Refactored server roles for better readability

roles/categories.yml

@@ -111,16 +111,6 @@ roles:
       description: "Developer-centric server utilities and admin toolkits."
       icon: "fas fa-code"
       invokable: false
-  srv:
-    title: "Server"
-    description: "General server roles for provisioning and managing server infrastructure—covering web servers, proxy servers, network services, and other backend components."
-    icon: "fas fa-server"
-    invokable: false
-    proxy:
-      title: "Proxy Server"
-      description: "Proxy-server roles for virtual-host orchestration and reverse-proxy setups."
-      icon: "fas fa-project-diagram"
-      invokable: false
   web:
     title: "Web Infrastructure"
     description: "Roles for managing web infrastructure—covering static content services and deployable web applications."

roles/docker-compose/README.md

@@ -20,7 +20,7 @@ To offer a centralized, extensible system for managing containerized application
 - **Reset Logic:** Cleans previous Compose project files and data when `MODE_RESET` is enabled.
 - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers.
 - **Template-ready Service Files:** Predefined service base and health check templates.
-- **Integration Support:** Compatible with `srv-proxy-core` and other Infinito.Nexus service roles.
+- **Integration Support:** Compatible with `sys-svc-proxy` and other Infinito.Nexus service roles.
 
 ## Administration Tips
 

roles/srv-letsencrypt/tasks/main.yml

@@ -1,4 +0,0 @@
-- block:
-  - include_tasks: 01_core.yml
-  - include_tasks: utils/run_once.yml
-  when: run_once_srv_letsencrypt is not defined

roles/svc-db-openldap/templates/nginx.stream.conf.j2

@@ -2,5 +2,5 @@ server {
     listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl;
     proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }};
     
-    {% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}
+    {% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}
 }

roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml

@@ -3,7 +3,7 @@
     name: '{{ item }}'
   loop:
   - sys-svc-certbot
-  - srv-core
+  - sys-svc-webserver
   - sys-ctl-alm-compose
 
 - name: install certbot

roles/sys-front-inj-all/tasks/main.yml

@@ -41,9 +41,9 @@
   when: inj_enabled.logout
 
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
     include_role:
-      name: srv-core
-    when: run_once_srv_core is not defined
+      name: sys-svc-webserver
+    when: run_once_sys_svc_webserver is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_front_inj_all is not defined

roles/sys-front-inj-css/tasks/01_core.yml

@@ -1,7 +1,7 @@
-- name: Include dependency 'srv-core'
+- name: Include dependency 'sys-svc-webserver'
   include_role:
-    name: srv-core
-  when: run_once_srv_core is not defined
+    name: sys-svc-webserver
+  when: run_once_sys_svc_webserver is not defined
 
 - name: Generate color palette with colorscheme-generator
   set_fact:

roles/sys-front-inj-desktop/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
     include_role:
-      name: srv-core
-    when: run_once_srv_core is not defined
+      name: sys-svc-webserver
+    when: run_once_sys_svc_webserver is not defined
   - include_tasks: 01_deploy.yml
   - include_tasks: utils/run_once.yml
   when: run_once_sys_front_inj_desktop is not defined

roles/sys-front-inj-javascript/tasks/main.yml

@@ -1,9 +1,9 @@
 - block:
 
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
     include_role:
-      name: srv-core
-    when: run_once_srv_core is not defined
+      name: sys-svc-webserver
+    when: run_once_sys_svc_webserver is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_front_inj_javascript is not defined
 

roles/sys-front-inj-logout/tasks/01_core.yml

@@ -1,8 +1,8 @@
-- name: Include dependency 'srv-core'
+- name: Include dependency 'sys-svc-webserver'
   include_role:
-    name: srv-core
+    name: sys-svc-webserver
   when: 
-    - run_once_srv_core is not defined
+    - run_once_sys_svc_webserver is not defined
   
 - name: "deploy the logout.js"
   include_tasks: "02_deploy.yml"

roles/sys-front-inj-matomo/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
     include_role:
-      name: srv-core
-    when: run_once_srv_core is not defined
+      name: sys-svc-webserver
+    when: run_once_sys_svc_webserver is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_front_inj_matomo is not defined
 

roles/sys-stk-front-proxy/README.md

@@ -10,7 +10,7 @@ A higher-level orchestration wrapper, *sys-stk-front-proxy* ties together severa
 
 1. **`sys-front-inj-all`** – applies global tweaks and includes.  
 2. **`sys-svc-certs`** – obtains Let’s Encrypt certificates.  
-3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*.  
+3. **Domain template deployment** – copies a Jinja2 vHost from *sys-svc-proxy*.  
 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2.
 
 The result is a complete, reproducible domain rollout in a single playbook task.

roles/sys-stk-front-proxy/defaults/main.yml

@@ -2,4 +2,4 @@
 vhost_flavour:        "basic"               # valid: basic, ws_generic
 
 # build the full template path from the flavour
-vhost_template_src:   "roles/srv-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2"
+vhost_template_src:   "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"

roles/sys-stk-front-proxy/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-proxy-core'
+  - name: Include dependency 'sys-svc-proxy'
     include_role:
-      name: srv-proxy-core
-    when: run_once_srv_proxy_core is not defined
+      name: sys-svc-proxy
+    when: run_once_sys_svc_proxy is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_sys_stk_front_proxy is not defined
 
@@ -15,7 +15,7 @@
 
 - name: "include role for {{ domain }} to receive certificates and do the modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 
 - name: "Copy nginx config to {{ configuration_destination }}"
   template:

roles/sys-stk-front-proxy/vars/main.yml

@@ -1 +1 @@
-configuration_destination:  "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+configuration_destination:  "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"

roles/sys-stk-front-pure/README.md

@@ -7,7 +7,7 @@ The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in
 2. Pulls in Let’s Encrypt ACME challenge handling.
 3. Applies global cleanup of unused domain configs.
 
-This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
+This role is built on top of your existing `sys-svc-webserver` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.
 
 ---
 
@@ -15,9 +15,9 @@ This role is built on top of your existing `srv-core` role, and it automates the
 
 When you apply **sys-stk-front-pure**, it will:
 
-1. **Include** the `srv-core` role to install and configure Nginx.  
+1. **Include** the `sys-svc-webserver` role to install and configure Nginx.  
 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`.  
-3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-letsencrypt`.  
+3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`.  
 4. **Reload** Nginx automatically when any template changes.
 
 All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.
@@ -42,7 +42,7 @@ All tasks are idempotent—once your certificates are in place and your configur
 
 ## Requirements
 
-- A working `srv-core` setup.
+- A working `sys-svc-webserver` setup.
 - DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow.
 - Variables:
   - `LETSENCRYPT_WEBROOT_PATH`  

roles/sys-stk-front-pure/tasks/main.yml

@@ -3,8 +3,8 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-core
+    - sys-svc-webserver
     - sys-svc-cln-domains
-    - srv-letsencrypt
+    - sys-svc-letsencrypt
   - include_tasks: utils/run_once.yml
   when: run_once_sys_stk_front_pure is not defined

roles/sys-svc-cln-domains/tasks/main.yml

@@ -3,7 +3,7 @@
     include_role:
       name: '{{ item }}'
     loop:
-    - srv-core
+    - sys-svc-webserver
 
   - name: Include task to remove deprecated nginx configs
     include_tasks: remove_deprecated_nginx_configs.yml

roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml

@@ -15,6 +15,6 @@
 
 - name: Remove exact nginx config for {{ domain }}
   ansible.builtin.file:
-    path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    path: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
     state: absent
   notify: restart openresty

roles/sys-svc-letsencrypt/tasks/main.yml

@@ -1,5 +1,4 @@
----
 - block:
   - include_tasks: 01_core.yml
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_core is not defined
+  when: run_once_sys_svc_letsencrypt is not defined

roles/sys-svc-letsencrypt/templates/ssl_header.j2

@@ -12,4 +12,4 @@ ssl_session_tickets on;
 add_header Strict-Transport-Security max-age=15768000;
 ssl_stapling on;
 ssl_stapling_verify on;
-{% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %}
+{% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %}

roles/sys-svc-proxy/tasks/main.yml

@@ -4,6 +4,6 @@
       name: '{{ item }}'
     loop:
     - sys-stk-front-pure
-    - srv-core
+    - sys-svc-webserver
   - include_tasks: utils/run_once.yml
-  when: run_once_srv_proxy_core is not defined
+  when: run_once_sys_svc_proxy is not defined

roles/sys-svc-proxy/templates/location/README.md

@@ -1,6 +1,6 @@
 # Nginx Location Templates
 
-This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
+This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `sys-svc-proxy` role to modularize and standardize reverse proxy configuration across a wide variety of applications.
 
 ---
 

roles/sys-svc-proxy/templates/location/html.conf.j2

@@ -15,7 +15,7 @@ location {{location}}
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
 
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
 
   # WebSocket specific header
   proxy_http_version 1.1;

roles/sys-svc-proxy/templates/vhost/basic.conf.j2

@@ -1,7 +1,7 @@
 server
 {
   server_name {{ domain }};
-  {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %}
   
   {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
     {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
@@ -14,7 +14,7 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
     {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %}
@@ -23,38 +23,38 @@ server
       {# 1. Expose everything by default, then protect blacklisted paths #}
       {% set oauth2_proxy_enabled = false %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
       {% for loc in acl.blacklist %}
         {% set oauth2_proxy_enabled = true %}
         {% set location = loc %}
-        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+        {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
       {% endfor %}
 
     {% elif acl.whitelist is defined %}
       {# 2. Protect everything by default, then expose whitelisted paths #}
       {% set oauth2_proxy_enabled = true %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
       {% for loc in acl.whitelist %}
         {% set oauth2_proxy_enabled = false %}
         {% set location = loc %}
-        {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+        {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
       {% endfor %}
 
     {% else %}
       {# 3. OAuth2 enabled but no (or empty) ACL — protect all #}
       {% set oauth2_proxy_enabled = true %}
       {% set location = "/" %}
-      {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+      {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
     {% endif %}
 
   {% else %}
     {# 4. OAuth2 completely disabled — expose all #}
     {% set oauth2_proxy_enabled = false %}
     {% set location = "/" %}
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
   {% endif %}
 
 }

roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2

@@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2' %}
 
@@ -25,10 +25,10 @@ server {
 
   add_header Strict-Transport-Security "max-age=31536000";
 
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   {% if location_ws is defined %}
-    {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
   {% endif %}
 
   error_page 500 501 502 503 504 /500.html;

roles/sys-svc-webserver/meta/main.yml

@@ -18,4 +18,4 @@ galaxy_info:
     - performance
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-core"
+  documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver"

roles/sys-svc-webserver/tasks/01_core.yml

@@ -49,3 +49,5 @@
     - sys-ctl-hlth-csp
   vars:
     flush_handlers: false
+
+- include_tasks: utils/run_once.yml

roles/sys-svc-webserver/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- block:
+  - include_tasks: 01_core.yml
+  when: run_once_sys_svc_webserver is not defined

roles/sys-util-csp-cert/README.md

@@ -1,4 +1,4 @@
-# Role: srv-composer
+# Role: sys-util-csp-cert
 
 This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow:
 

roles/sys-util-csp-cert/meta/main.yml

@@ -27,4 +27,4 @@ galaxy_info:
     - orchestration
   repository: "https://s.infinito.nexus/code"
   issue_tracker_url: "https://s.infinito.nexus/issues"
-  documentation: "https://s.infinito.nexus/code/roles/srv-composer"
+  documentation: "https://s.infinito.nexus/code/roles/sys-util-csp-cert"

roles/sys-util-csp-cert/tasks/main.yml

@@ -1,4 +1,4 @@
-# run_once_srv_composer: deactivated
+# run_once_sys_util_csp_cert: deactivated
 
 - name: "include role sys-front-inj-all for '{{ domain }}'"
   include_role: 

roles/web-app-bigbluebutton/README.md

@@ -35,7 +35,7 @@ By default, BigBlueButton is deployed with best-practice hardening, modular secr
 ## System Requirements
 
 - Arch Linux with Docker, Compose, and Nginx roles pre-installed
-- DNS and reverse proxy configuration using `srv-proxy-core`
+- DNS and reverse proxy configuration using `sys-svc-proxy`
 - Functional email system for Greenlight SMTP
 
 ## Important Resources

roles/web-app-bigbluebutton/tasks/main.yml

@@ -3,7 +3,7 @@
   set_fact:
     proxy_extra_configuration: >-
       {{ lookup('ansible.builtin.template',
-                playbook_dir ~ '/roles/srv-proxy-core/templates/location/html.conf.j2') | trim }}
+                playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }}
   vars:
     location: '^~ /html5client'
     oauth2_proxy_enabled: false

roles/web-app-matrix/tasks/03_webserver.yml

@@ -18,7 +18,7 @@
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
   vars:
     domain:     "{{ MATRIX_SYNAPSE_DOMAIN }}"
     http_port:  "{{ MATRIX_SYNAPSE_PORT }}"

roles/web-app-matrix/templates/nginx.conf.j2

@@ -1,6 +1,6 @@
 server {
     server_name {{ domain }};
-    {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+    {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
     
     # For the federation port
     listen {{ MATRIX_FEDERATION_PORT }} ssl default_server;
@@ -8,7 +8,7 @@ server {
 
     {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
-    {% include 'roles/srv-proxy-core/templates/location/upload.conf.j2' %}
+    {% include 'roles/sys-svc-proxy/templates/location/upload.conf.j2' %}
 }

roles/web-app-nextcloud/tasks/main.yml

@@ -11,7 +11,7 @@
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 
 - name: create nextcloud proxy configuration file
   template: 

roles/web-app-nextcloud/templates/nginx/host.conf.j2

@@ -2,7 +2,7 @@ server
 {
   server_name {{ domain }};
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
@@ -17,7 +17,7 @@ server
   client_body_buffer_size 400M;
   fastcgi_buffers 64 4K;
 
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   location ^~ /.well-known {
     rewrite ^/\.well-known/host-meta\.json  /public.php?service=host-meta-json  last;

roles/web-app-peertube/tasks/create-domains.yml

@@ -1,9 +1,9 @@
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
 
 - name: configure {{ domain }}.conf
   template: 
     src:  "templates/peertube.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
-  notify: restart openresty
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
+  notify: restart openresty

roles/web-app-peertube/templates/peertube.conf.j2

@@ -1,18 +1,18 @@
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
   
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
   
   ##
   # Application
   ##
 
   {% set location = "@html" %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   location / {
     try_files /dev/null {{ location }};
@@ -45,7 +45,7 @@ server {
   ##
 
   {% set location_ws = "@websocket" %}
-  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
 
   location /socket.io {
     try_files /dev/null {{ location_ws }};

roles/web-app-syncope/tasks/main.yml

@@ -1,8 +1,4 @@
 ---
-- name: "include role for {{ application_id }} to receive certs & do modification routines"
-  include_role:
-    name: srv-composer
-
 - name: "load docker and db for {{ application_id }}"
   include_role: 
     name: sys-stk-back-stateful
@@ -10,7 +6,7 @@
 - name: configure {{ domain }}.conf
   template: 
     src:  "templates/proxy.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
   notify: restart openresty
 
 - name: "create {{ docker_compose.files.env }}"

roles/web-app-syncope/templates/proxy.conf

@@ -2,7 +2,7 @@ server
 {
   server_name {{ domain }};
   {# Include buffers for OIDC #}
-  {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %}
 
   {% if applications | get_app_conf(application_id, 'features.oauth2', False) %}
     {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%}
@@ -15,10 +15,10 @@ server
     {{ proxy_extra_configuration }}
   {% endif %}
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% for path in syncope_paths.values() %}
     {% set location =  WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %}
-    {% include 'roles/srv-proxy-core/templates/location/html.conf.j2'%}
+    {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2'%}
   {% endfor %}
 }

roles/web-opt-rdr-domains/tasks/redirect-domain.yml

@@ -5,5 +5,5 @@
 - name: "Deploying NGINX redirect configuration for '{{ domain }}'"
   template:
     src:  redirect.domain.nginx.conf.j2
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
   notify: restart openresty

roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2

@@ -1,6 +1,6 @@
 server {
   server_name {{ domain }};
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   return 301 https://{{ target }}$request_uri;
 }

roles/web-opt-rdr-www/tasks/main.yml

@@ -1,8 +1,8 @@
 - block:
-  - name: Include dependency 'srv-core'
+  - name: Include dependency 'sys-svc-webserver'
     include_role:
-      name: srv-core
-    when: run_once_srv_core is not defined
+      name: sys-svc-webserver
+    when: run_once_sys_svc_webserver is not defined
   - include_tasks: utils/run_once.yml
   when: run_once_web_opt_rdr_www is not defined
 

roles/web-svc-cdn/tasks/01_core.yml

@@ -7,7 +7,7 @@
   
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
   vars:
     http_port: "{{ ports.localhost.http[application_id] }}"
 

roles/web-svc-cdn/templates/nginx.conf.j2

@@ -2,11 +2,11 @@ server
 {
   server_name {{ domains | get_domain(application_id) }};
   
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
   
   charset utf-8;
   

roles/web-svc-collabora/tasks/01_core.yml

@@ -8,7 +8,7 @@
 - name: "generate {{ domain }}.conf"
   template:
     src: "nginx.conf.j2"
-    dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf"
+    dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}"
   notify: restart openresty
 
 - name: Update Collabora systemplate to include new fonts

roles/web-svc-collabora/templates/nginx.conf.j2

@@ -1,22 +1,22 @@
 server {
   server_name {{ domain }};
 
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
 
   {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #}
   {% set proxy_lua_enabled = false %}
   {% set location = "/" %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   {# Optional explicit fast path for discovery #}
   {% set location = "= " ~ container_healthcheck %}
-  {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
 
   {# WebSocket handling for Collabora #}
   {% set location_ws = '^~ /cool/' %}
   {% set ws_port = http_port %}
-  {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
 }

roles/web-svc-file/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
   vars:
     domain: "{{ domains | get_domain(application_id) }}"
     http_port: "{{ ports.localhost.http[application_id] }}"

roles/web-svc-file/templates/nginx.conf.j2

@@ -2,11 +2,11 @@ server
 {
   server_name {{ domains | get_domain(application_id) }};
   
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
   
   charset utf-8;
   

roles/web-svc-html/tasks/main.yml

@@ -10,7 +10,7 @@
 
 - name: "include role for {{ application_id }} to receive certs & do modification routines"
   include_role:
-    name: srv-composer
+    name: sys-util-csp-cert
   vars:
     domain: "{{ domains | get_domain(application_id) }}"
     http_port: "{{ ports.localhost.http[application_id] }}"

roles/web-svc-html/templates/nginx.conf.j2

@@ -2,11 +2,11 @@ server
 {
   server_name {{ domains | get_domain(application_id) }};
   
-  {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
 
   {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
 
-  {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %}
+  {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
   
   charset utf-8;