ b/roles/drv-msi-keyboard-color/tasks/main.yml
@@ -21,7 +21,7 @@
  systemd:
    daemon_reload: yes

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/gen-timer/tasks/main.yml
+++ b/roles/gen-timer/tasks/main.yml
@@ -1,3 +1,7 @@
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_gen_timer is not defined
+
 - name: create {{service_name}}.cymais.timer
  template:
    src: dummy.timer.j2
@@ -10,4 +14,9 @@
    name: "{{service_name}}.cymais.timer"
    state: restarted
    enabled: yes
-  when: dummy_timer.changed or activate_all_timers | bool
+  when: dummy_timer.changed or activate_all_timers | bool
+
+- name: run {{ role_name }} once
+  set_fact:
+    run_once_gen_timer: true
+  when: run_once_gen_timer is not defined
--- a/roles/gen-timer/tasks/reset.yml
+++ b/roles/gen-timer/tasks/reset.yml
@@ -0,0 +1,26 @@
+- name: Find all cymais.timer units
+  find:
+    paths: /etc/systemd/system
+    patterns: '*.cymais.timer'
+  register: cymais_timers
+
+- name: Disable and stop each cymais timer
+  systemd:
+    name: "{{ item.path | basename }}"
+    enabled: no
+    state: stopped
+  loop: "{{ cymais_timers.files }}"
+  loop_control:
+    label: "{{ item.path | basename }}"
+
+- name: Remove all cymais.timer files
+  file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ cymais_timers.files }}"
+  loop_control:
+    label: "{{ item.path | basename }}"
+
+- name: Reload systemd daemon
+  command: systemctl daemon-reload
+  become: true
--- a/roles/maint-btrfs-auto-balancer/tasks/main.yml
+++ b/roles/maint-btrfs-auto-balancer/tasks/main.yml
@@ -12,7 +12,7 @@
  notify: reload maint-btrfs-auto-balancer.cymais.service
  when: run_once_system_btrfs_auto_balancer is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_system_btrfs_auto_balancer is not defined
--- a/roles/maint-docker-heal/tasks/main.yml
+++ b/roles/maint-docker-heal/tasks/main.yml
@@ -19,7 +19,7 @@
  notify: restart maint-docker-heal.cymais.service
  when: run_once_heal_docker is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_heal_docker is not defined
--- a/roles/maint-docker-restart/tasks/main.yml
+++ b/roles/maint-docker-restart/tasks/main.yml
@@ -16,7 +16,7 @@
      dest: /etc/systemd/system/maint-docker-restart.cymais.service
    notify: "reload maint-docker-restart.cymais.service"

-  - name: set service_name to the name of the current role
+  - name: "set 'service_name' to '{{ role_name }}'"
    set_fact:
      service_name: "{{ role_name }}"

--- a/roles/mon-bot-btrfs/tasks/main.yml
+++ b/roles/mon-bot-btrfs/tasks/main.yml
@@ -15,7 +15,7 @@
    dest: /etc/systemd/system/mon-bot-btrfs.cymais.service
  notify: reload mon-bot-btrfs.cymais.service

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/mon-bot-disc-space/tasks/main.yml
+++ b/roles/mon-bot-disc-space/tasks/main.yml
@@ -15,7 +15,7 @@
    dest: /etc/systemd/system/mon-bot-disc-space.cymais.service
  notify: reload mon-bot-disc-space.cymais.service

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/mon-bot-docker-container/tasks/main.yml
+++ b/roles/mon-bot-docker-container/tasks/main.yml
@@ -18,7 +18,7 @@
  notify: reload mon-bot-docker-container.cymais.service
  when: run_once_health_docker_container is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_health_docker_container is not defined
--- a/roles/mon-bot-docker-volumes/tasks/main.yml
+++ b/roles/mon-bot-docker-volumes/tasks/main.yml
@@ -18,7 +18,7 @@
  notify: reload mon-bot-docker-volumes.cymais.service
  when: run_once_health_docker_volumes is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_health_docker_volumes is not defined
--- a/roles/mon-bot-journalctl/tasks/main.yml
+++ b/roles/mon-bot-journalctl/tasks/main.yml
@@ -18,7 +18,7 @@
  notify: reload mon-bot-journalctl.cymais.service
  when: run_once_health_journalctl is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_health_journalctl is not defined
--- a/roles/mon-bot-msmtp/tasks/main.yml
+++ b/roles/mon-bot-msmtp/tasks/main.yml
@@ -16,7 +16,7 @@
    dest: /etc/systemd/system/mon-bot-msmtp.cymais.service
  notify: reload mon-bot-msmtp.cymais.service

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"

--- a/roles/mon-bot-webserver/tasks/main.yml
+++ b/roles/mon-bot-webserver/tasks/main.yml
@@ -24,7 +24,7 @@
  notify: reload mon-bot-webserver.cymais.service
  when: run_once_health_nginx is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_health_nginx is not defined
--- a/roles/srv-web-core/handlers/main.yml
+++ b/roles/srv-web-core/handlers/main.yml
@@ -1,3 +1,14 @@
 ---
+- name: Validate Nginx configuration
+  command: nginx -t
+  register: nginx_test
+  changed_when: false
+  failed_when: nginx_test.rc != 0
+  listen: restart nginx
+
 - name: restart nginx
-  service: name=nginx state=restarted enabled=yes
+  service: 
+    name: nginx 
+    state:  restarted 
+    enabled: yes
+  listen: restart nginx
--- a/roles/srv-web-core/tasks/main.yml
+++ b/roles/srv-web-core/tasks/main.yml
@@ -6,14 +6,12 @@
      - nginx-mod-stream
    state:  present
  notify: restart nginx
-  when: run_once_nginx is not defined
-
- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
-  file:
-    path: "{{ nginx.directories.configuration }}"
-    state: absent
-  when: mode_reset | bool and run_once_nginx is not defined
+  when: run_once_srv_web_core is not defined

+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_srv_web_core is not defined
+  
 - name: Ensure nginx configuration directories are present
  file:
    path: "{{ item }}"
@@ -28,7 +26,7 @@
      (nginx.directories.http.values() | list) +
      [ nginx.directories.streams ] 
    }}
-  when: run_once_nginx is not defined
+  when: run_once_srv_web_core is not defined

 - name: Ensure nginx data storage directories are present
  file:
@@ -40,7 +38,7 @@
    mode:  '0755'
  loop: >
    {{ nginx.directories.data.values() | list }}
-  when: run_once_nginx is not defined
+  when: run_once_srv_web_core is not defined

 - name: "Include tasks to create cache directories"
  include_tasks: cache_directories.yml
@@ -50,13 +48,13 @@
    src:  nginx.conf.j2 
    dest: /etc/nginx/nginx.conf
  notify: restart nginx
-  when: run_once_nginx is not defined
+  when: run_once_srv_web_core is not defined

 - name: flush nginx service
  meta: flush_handlers
-  when: run_once_nginx is not defined
+  when: run_once_srv_web_core is not defined

- name: run the nginx tasks once
+- name: run {{ role_name }} once
  set_fact:
-    run_once_nginx: true
-  when: run_once_nginx is not defined
+    run_once_srv_web_core: true
+  when: run_once_srv_web_core is not defined
--- a/roles/srv-web-core/tasks/reset.yml
+++ b/roles/srv-web-core/tasks/reset.yml
@@ -0,0 +1,4 @@
+- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
+  file:
+    path: "{{ nginx.directories.configuration }}"
+    state: absent
--- a/roles/srv-web-tls-renew/tasks/main.yml
+++ b/roles/srv-web-tls-renew/tasks/main.yml
@@ -12,7 +12,7 @@
  notify: reload certbot service
  when: run_once_nginx_certbot is not defined

- name: set service_name to the name of the current role
+- name: "set 'service_name' to '{{ role_name }}'"
  set_fact:
    service_name: "{{ role_name }}"
  when: run_once_nginx_certbot is not defined
--- a/roles/svc-openldap/templates/docker-compose.yml.j2
+++ b/roles/svc-openldap/templates/docker-compose.yml.j2
@@ -6,11 +6,11 @@
 {% include 'roles/docker-container/templates/base.yml.j2' %}
 {% if applications[application_id].network.public | bool or applications[application_id].network.local | bool %}
    ports:
-      - 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}}  # Expose just on localhost so that nginx stream proxy can use it
+      - 127.0.0.1:{{ports.localhost.ldap.ldap}}:{{ldap_docker_port}}
 {% endif %}
    volumes:
      - 'data:/bitnami/openldap'
-      - '{{ldif_host_path}}:{{ldif_docker_path}}:ro'                      # Mounting all ldif files for import
+      - '{{ldif_host_path}}:{{ldif_docker_path}}:ro'
    healthcheck:
      test: >
        bash -c '
--- a/roles/svc-openldap/vars/main.yml
+++ b/roles/svc-openldap/vars/main.yml
@@ -1,4 +1,4 @@
-application_id:     "ldap"
+application_id:     "openldap"

 # LDAP Variables
 ldaps_docker_port:  636
--- a/roles/web-app-discourse/tasks/main.yml
+++ b/roles/web-app-discourse/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: "reset (if enabled)"
+  include_tasks: reset.yml 
+  when: mode_reset | bool and run_once_docker_discourse is not defined

 # Necessary for building: https://chat.openai.com/share/99d258cc-294b-4924-8eef-02fe419bb838
 - name: install which
@@ -20,14 +23,6 @@
    http_port:   "{{ ports.localhost.http[application_id] }}"
  when: run_once_docker_discourse is not defined

- name: "cleanup central database from {{application_id}}_default network"
-  command:
-    cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}"
-  ignore_errors: true
-  when: 
-    - mode_reset | bool
-    - run_once_docker_discourse is not defined
-
 - name: add docker-compose.yml
  template: 
    src:  docker-compose.yml.j2 
@@ -64,16 +59,6 @@
  notify: recreate discourse
  when: run_once_docker_discourse is not defined

- name: "destroy container discourse_application"
-  command:
-    cmd: "./launcher destroy discourse_application"
-    chdir: "{{docker_repository_directory }}"
-  ignore_errors: true
-  notify: recreate discourse
-  when:
-    - mode_reset | bool
-    - run_once_docker_discourse is not defined
-
 - name: flush, to recreate discourse app
  meta: flush_handlers
  when: run_once_docker_discourse is not defined
--- a/roles/web-app-discourse/tasks/reset.yml
+++ b/roles/web-app-discourse/tasks/reset.yml
@@ -0,0 +1,14 @@
+- name: "Load database variables for reset function"
+  include_vars: "{{playbook_dir}}/roles/svc-rdbms-central/vars/main.yml"
+
+- name: "cleanup central database from {{application_id}}_default network"
+  command:
+    cmd: "docker network disconnect {{applications[application_id].network}} {{ database_host }}"
+  ignore_errors: true
+
+- name: "destroy container discourse_application"
+  command:
+    cmd: "./launcher destroy discourse_application"
+    chdir: "{{ docker_repository_directory }}"
+  ignore_errors: true
+  notify: recreate discourse
--- a/roles/web-app-portfolio/meta/main.yml
+++ b/roles/web-app-portfolio/meta/main.yml
@@ -25,4 +25,4 @@ galaxy_info:
  logo:
    class: "fa-solid fa-briefcase"
  run_after:
-  - web-app-simpleicons
+  - web-svc-simpleicons
--- a/roles/web-app-roulette-wheel/meta/main.yml
+++ b/roles/web-app-roulette-wheel/meta/main.yml
@@ -21,5 +21,7 @@ galaxy_info:
  documentation: "https://s.veen.world/cymais"
  logo:
    class: "fa-solid fa-dice"
+  run_after:
+    - web-app-matomo
 dependencies:
  - docker-compose
--- a/roles/web-app-sphinx/meta/main.yml
+++ b/roles/web-app-sphinx/meta/main.yml
@@ -26,4 +26,6 @@ galaxy_info:
  issue_tracker_url: "https://s.veen.world/cymaisissues"
  documentation: "https://s.veen.world/cymais"
  logo:
-    class: "fa-solid fa-book"
+    class: "fa-solid fa-book"
+  run_after: 
+    - web-app-matomo
--- a/roles/web-svc-html/meta/main.yml
+++ b/roles/web-svc-html/meta/main.yml
@@ -26,6 +26,8 @@ galaxy_info:
  repository: "https://s.veen.world/cymais"
  issue_tracker_url: "https://s.veen.world/cymaisissues"
  documentation: "https://s.veen.world/cymais"
+  run_after:
+    - web-app-matomo
 dependencies:
  - srv-web-https
  - gen-git
--- a/roles/web-svc-legal/README.md
+++ b/roles/web-svc-legal/README.md
@@ -1,6 +1 @@
-# Nginx Homepage Role
-
-This Ansible role configures an Nginx server to serve a static homepage. It handles domain configuration, SSL certificate retrieval with Let's Encrypt.
-
-## Author Information
-This role was created in 2023 by [Kevin Veen Birkenbach](https://www.veen.world/).
+NGinx Legal role
--- a/roles/web-svc-simpleicons/README.md
+++ b/roles/web-svc-simpleicons/README.md
--- a/roles/web-svc-simpleicons/config/main.yml
+++ b/roles/web-svc-simpleicons/config/main.yml
@@ -9,7 +9,7 @@ docker:
    database:
      enabled:      false   # Enable the database 
 features:
-  matomo:           true    # Enable Matomo Tracking
+  matomo:           false   # Matomo tracking isn't necessary
  css:              true    # Enable Global CSS Styling
  portfolio_iframe: true    # Enable loading of app in iframe
  ldap:             false   # Enable LDAP Network
--- a/roles/web-svc-simpleicons/meta/main.yml
+++ b/roles/web-svc-simpleicons/meta/main.yml
--- a/roles/web-svc-simpleicons/tasks/main.yml
+++ b/roles/web-svc-simpleicons/tasks/main.yml
--- a/roles/web-svc-simpleicons/templates/Dockerfile.j2
+++ b/roles/web-svc-simpleicons/templates/Dockerfile.j2
--- a/roles/web-svc-simpleicons/templates/docker-compose.yml.j2
+++ b/roles/web-svc-simpleicons/templates/docker-compose.yml.j2
--- a/roles/web-svc-simpleicons/templates/env.j2
+++ b/roles/web-svc-simpleicons/templates/env.j2
--- a/roles/web-svc-simpleicons/templates/package.json.j2
+++ b/roles/web-svc-simpleicons/templates/package.json.j2
--- a/roles/web-svc-simpleicons/templates/server.js.j2
+++ b/roles/web-svc-simpleicons/templates/server.js.j2
--- a/roles/web-svc-simpleicons/vars/main.yml
+++ b/roles/web-svc-simpleicons/vars/main.yml
				`@@ -0,0 +1 @@`
				`bkp_docker_to_local_pkg: backup-docker-to-local`
				`@@ -0,0 +1 @@`
				`cln_failed_docker_backups_pkg: cleanup-failed-docker-backups`
				`@@ -0,0 +1 @@`
				`docker_compose_variable_file: "{{ role_path }}/vars/docker-compose.yml"`