From b02d88adc02e68ec376e4291eeb0a0efe2a53a05 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 1 Sep 2025 18:08:35 +0200 Subject: [PATCH] Refactored server roles for better readability --- roles/categories.yml | 10 ---------- roles/docker-compose/README.md | 2 +- roles/srv-letsencrypt/tasks/main.yml | 4 ---- .../templates/nginx.stream.conf.j2 | 2 +- roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml | 2 +- roles/sys-front-inj-all/tasks/main.yml | 6 +++--- roles/sys-front-inj-css/tasks/01_core.yml | 6 +++--- roles/sys-front-inj-desktop/tasks/main.yml | 6 +++--- roles/sys-front-inj-javascript/tasks/main.yml | 6 +++--- roles/sys-front-inj-logout/tasks/01_core.yml | 6 +++--- roles/sys-front-inj-matomo/tasks/main.yml | 6 +++--- roles/sys-stk-front-proxy/README.md | 2 +- roles/sys-stk-front-proxy/defaults/main.yml | 2 +- roles/sys-stk-front-proxy/tasks/main.yml | 8 ++++---- roles/sys-stk-front-proxy/vars/main.yml | 2 +- roles/sys-stk-front-pure/README.md | 8 ++++---- roles/sys-stk-front-pure/tasks/main.yml | 4 ++-- roles/sys-svc-cln-domains/tasks/main.yml | 2 +- .../tasks/remove_deprecated_nginx_configs.yml | 2 +- .../README.md | 0 .../TODO.md | 0 .../meta/main.yml | 0 .../tasks/01_core.yml | 0 .../tasks/01_set-caa-records.yml | 0 .../tasks/main.yml | 3 +-- .../templates/letsencrypt.conf.j2 | 0 .../templates/ssl_credentials.j2 | 0 .../templates/ssl_header.j2 | 2 +- .../vars/main.yml | 0 .../{srv-proxy-core => sys-svc-proxy}/README.md | 0 roles/{srv-proxy-core => sys-svc-proxy}/TODO.md | 0 .../meta/main.yml | 0 .../tasks/main.yml | 4 ++-- .../templates/headers/buffers.conf.j2 | 0 .../headers/content_security_policy.conf.j2 | 0 .../templates/location/README.md | 2 +- .../templates/location/TODO.md | 0 .../templates/location/html.conf.j2 | 2 +- .../templates/location/media.conf.j2 | 0 .../templates/location/upload.conf.j2 | 0 .../templates/location/ws.conf.j2 | 0 .../templates/vhost/README.md | 0 .../templates/vhost/basic.conf.j2 | 16 ++++++++-------- .../templates/vhost/ws_generic.conf.j2 | 6 +++--- roles/{srv-core => sys-svc-webserver}/README.md | 0 roles/{srv-core => sys-svc-webserver}/TODO.md | 0 .../meta/main.yml | 2 +- .../tasks/01_core.yml | 2 ++ .../tasks/02_cleanup.yml | 0 .../tasks/03_reset.yml | 0 .../tasks/04_directories.yml | 0 roles/sys-svc-webserver/tasks/main.yml | 4 ++++ .../templates/nginx.conf.j2 | 0 .../README.md | 2 +- .../meta/main.yml | 2 +- .../tasks/main.yml | 2 +- roles/web-app-bigbluebutton/README.md | 2 +- roles/web-app-bigbluebutton/tasks/main.yml | 2 +- roles/web-app-matrix/tasks/03_webserver.yml | 2 +- roles/web-app-matrix/templates/nginx.conf.j2 | 6 +++--- roles/web-app-nextcloud/tasks/main.yml | 2 +- .../templates/nginx/host.conf.j2 | 4 ++-- roles/web-app-peertube/tasks/create-domains.yml | 6 +++--- .../web-app-peertube/templates/peertube.conf.j2 | 8 ++++---- roles/web-app-syncope/tasks/main.yml | 6 +----- roles/web-app-syncope/templates/proxy.conf | 6 +++--- .../tasks/redirect-domain.yml | 2 +- .../templates/redirect.domain.nginx.conf.j2 | 2 +- roles/web-opt-rdr-www/tasks/main.yml | 6 +++--- roles/web-svc-cdn/tasks/01_core.yml | 2 +- roles/web-svc-cdn/templates/nginx.conf.j2 | 4 ++-- roles/web-svc-collabora/tasks/01_core.yml | 2 +- roles/web-svc-collabora/templates/nginx.conf.j2 | 10 +++++----- roles/web-svc-file/tasks/main.yml | 2 +- roles/web-svc-file/templates/nginx.conf.j2 | 4 ++-- roles/web-svc-html/tasks/main.yml | 2 +- roles/web-svc-html/templates/nginx.conf.j2 | 4 ++-- 77 files changed, 103 insertions(+), 116 deletions(-) delete mode 100644 roles/srv-letsencrypt/tasks/main.yml rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/README.md (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/TODO.md (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/meta/main.yml (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/tasks/01_core.yml (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/tasks/01_set-caa-records.yml (100%) rename roles/{srv-core => sys-svc-letsencrypt}/tasks/main.yml (60%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/templates/letsencrypt.conf.j2 (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/templates/ssl_credentials.j2 (100%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/templates/ssl_header.j2 (88%) rename roles/{srv-letsencrypt => sys-svc-letsencrypt}/vars/main.yml (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/README.md (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/TODO.md (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/meta/main.yml (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/tasks/main.yml (69%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/headers/buffers.conf.j2 (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/headers/content_security_policy.conf.j2 (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/README.md (92%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/TODO.md (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/html.conf.j2 (93%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/media.conf.j2 (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/upload.conf.j2 (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/location/ws.conf.j2 (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/vhost/README.md (100%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/vhost/basic.conf.j2 (73%) rename roles/{srv-proxy-core => sys-svc-proxy}/templates/vhost/ws_generic.conf.j2 (78%) rename roles/{srv-core => sys-svc-webserver}/README.md (100%) rename roles/{srv-core => sys-svc-webserver}/TODO.md (100%) rename roles/{srv-core => sys-svc-webserver}/meta/main.yml (89%) rename roles/{srv-core => sys-svc-webserver}/tasks/01_core.yml (97%) rename roles/{srv-core => sys-svc-webserver}/tasks/02_cleanup.yml (100%) rename roles/{srv-core => sys-svc-webserver}/tasks/03_reset.yml (100%) rename roles/{srv-core => sys-svc-webserver}/tasks/04_directories.yml (100%) create mode 100644 roles/sys-svc-webserver/tasks/main.yml rename roles/{srv-core => sys-svc-webserver}/templates/nginx.conf.j2 (100%) rename roles/{srv-composer => sys-util-csp-cert}/README.md (97%) rename roles/{srv-composer => sys-util-csp-cert}/meta/main.yml (91%) rename roles/{srv-composer => sys-util-csp-cert}/tasks/main.yml (82%) diff --git a/roles/categories.yml b/roles/categories.yml index ce4c5ecf..c9376ffc 100644 --- a/roles/categories.yml +++ b/roles/categories.yml @@ -111,16 +111,6 @@ roles: description: "Developer-centric server utilities and admin toolkits." icon: "fas fa-code" invokable: false - srv: - title: "Server" - description: "General server roles for provisioning and managing server infrastructure—covering web servers, proxy servers, network services, and other backend components." - icon: "fas fa-server" - invokable: false - proxy: - title: "Proxy Server" - description: "Proxy-server roles for virtual-host orchestration and reverse-proxy setups." - icon: "fas fa-project-diagram" - invokable: false web: title: "Web Infrastructure" description: "Roles for managing web infrastructure—covering static content services and deployable web applications." diff --git a/roles/docker-compose/README.md b/roles/docker-compose/README.md index 47703808..4a6c5043 100644 --- a/roles/docker-compose/README.md +++ b/roles/docker-compose/README.md @@ -20,7 +20,7 @@ To offer a centralized, extensible system for managing containerized application - **Reset Logic:** Cleans previous Compose project files and data when `MODE_RESET` is enabled. - **Handlers for Runtime Control:** Automatically builds, sets up, or restarts containers based on handlers. - **Template-ready Service Files:** Predefined service base and health check templates. -- **Integration Support:** Compatible with `srv-proxy-core` and other Infinito.Nexus service roles. +- **Integration Support:** Compatible with `sys-svc-proxy` and other Infinito.Nexus service roles. ## Administration Tips diff --git a/roles/srv-letsencrypt/tasks/main.yml b/roles/srv-letsencrypt/tasks/main.yml deleted file mode 100644 index 10962ab0..00000000 --- a/roles/srv-letsencrypt/tasks/main.yml +++ /dev/null @@ -1,4 +0,0 @@ -- block: - - include_tasks: 01_core.yml - - include_tasks: utils/run_once.yml - when: run_once_srv_letsencrypt is not defined diff --git a/roles/svc-db-openldap/templates/nginx.stream.conf.j2 b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 index aeffe589..54702e24 100644 --- a/roles/svc-db-openldap/templates/nginx.stream.conf.j2 +++ b/roles/svc-db-openldap/templates/nginx.stream.conf.j2 @@ -2,5 +2,5 @@ server { listen {{ ports.public.ldaps['svc-db-openldap'] }}ssl; proxy_pass 127.0.0.1:{{ ports.localhost.ldap['svc-db-openldap'] }}; - {% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %} } diff --git a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml index 1e7cbab2..7e88eecb 100644 --- a/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml +++ b/roles/sys-ctl-mtn-cert-renew/tasks/01_core.yml @@ -3,7 +3,7 @@ name: '{{ item }}' loop: - sys-svc-certbot - - srv-core + - sys-svc-webserver - sys-ctl-alm-compose - name: install certbot diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index 72e2df03..4856acc4 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -41,9 +41,9 @@ when: inj_enabled.logout - block: - - name: Include dependency 'srv-core' + - name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_all is not defined \ No newline at end of file diff --git a/roles/sys-front-inj-css/tasks/01_core.yml b/roles/sys-front-inj-css/tasks/01_core.yml index 86a99efd..62083809 100644 --- a/roles/sys-front-inj-css/tasks/01_core.yml +++ b/roles/sys-front-inj-css/tasks/01_core.yml @@ -1,7 +1,7 @@ -- name: Include dependency 'srv-core' +- name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - name: Generate color palette with colorscheme-generator set_fact: diff --git a/roles/sys-front-inj-desktop/tasks/main.yml b/roles/sys-front-inj-desktop/tasks/main.yml index 30ee17c1..ce679fb0 100644 --- a/roles/sys-front-inj-desktop/tasks/main.yml +++ b/roles/sys-front-inj-desktop/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-core' + - name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - include_tasks: 01_deploy.yml - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_desktop is not defined diff --git a/roles/sys-front-inj-javascript/tasks/main.yml b/roles/sys-front-inj-javascript/tasks/main.yml index 63eca016..79901fa8 100644 --- a/roles/sys-front-inj-javascript/tasks/main.yml +++ b/roles/sys-front-inj-javascript/tasks/main.yml @@ -1,9 +1,9 @@ - block: - - name: Include dependency 'srv-core' + - name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_javascript is not defined diff --git a/roles/sys-front-inj-logout/tasks/01_core.yml b/roles/sys-front-inj-logout/tasks/01_core.yml index 6e1c8fd9..25e71680 100644 --- a/roles/sys-front-inj-logout/tasks/01_core.yml +++ b/roles/sys-front-inj-logout/tasks/01_core.yml @@ -1,8 +1,8 @@ -- name: Include dependency 'srv-core' +- name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core + name: sys-svc-webserver when: - - run_once_srv_core is not defined + - run_once_sys_svc_webserver is not defined - name: "deploy the logout.js" include_tasks: "02_deploy.yml" \ No newline at end of file diff --git a/roles/sys-front-inj-matomo/tasks/main.yml b/roles/sys-front-inj-matomo/tasks/main.yml index 0cce22f7..fb6edf0a 100644 --- a/roles/sys-front-inj-matomo/tasks/main.yml +++ b/roles/sys-front-inj-matomo/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-core' + - name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - include_tasks: utils/run_once.yml when: run_once_sys_front_inj_matomo is not defined diff --git a/roles/sys-stk-front-proxy/README.md b/roles/sys-stk-front-proxy/README.md index 5580c522..82386866 100644 --- a/roles/sys-stk-front-proxy/README.md +++ b/roles/sys-stk-front-proxy/README.md @@ -10,7 +10,7 @@ A higher-level orchestration wrapper, *sys-stk-front-proxy* ties together severa 1. **`sys-front-inj-all`** – applies global tweaks and includes. 2. **`sys-svc-certs`** – obtains Let’s Encrypt certificates. -3. **Domain template deployment** – copies a Jinja2 vHost from *srv-proxy-core*. +3. **Domain template deployment** – copies a Jinja2 vHost from *sys-svc-proxy*. 4. **`web-app-oauth2-proxy`** *(optional)* – protects the site with OAuth2. The result is a complete, reproducible domain rollout in a single playbook task. diff --git a/roles/sys-stk-front-proxy/defaults/main.yml b/roles/sys-stk-front-proxy/defaults/main.yml index a3595cfb..d3896db9 100644 --- a/roles/sys-stk-front-proxy/defaults/main.yml +++ b/roles/sys-stk-front-proxy/defaults/main.yml @@ -2,4 +2,4 @@ vhost_flavour: "basic" # valid: basic, ws_generic # build the full template path from the flavour -vhost_template_src: "roles/srv-proxy-core/templates/vhost/{{ vhost_flavour }}.conf.j2" \ No newline at end of file +vhost_template_src: "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2" \ No newline at end of file diff --git a/roles/sys-stk-front-proxy/tasks/main.yml b/roles/sys-stk-front-proxy/tasks/main.yml index 0c8aaf74..16503aa3 100644 --- a/roles/sys-stk-front-proxy/tasks/main.yml +++ b/roles/sys-stk-front-proxy/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-proxy-core' + - name: Include dependency 'sys-svc-proxy' include_role: - name: srv-proxy-core - when: run_once_srv_proxy_core is not defined + name: sys-svc-proxy + when: run_once_sys_svc_proxy is not defined - include_tasks: utils/run_once.yml when: run_once_sys_stk_front_proxy is not defined @@ -15,7 +15,7 @@ - name: "include role for {{ domain }} to receive certificates and do the modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert - name: "Copy nginx config to {{ configuration_destination }}" template: diff --git a/roles/sys-stk-front-proxy/vars/main.yml b/roles/sys-stk-front-proxy/vars/main.yml index 0f821587..2ba1e32e 100644 --- a/roles/sys-stk-front-proxy/vars/main.yml +++ b/roles/sys-stk-front-proxy/vars/main.yml @@ -1 +1 @@ -configuration_destination: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" \ No newline at end of file +configuration_destination: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" \ No newline at end of file diff --git a/roles/sys-stk-front-pure/README.md b/roles/sys-stk-front-pure/README.md index 7d8931f4..d02d8491 100644 --- a/roles/sys-stk-front-pure/README.md +++ b/roles/sys-stk-front-pure/README.md @@ -7,7 +7,7 @@ The **sys-stk-front-pure** role extends a basic Nginx installation by wiring in 2. Pulls in Let’s Encrypt ACME challenge handling. 3. Applies global cleanup of unused domain configs. -This role is built on top of your existing `srv-core` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. +This role is built on top of your existing `sys-svc-webserver` role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites. --- @@ -15,9 +15,9 @@ This role is built on top of your existing `srv-core` role, and it automates the When you apply **sys-stk-front-pure**, it will: -1. **Include** the `srv-core` role to install and configure Nginx. +1. **Include** the `sys-svc-webserver` role to install and configure Nginx. 2. **Clean up** any stale vHost files under `sys-svc-cln-domains`. -3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `srv-letsencrypt`. +3. **Deploy** the Let’s Encrypt challenge-and-redirect snippet from `sys-svc-letsencrypt`. 4. **Reload** Nginx automatically when any template changes. All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs. @@ -42,7 +42,7 @@ All tasks are idempotent—once your certificates are in place and your configur ## Requirements -- A working `srv-core` setup. +- A working `sys-svc-webserver` setup. - DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow. - Variables: - `LETSENCRYPT_WEBROOT_PATH` diff --git a/roles/sys-stk-front-pure/tasks/main.yml b/roles/sys-stk-front-pure/tasks/main.yml index 3d14c177..edcaeae1 100644 --- a/roles/sys-stk-front-pure/tasks/main.yml +++ b/roles/sys-stk-front-pure/tasks/main.yml @@ -3,8 +3,8 @@ include_role: name: '{{ item }}' loop: - - srv-core + - sys-svc-webserver - sys-svc-cln-domains - - srv-letsencrypt + - sys-svc-letsencrypt - include_tasks: utils/run_once.yml when: run_once_sys_stk_front_pure is not defined diff --git a/roles/sys-svc-cln-domains/tasks/main.yml b/roles/sys-svc-cln-domains/tasks/main.yml index b82ad570..ce84c21c 100644 --- a/roles/sys-svc-cln-domains/tasks/main.yml +++ b/roles/sys-svc-cln-domains/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: '{{ item }}' loop: - - srv-core + - sys-svc-webserver - name: Include task to remove deprecated nginx configs include_tasks: remove_deprecated_nginx_configs.yml diff --git a/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml b/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml index 3f0534df..f5374cac 100644 --- a/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml +++ b/roles/sys-svc-cln-domains/tasks/remove_deprecated_nginx_configs.yml @@ -15,6 +15,6 @@ - name: Remove exact nginx config for {{ domain }} ansible.builtin.file: - path: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" + path: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" state: absent notify: restart openresty \ No newline at end of file diff --git a/roles/srv-letsencrypt/README.md b/roles/sys-svc-letsencrypt/README.md similarity index 100% rename from roles/srv-letsencrypt/README.md rename to roles/sys-svc-letsencrypt/README.md diff --git a/roles/srv-letsencrypt/TODO.md b/roles/sys-svc-letsencrypt/TODO.md similarity index 100% rename from roles/srv-letsencrypt/TODO.md rename to roles/sys-svc-letsencrypt/TODO.md diff --git a/roles/srv-letsencrypt/meta/main.yml b/roles/sys-svc-letsencrypt/meta/main.yml similarity index 100% rename from roles/srv-letsencrypt/meta/main.yml rename to roles/sys-svc-letsencrypt/meta/main.yml diff --git a/roles/srv-letsencrypt/tasks/01_core.yml b/roles/sys-svc-letsencrypt/tasks/01_core.yml similarity index 100% rename from roles/srv-letsencrypt/tasks/01_core.yml rename to roles/sys-svc-letsencrypt/tasks/01_core.yml diff --git a/roles/srv-letsencrypt/tasks/01_set-caa-records.yml b/roles/sys-svc-letsencrypt/tasks/01_set-caa-records.yml similarity index 100% rename from roles/srv-letsencrypt/tasks/01_set-caa-records.yml rename to roles/sys-svc-letsencrypt/tasks/01_set-caa-records.yml diff --git a/roles/srv-core/tasks/main.yml b/roles/sys-svc-letsencrypt/tasks/main.yml similarity index 60% rename from roles/srv-core/tasks/main.yml rename to roles/sys-svc-letsencrypt/tasks/main.yml index fa92bd70..2dfb3f90 100644 --- a/roles/srv-core/tasks/main.yml +++ b/roles/sys-svc-letsencrypt/tasks/main.yml @@ -1,5 +1,4 @@ ---- - block: - include_tasks: 01_core.yml - include_tasks: utils/run_once.yml - when: run_once_srv_core is not defined + when: run_once_sys_svc_letsencrypt is not defined diff --git a/roles/srv-letsencrypt/templates/letsencrypt.conf.j2 b/roles/sys-svc-letsencrypt/templates/letsencrypt.conf.j2 similarity index 100% rename from roles/srv-letsencrypt/templates/letsencrypt.conf.j2 rename to roles/sys-svc-letsencrypt/templates/letsencrypt.conf.j2 diff --git a/roles/srv-letsencrypt/templates/ssl_credentials.j2 b/roles/sys-svc-letsencrypt/templates/ssl_credentials.j2 similarity index 100% rename from roles/srv-letsencrypt/templates/ssl_credentials.j2 rename to roles/sys-svc-letsencrypt/templates/ssl_credentials.j2 diff --git a/roles/srv-letsencrypt/templates/ssl_header.j2 b/roles/sys-svc-letsencrypt/templates/ssl_header.j2 similarity index 88% rename from roles/srv-letsencrypt/templates/ssl_header.j2 rename to roles/sys-svc-letsencrypt/templates/ssl_header.j2 index 3d7fceee..4505144f 100644 --- a/roles/srv-letsencrypt/templates/ssl_header.j2 +++ b/roles/sys-svc-letsencrypt/templates/ssl_header.j2 @@ -12,4 +12,4 @@ ssl_session_tickets on; add_header Strict-Transport-Security max-age=15768000; ssl_stapling on; ssl_stapling_verify on; -{% include 'roles/srv-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file +{% include 'roles/sys-svc-letsencrypt/templates/ssl_credentials.j2' %} \ No newline at end of file diff --git a/roles/srv-letsencrypt/vars/main.yml b/roles/sys-svc-letsencrypt/vars/main.yml similarity index 100% rename from roles/srv-letsencrypt/vars/main.yml rename to roles/sys-svc-letsencrypt/vars/main.yml diff --git a/roles/srv-proxy-core/README.md b/roles/sys-svc-proxy/README.md similarity index 100% rename from roles/srv-proxy-core/README.md rename to roles/sys-svc-proxy/README.md diff --git a/roles/srv-proxy-core/TODO.md b/roles/sys-svc-proxy/TODO.md similarity index 100% rename from roles/srv-proxy-core/TODO.md rename to roles/sys-svc-proxy/TODO.md diff --git a/roles/srv-proxy-core/meta/main.yml b/roles/sys-svc-proxy/meta/main.yml similarity index 100% rename from roles/srv-proxy-core/meta/main.yml rename to roles/sys-svc-proxy/meta/main.yml diff --git a/roles/srv-proxy-core/tasks/main.yml b/roles/sys-svc-proxy/tasks/main.yml similarity index 69% rename from roles/srv-proxy-core/tasks/main.yml rename to roles/sys-svc-proxy/tasks/main.yml index 4ad8eb7f..fb159641 100644 --- a/roles/srv-proxy-core/tasks/main.yml +++ b/roles/sys-svc-proxy/tasks/main.yml @@ -4,6 +4,6 @@ name: '{{ item }}' loop: - sys-stk-front-pure - - srv-core + - sys-svc-webserver - include_tasks: utils/run_once.yml - when: run_once_srv_proxy_core is not defined + when: run_once_sys_svc_proxy is not defined diff --git a/roles/srv-proxy-core/templates/headers/buffers.conf.j2 b/roles/sys-svc-proxy/templates/headers/buffers.conf.j2 similarity index 100% rename from roles/srv-proxy-core/templates/headers/buffers.conf.j2 rename to roles/sys-svc-proxy/templates/headers/buffers.conf.j2 diff --git a/roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2 b/roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2 similarity index 100% rename from roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2 rename to roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2 diff --git a/roles/srv-proxy-core/templates/location/README.md b/roles/sys-svc-proxy/templates/location/README.md similarity index 92% rename from roles/srv-proxy-core/templates/location/README.md rename to roles/sys-svc-proxy/templates/location/README.md index abdd622e..52e80031 100644 --- a/roles/srv-proxy-core/templates/location/README.md +++ b/roles/sys-svc-proxy/templates/location/README.md @@ -1,6 +1,6 @@ # Nginx Location Templates -This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `srv-proxy-core` role to modularize and standardize reverse proxy configuration across a wide variety of applications. +This directory contains Jinja2 templates for different Nginx `location` blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the `sys-svc-proxy` role to modularize and standardize reverse proxy configuration across a wide variety of applications. --- diff --git a/roles/srv-proxy-core/templates/location/TODO.md b/roles/sys-svc-proxy/templates/location/TODO.md similarity index 100% rename from roles/srv-proxy-core/templates/location/TODO.md rename to roles/sys-svc-proxy/templates/location/TODO.md diff --git a/roles/srv-proxy-core/templates/location/html.conf.j2 b/roles/sys-svc-proxy/templates/location/html.conf.j2 similarity index 93% rename from roles/srv-proxy-core/templates/location/html.conf.j2 rename to roles/sys-svc-proxy/templates/location/html.conf.j2 index 1b02f204..9c13c277 100644 --- a/roles/srv-proxy-core/templates/location/html.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/html.conf.j2 @@ -15,7 +15,7 @@ location {{location}} proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port {{ WEB_PORT }}; - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} # WebSocket specific header proxy_http_version 1.1; diff --git a/roles/srv-proxy-core/templates/location/media.conf.j2 b/roles/sys-svc-proxy/templates/location/media.conf.j2 similarity index 100% rename from roles/srv-proxy-core/templates/location/media.conf.j2 rename to roles/sys-svc-proxy/templates/location/media.conf.j2 diff --git a/roles/srv-proxy-core/templates/location/upload.conf.j2 b/roles/sys-svc-proxy/templates/location/upload.conf.j2 similarity index 100% rename from roles/srv-proxy-core/templates/location/upload.conf.j2 rename to roles/sys-svc-proxy/templates/location/upload.conf.j2 diff --git a/roles/srv-proxy-core/templates/location/ws.conf.j2 b/roles/sys-svc-proxy/templates/location/ws.conf.j2 similarity index 100% rename from roles/srv-proxy-core/templates/location/ws.conf.j2 rename to roles/sys-svc-proxy/templates/location/ws.conf.j2 diff --git a/roles/srv-proxy-core/templates/vhost/README.md b/roles/sys-svc-proxy/templates/vhost/README.md similarity index 100% rename from roles/srv-proxy-core/templates/vhost/README.md rename to roles/sys-svc-proxy/templates/vhost/README.md diff --git a/roles/srv-proxy-core/templates/vhost/basic.conf.j2 b/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 similarity index 73% rename from roles/srv-proxy-core/templates/vhost/basic.conf.j2 rename to roles/sys-svc-proxy/templates/vhost/basic.conf.j2 index 56372e97..57e00447 100644 --- a/roles/srv-proxy-core/templates/vhost/basic.conf.j2 +++ b/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 @@ -1,7 +1,7 @@ server { server_name {{ domain }}; - {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %} {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%} @@ -14,7 +14,7 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% set acl = applications | get_app_conf(application_id, 'oauth2_proxy.acl', False, {}) %} @@ -23,38 +23,38 @@ server {# 1. Expose everything by default, then protect blacklisted paths #} {% set oauth2_proxy_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% for loc in acl.blacklist %} {% set oauth2_proxy_enabled = true %} {% set location = loc %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% endfor %} {% elif acl.whitelist is defined %} {# 2. Protect everything by default, then expose whitelisted paths #} {% set oauth2_proxy_enabled = true %} {% set location = "/" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% for loc in acl.whitelist %} {% set oauth2_proxy_enabled = false %} {% set location = loc %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% endfor %} {% else %} {# 3. OAuth2 enabled but no (or empty) ACL — protect all #} {% set oauth2_proxy_enabled = true %} {% set location = "/" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% endif %} {% else %} {# 4. OAuth2 completely disabled — expose all #} {% set oauth2_proxy_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% endif %} } diff --git a/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 similarity index 78% rename from roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 rename to roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 index 82b5ba86..51819b13 100644 --- a/roles/srv-proxy-core/templates/vhost/ws_generic.conf.j2 +++ b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 @@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade { server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2' %} @@ -25,10 +25,10 @@ server { add_header Strict-Transport-Security "max-age=31536000"; - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {% if location_ws is defined %} - {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} {% endif %} error_page 500 501 502 503 504 /500.html; diff --git a/roles/srv-core/README.md b/roles/sys-svc-webserver/README.md similarity index 100% rename from roles/srv-core/README.md rename to roles/sys-svc-webserver/README.md diff --git a/roles/srv-core/TODO.md b/roles/sys-svc-webserver/TODO.md similarity index 100% rename from roles/srv-core/TODO.md rename to roles/sys-svc-webserver/TODO.md diff --git a/roles/srv-core/meta/main.yml b/roles/sys-svc-webserver/meta/main.yml similarity index 89% rename from roles/srv-core/meta/main.yml rename to roles/sys-svc-webserver/meta/main.yml index 911fe228..85fd6dbe 100644 --- a/roles/srv-core/meta/main.yml +++ b/roles/sys-svc-webserver/meta/main.yml @@ -18,4 +18,4 @@ galaxy_info: - performance repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/srv-core" \ No newline at end of file + documentation: "https://s.infinito.nexus/code/roles/sys-svc-webserver" \ No newline at end of file diff --git a/roles/srv-core/tasks/01_core.yml b/roles/sys-svc-webserver/tasks/01_core.yml similarity index 97% rename from roles/srv-core/tasks/01_core.yml rename to roles/sys-svc-webserver/tasks/01_core.yml index 21163d49..bd86b2b1 100644 --- a/roles/srv-core/tasks/01_core.yml +++ b/roles/sys-svc-webserver/tasks/01_core.yml @@ -49,3 +49,5 @@ - sys-ctl-hlth-csp vars: flush_handlers: false + +- include_tasks: utils/run_once.yml diff --git a/roles/srv-core/tasks/02_cleanup.yml b/roles/sys-svc-webserver/tasks/02_cleanup.yml similarity index 100% rename from roles/srv-core/tasks/02_cleanup.yml rename to roles/sys-svc-webserver/tasks/02_cleanup.yml diff --git a/roles/srv-core/tasks/03_reset.yml b/roles/sys-svc-webserver/tasks/03_reset.yml similarity index 100% rename from roles/srv-core/tasks/03_reset.yml rename to roles/sys-svc-webserver/tasks/03_reset.yml diff --git a/roles/srv-core/tasks/04_directories.yml b/roles/sys-svc-webserver/tasks/04_directories.yml similarity index 100% rename from roles/srv-core/tasks/04_directories.yml rename to roles/sys-svc-webserver/tasks/04_directories.yml diff --git a/roles/sys-svc-webserver/tasks/main.yml b/roles/sys-svc-webserver/tasks/main.yml new file mode 100644 index 00000000..0d5d9cc2 --- /dev/null +++ b/roles/sys-svc-webserver/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- block: + - include_tasks: 01_core.yml + when: run_once_sys_svc_webserver is not defined diff --git a/roles/srv-core/templates/nginx.conf.j2 b/roles/sys-svc-webserver/templates/nginx.conf.j2 similarity index 100% rename from roles/srv-core/templates/nginx.conf.j2 rename to roles/sys-svc-webserver/templates/nginx.conf.j2 diff --git a/roles/srv-composer/README.md b/roles/sys-util-csp-cert/README.md similarity index 97% rename from roles/srv-composer/README.md rename to roles/sys-util-csp-cert/README.md index 6cc85e03..4eaa38d0 100644 --- a/roles/srv-composer/README.md +++ b/roles/sys-util-csp-cert/README.md @@ -1,4 +1,4 @@ -# Role: srv-composer +# Role: sys-util-csp-cert This Ansible role composes and orchestrates all necessary HTTPS-layer tasks and HTML-content injections for your webserver domains. It integrates two key sub-roles into a unified workflow: diff --git a/roles/srv-composer/meta/main.yml b/roles/sys-util-csp-cert/meta/main.yml similarity index 91% rename from roles/srv-composer/meta/main.yml rename to roles/sys-util-csp-cert/meta/main.yml index 9f4cf09e..abe57311 100644 --- a/roles/srv-composer/meta/main.yml +++ b/roles/sys-util-csp-cert/meta/main.yml @@ -27,4 +27,4 @@ galaxy_info: - orchestration repository: "https://s.infinito.nexus/code" issue_tracker_url: "https://s.infinito.nexus/issues" - documentation: "https://s.infinito.nexus/code/roles/srv-composer" + documentation: "https://s.infinito.nexus/code/roles/sys-util-csp-cert" diff --git a/roles/srv-composer/tasks/main.yml b/roles/sys-util-csp-cert/tasks/main.yml similarity index 82% rename from roles/srv-composer/tasks/main.yml rename to roles/sys-util-csp-cert/tasks/main.yml index 9bd3e06f..bfcc10ac 100644 --- a/roles/srv-composer/tasks/main.yml +++ b/roles/sys-util-csp-cert/tasks/main.yml @@ -1,4 +1,4 @@ -# run_once_srv_composer: deactivated +# run_once_sys_util_csp_cert: deactivated - name: "include role sys-front-inj-all for '{{ domain }}'" include_role: diff --git a/roles/web-app-bigbluebutton/README.md b/roles/web-app-bigbluebutton/README.md index a4a34bfb..c6804ccd 100644 --- a/roles/web-app-bigbluebutton/README.md +++ b/roles/web-app-bigbluebutton/README.md @@ -35,7 +35,7 @@ By default, BigBlueButton is deployed with best-practice hardening, modular secr ## System Requirements - Arch Linux with Docker, Compose, and Nginx roles pre-installed -- DNS and reverse proxy configuration using `srv-proxy-core` +- DNS and reverse proxy configuration using `sys-svc-proxy` - Functional email system for Greenlight SMTP ## Important Resources diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 7e398517..6c4d934c 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -3,7 +3,7 @@ set_fact: proxy_extra_configuration: >- {{ lookup('ansible.builtin.template', - playbook_dir ~ '/roles/srv-proxy-core/templates/location/html.conf.j2') | trim }} + playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }} vars: location: '^~ /html5client' oauth2_proxy_enabled: false diff --git a/roles/web-app-matrix/tasks/03_webserver.yml b/roles/web-app-matrix/tasks/03_webserver.yml index a9afe0ef..07230f30 100644 --- a/roles/web-app-matrix/tasks/03_webserver.yml +++ b/roles/web-app-matrix/tasks/03_webserver.yml @@ -18,7 +18,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines for {{ MATRIX_SYNAPSE_DOMAIN }}" include_role: - name: srv-composer + name: sys-util-csp-cert vars: domain: "{{ MATRIX_SYNAPSE_DOMAIN }}" http_port: "{{ MATRIX_SYNAPSE_PORT }}" diff --git a/roles/web-app-matrix/templates/nginx.conf.j2 b/roles/web-app-matrix/templates/nginx.conf.j2 index b2665ee1..5c9c6d36 100644 --- a/roles/web-app-matrix/templates/nginx.conf.j2 +++ b/roles/web-app-matrix/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} # For the federation port listen {{ MATRIX_FEDERATION_PORT }} ssl default_server; @@ -8,7 +8,7 @@ server { {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} - {% include 'roles/srv-proxy-core/templates/location/upload.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/upload.conf.j2' %} } diff --git a/roles/web-app-nextcloud/tasks/main.yml b/roles/web-app-nextcloud/tasks/main.yml index f0950e44..ddf6811b 100644 --- a/roles/web-app-nextcloud/tasks/main.yml +++ b/roles/web-app-nextcloud/tasks/main.yml @@ -11,7 +11,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert - name: create nextcloud proxy configuration file template: diff --git a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 index 2326e6aa..663eb2a3 100644 --- a/roles/web-app-nextcloud/templates/nginx/host.conf.j2 +++ b/roles/web-app-nextcloud/templates/nginx/host.conf.j2 @@ -2,7 +2,7 @@ server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} @@ -17,7 +17,7 @@ server client_body_buffer_size 400M; fastcgi_buffers 64 4K; - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} location ^~ /.well-known { rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; diff --git a/roles/web-app-peertube/tasks/create-domains.yml b/roles/web-app-peertube/tasks/create-domains.yml index f31c39e7..816b00fc 100644 --- a/roles/web-app-peertube/tasks/create-domains.yml +++ b/roles/web-app-peertube/tasks/create-domains.yml @@ -1,9 +1,9 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert - name: configure {{ domain }}.conf template: src: "templates/peertube.conf.j2" - dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" - notify: restart openresty \ No newline at end of file + dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" + notify: restart openresty diff --git a/roles/web-app-peertube/templates/peertube.conf.j2 b/roles/web-app-peertube/templates/peertube.conf.j2 index 2875350a..bfda9d26 100644 --- a/roles/web-app-peertube/templates/peertube.conf.j2 +++ b/roles/web-app-peertube/templates/peertube.conf.j2 @@ -1,18 +1,18 @@ server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} ## # Application ## {% set location = "@html" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} location / { try_files /dev/null {{ location }}; @@ -45,7 +45,7 @@ server { ## {% set location_ws = "@websocket" %} - {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} location /socket.io { try_files /dev/null {{ location_ws }}; diff --git a/roles/web-app-syncope/tasks/main.yml b/roles/web-app-syncope/tasks/main.yml index c2e41f6d..8c731ff4 100644 --- a/roles/web-app-syncope/tasks/main.yml +++ b/roles/web-app-syncope/tasks/main.yml @@ -1,8 +1,4 @@ --- -- name: "include role for {{ application_id }} to receive certs & do modification routines" - include_role: - name: srv-composer - - name: "load docker and db for {{ application_id }}" include_role: name: sys-stk-back-stateful @@ -10,7 +6,7 @@ - name: configure {{ domain }}.conf template: src: "templates/proxy.conf.j2" - dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" + dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" notify: restart openresty - name: "create {{ docker_compose.files.env }}" diff --git a/roles/web-app-syncope/templates/proxy.conf b/roles/web-app-syncope/templates/proxy.conf index aecbd020..372e1c95 100644 --- a/roles/web-app-syncope/templates/proxy.conf +++ b/roles/web-app-syncope/templates/proxy.conf @@ -2,7 +2,7 @@ server { server_name {{ domain }}; {# Include buffers for OIDC #} - {% include 'roles/srv-proxy-core/templates/headers/buffers.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/buffers.conf.j2' %} {% if applications | get_app_conf(application_id, 'features.oauth2', False) %} {% include 'roles/web-app-oauth2-proxy/templates/endpoint.conf.j2'%} @@ -15,10 +15,10 @@ server {{ proxy_extra_configuration }} {% endif %} - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% for path in syncope_paths.values() %} {% set location = WEB_PROTOCOL ~ '://' ~ domains | get_domain(application_id) ~ '/' ~ path ~ '/' %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2'%} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2'%} {% endfor %} } \ No newline at end of file diff --git a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml index 8a3c70f1..5bccd8b4 100644 --- a/roles/web-opt-rdr-domains/tasks/redirect-domain.yml +++ b/roles/web-opt-rdr-domains/tasks/redirect-domain.yml @@ -5,5 +5,5 @@ - name: "Deploying NGINX redirect configuration for '{{ domain }}'" template: src: redirect.domain.nginx.conf.j2 - dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" + dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" notify: restart openresty \ No newline at end of file diff --git a/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 b/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 index 1c95bde1..3b358bba 100644 --- a/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 +++ b/roles/web-opt-rdr-domains/templates/redirect.domain.nginx.conf.j2 @@ -1,6 +1,6 @@ server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} return 301 https://{{ target }}$request_uri; } diff --git a/roles/web-opt-rdr-www/tasks/main.yml b/roles/web-opt-rdr-www/tasks/main.yml index ba043b9a..079f5481 100644 --- a/roles/web-opt-rdr-www/tasks/main.yml +++ b/roles/web-opt-rdr-www/tasks/main.yml @@ -1,8 +1,8 @@ - block: - - name: Include dependency 'srv-core' + - name: Include dependency 'sys-svc-webserver' include_role: - name: srv-core - when: run_once_srv_core is not defined + name: sys-svc-webserver + when: run_once_sys_svc_webserver is not defined - include_tasks: utils/run_once.yml when: run_once_web_opt_rdr_www is not defined diff --git a/roles/web-svc-cdn/tasks/01_core.yml b/roles/web-svc-cdn/tasks/01_core.yml index b1193aa5..84850b14 100644 --- a/roles/web-svc-cdn/tasks/01_core.yml +++ b/roles/web-svc-cdn/tasks/01_core.yml @@ -7,7 +7,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert vars: http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-cdn/templates/nginx.conf.j2 b/roles/web-svc-cdn/templates/nginx.conf.j2 index 0c6b597c..e5f0b89c 100644 --- a/roles/web-svc-cdn/templates/nginx.conf.j2 +++ b/roles/web-svc-cdn/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-collabora/tasks/01_core.yml b/roles/web-svc-collabora/tasks/01_core.yml index 4f0612d4..4fa614af 100644 --- a/roles/web-svc-collabora/tasks/01_core.yml +++ b/roles/web-svc-collabora/tasks/01_core.yml @@ -8,7 +8,7 @@ - name: "generate {{ domain }}.conf" template: src: "nginx.conf.j2" - dest: "{{ NGINX.DIRECTORIES.HTTP.SERVERS }}{{ domain }}.conf" + dest: "{{ [ NGINX.DIRECTORIES.HTTP.SERVERS, domain ~ '.conf'] | path_join }}" notify: restart openresty - name: Update Collabora systemplate to include new fonts diff --git a/roles/web-svc-collabora/templates/nginx.conf.j2 b/roles/web-svc-collabora/templates/nginx.conf.j2 index 05ca2498..019fb975 100644 --- a/roles/web-svc-collabora/templates/nginx.conf.j2 +++ b/roles/web-svc-collabora/templates/nginx.conf.j2 @@ -1,22 +1,22 @@ server { server_name {{ domain }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} {# Normal HTTP routes (discovery, browser, assets) – no Lua injection #} {% set proxy_lua_enabled = false %} {% set location = "/" %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {# Optional explicit fast path for discovery #} {% set location = "= " ~ container_healthcheck %} - {% include 'roles/srv-proxy-core/templates/location/html.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {# WebSocket handling for Collabora #} {% set location_ws = '^~ /cool/' %} {% set ws_port = http_port %} - {% include 'roles/srv-proxy-core/templates/location/ws.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} } diff --git a/roles/web-svc-file/tasks/main.yml b/roles/web-svc-file/tasks/main.yml index 095cdb44..a1f4701a 100644 --- a/roles/web-svc-file/tasks/main.yml +++ b/roles/web-svc-file/tasks/main.yml @@ -10,7 +10,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-file/templates/nginx.conf.j2 b/roles/web-svc-file/templates/nginx.conf.j2 index 54d83292..92e285f9 100644 --- a/roles/web-svc-file/templates/nginx.conf.j2 +++ b/roles/web-svc-file/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} charset utf-8; diff --git a/roles/web-svc-html/tasks/main.yml b/roles/web-svc-html/tasks/main.yml index b3e698a0..55bf5f84 100644 --- a/roles/web-svc-html/tasks/main.yml +++ b/roles/web-svc-html/tasks/main.yml @@ -10,7 +10,7 @@ - name: "include role for {{ application_id }} to receive certs & do modification routines" include_role: - name: srv-composer + name: sys-util-csp-cert vars: domain: "{{ domains | get_domain(application_id) }}" http_port: "{{ ports.localhost.http[application_id] }}" diff --git a/roles/web-svc-html/templates/nginx.conf.j2 b/roles/web-svc-html/templates/nginx.conf.j2 index 435493ae..69088fce 100644 --- a/roles/web-svc-html/templates/nginx.conf.j2 +++ b/roles/web-svc-html/templates/nginx.conf.j2 @@ -2,11 +2,11 @@ server { server_name {{ domains | get_domain(application_id) }}; - {% include 'roles/srv-letsencrypt/templates/ssl_header.j2' %} + {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% include 'roles/srv-proxy-core/templates/headers/content_security_policy.conf.j2' %} + {% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %} charset utf-8;